00001 <!doctype linuxdoc system>
00002 <article>
00003 <title>LDAP Directories
00004 <author>Setup directories
00005 <p><url url="index.html" name="Index">
00006 <p>
00007 Descriptions of the dialogs used for directory operation.
00008
00009 <sect>Directory select dialog
00010 <p>
00011 Here you must select a database to work on. You may also create a new one.
00012 </sect>
00013
00014 <sect>Directory config dialog
00015 <p>
00016 Here you must set the prefered configuration for the database. Some options must always be set, but many are not needed. Example on a minimal setup:
00017
00018 <itemize>
00019 <item>Type: ldbm
00020 <item>Base: dc=your,dc=domain
00021 <item>Root: cn=manager,dc=your,dc=domain
00022 <item>Pass: your secret
00023 <item>Directory: /var/ldap/your.domain
00024 </itemize>
00025
00026
00027 More to come, for refererence for now you have to read the LDAP server/directory guide, which is located here:
00028 <p>
00029 <url url="http://www.umich.edu/~dirsvcs/ldap/doc/guides/slapd/5.html#RTFToC20" name="SLAPD and SLURPD Administrator's Guide - Configuration file">
00030
00031 </sect>
00032
00033 <sect>Directory import LDIF dialog
00034 <p>
00035 This will import a LDIF formatted file to a new database. It will work from the Communicator addressbook export function. Usage:
00036 <p>
00037 <itemize>
00038 <item>First, select a name for your directory, like "contacts"
00039 <item>Open the addressbook you will export in Communicator.
00040 <item>From the filemenu, select Export, and select "ldif" format as filetype (in linux there is no choice).
00041 <item>Name it contacts.db.conf.ldif and export it.
00042 <item>Move it to the /tmp directory.
00043 <item>Now start ldapconf, and goto the directory select menu.
00044 <item>Select the Add button.
00045 <item>In the input box, call it "contacts".
00046 <item>Configure it:
00047 <item>Type: ldbm
00048 <item>Name: contacts.
00049 <item>Base: dc=contacts.
00050 <item>Root: cn=manager,dc=contacts.
00051 <item>Pass: some secret.
00052 <item>Directory: /var/ldap/contacts (This must be created manually!)
00053 <item>Remember to enable the database! (with checkbox)
00054 <item>Exit the dialog with the OK button.
00055 <item>Select Import
00056 <item>All filenames should be correct. The check buttons ON.
00057 <item>Import.
00058 <item>Restart the ldap server (from the controlpanel).
00059 <item>To test it, set a client to use "dc=contacts" as base.
00060 <item>Hopefully you may search on names, emails or *.
00061 </itemize>
00062 </sect>
00063
00064 <sect>Directory export LDIF dialog
00065 <p>
00066 This is for backup, or export to other systems, or for regenerating (export and import for cleanup and new indexes).
00067 <p>
00068 When selected the ldbmcat command will be run and produce a ldif formated file.
00069 <p>
00070 Use numbers if the file will be imported into openldap again.
00071 <p>
00072 Read more in "man ldbmcat".
00073
00074 </sect>
00075
00076 <sect>Directory migrate dialog
00077 <p>
00078 This does not work now. Do not use.
00079 </sect>
00080
00081 <sect>Userinfo (userconf co-manager)
00082 <p>It is now possible to save extra userinformation in LDAP from the normal linuxconf userconf dialog.
00083 <p>It is enabled by default, but you have to set up a directory and configure it first.
00084 <p>The userconf directory is currently hardcoded to use the "userinfo" directory, form and bind profile.
00085 <p>To configure it:
00086 <itemize>
00087 <item>Add the userinfo directory from the directory select dialog.
00088 <item>Configure it as default. Remember to enable it!
00089 <item>Init the directory with the "Create" command from the directory menu.
00090 <item>Restart server.
00091 <item>Now setup the "userinfo" form in the directory form config dialog.
00092 <item>And set up the correct binding from the bind profile confiurator.
00093 <item>Now it works like this:
00094 <item>When managing a local user in the usercong dialog, you have a extra tab called "LDAP".
00095 <item>In this tab all the fields defined in the form editor will show up.
00096 <item>Enter the information you want.
00097 <item>When you accept the user settings, the extra information will be saved in the ldap directory.
00098 <item>To test it, config a client for use agaist this directory, and search for a name (or *).
00099 <item>Current limitations:
00100 <item>No support for userpassword, users may not update their own info (yet).
00101 <item>No support for existing users. LDAP will only be used for new users. This will be fixed.
00102 <item>No access control. All info in this directory is available to read for anyone.
00103 </itemize>
00104 </sect>
00105
00106 <sect>ACL settings
00107 <p>
00108 Some examples on common ACL (access control settings) for directories.
00109 <p>
00110 Currently ACL settings must be entered manually into the directory config files.
00111 <p>
00112 <itemize>
00113 <item>Protecting user passwords.Should always be used if password is stored in LDAP (the default is read access to all!).
00114 <verb>
00115 access to attr="userpassword"
00116 by self write
00117 by * compare
00118 </verb>
00119 <item>Give the user access to update own data.
00120 <verb>
00121 access to * by self write
00122 </verb>
00123 <item>
00124 </itemize>
00125 </sect>
00126
00127 </article>
00128
00129
00130
00131
00132
00133
00134
00135
