summaryrefslogtreecommitdiff
path: root/ldap1.adoci
diff options
context:
space:
mode:
authorOlivier Gayot <duskcoder@gmail.com>2015-01-15 23:41:39 +0100
committerOlivier Gayot <duskcoder@gmail.com>2015-01-16 00:21:03 +0100
commitcb914938b514edcb5a4b29befcf5a925ec61b286 (patch)
treeddcc17dd39b193c80bb6de3df49f4feec4280f4c /ldap1.adoci
parent5ebd84079232016e74203bd2d22545206713e7f3 (diff)
added some content in the first LDAP practical
Signed-off-by: Olivier Gayot <duskcoder@gmail.com>
Diffstat (limited to 'ldap1.adoci')
-rw-r--r--ldap1.adoci62
1 files changed, 62 insertions, 0 deletions
diff --git a/ldap1.adoci b/ldap1.adoci
index 491f434..733577f 100644
--- a/ldap1.adoci
+++ b/ldap1.adoci
@@ -102,6 +102,9 @@ stated here:
http://www.zytrax.com/books/ldap/ape/
+The issue is actually the same with 'organisationalUnit' and
+'organisationalPerson'.
+
At this point, our LDIF file looks something like:
dn: o=University of Kent,c=gb
@@ -148,3 +151,62 @@ By using the command line below, our DIT is successfully created (the option
have already been created)
$ ldapadd -w secret -D 'cn=Manager,c=gb' -f file.ldif -c
+
+=== Problem 5: Modifying an entry to add other classes ===
+
+To add new attributes (uid, password and role), to our freshly created user
+without deleting it, we need to modify its entry. Since 'ldapadd' does not
+permit to override an entry, we have to find another way.
+
+==== Resolution ====
+
+We start by having a look inside the schema files to figure out what classes
+and attributes we need to store our new informations.
+
+Here is a list of what we need:
+
+- an 'uidObject' class which requires a 'uid' attribute
+- a 'permisRole' attribute which we can be set to our desired value
+- a 'userPassword' attribute which will store a password in a non-plaintext format
+
+Then, by reading the manpage 'ldif (5)', we learn about the syntax of a LDIF file to
+modify an entry. In our case, we create another '.ldif' to handle our
+modification and add this content inside:
+
+ dn: cn=Olivier Gayot,ou=MSc ISB,o=University of Kent,c=gb
+ changetype: modify
+ add: objectClass
+ objectClass: uidObject
+ -
+ add: uid
+ uid: 80101
+ -
+ add: permisRole
+ permisRole: student
+ -
+ add: userPassword
+ userPassword: fooBar
+
+By running 'ldapmodify' the same way we used 'ldapadd', our entry is
+successfully modified.
+
+After reading the manpage 'ldapsearch (1)', we can check our result by issuing
+the command below and reading its output (only the interesting excerpt of the
+output is shown below).
+
+ $ ldapsearch -H ldap://csvm2C4E.kent.ac.uk -x -b 'c=gb' '(cn=Olivier Gayot)'
+
+ > # Olivier Gayot, MSc ISB, University of Kent, gb
+ > dn: cn=Olivier Gayot,ou=MSc ISB,o=toto of Kent,c=gb
+ > objectClass: organizationalPerson
+ > objectClass: pkiUser
+ > objectClass: pmiUser
+ > objectClass: uidObject
+ > sn: gayot
+ > cn: Olivier Gayot
+ > uid: 80101
+ > permisRole: student
+ > userPassword:: Zm9vQmFy
+
+That's it! By the way, we can note that our password 'foobar' is stored as
+'Zm9vQmFy' (its NT-OWF hashed format).