diff options
-rw-r--r-- | ldap1.adoci | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/ldap1.adoci b/ldap1.adoci index 491f434..733577f 100644 --- a/ldap1.adoci +++ b/ldap1.adoci @@ -102,6 +102,9 @@ stated here: http://www.zytrax.com/books/ldap/ape/ +The issue is actually the same with 'organisationalUnit' and +'organisationalPerson'. + At this point, our LDIF file looks something like: dn: o=University of Kent,c=gb @@ -148,3 +151,62 @@ By using the command line below, our DIT is successfully created (the option have already been created) $ ldapadd -w secret -D 'cn=Manager,c=gb' -f file.ldif -c + +=== Problem 5: Modifying an entry to add other classes === + +To add new attributes (uid, password and role), to our freshly created user +without deleting it, we need to modify its entry. Since 'ldapadd' does not +permit to override an entry, we have to find another way. + +==== Resolution ==== + +We start by having a look inside the schema files to figure out what classes +and attributes we need to store our new informations. + +Here is a list of what we need: + +- an 'uidObject' class which requires a 'uid' attribute +- a 'permisRole' attribute which we can be set to our desired value +- a 'userPassword' attribute which will store a password in a non-plaintext format + +Then, by reading the manpage 'ldif (5)', we learn about the syntax of a LDIF file to +modify an entry. In our case, we create another '.ldif' to handle our +modification and add this content inside: + + dn: cn=Olivier Gayot,ou=MSc ISB,o=University of Kent,c=gb + changetype: modify + add: objectClass + objectClass: uidObject + - + add: uid + uid: 80101 + - + add: permisRole + permisRole: student + - + add: userPassword + userPassword: fooBar + +By running 'ldapmodify' the same way we used 'ldapadd', our entry is +successfully modified. + +After reading the manpage 'ldapsearch (1)', we can check our result by issuing +the command below and reading its output (only the interesting excerpt of the +output is shown below). + + $ ldapsearch -H ldap://csvm2C4E.kent.ac.uk -x -b 'c=gb' '(cn=Olivier Gayot)' + + > # Olivier Gayot, MSc ISB, University of Kent, gb + > dn: cn=Olivier Gayot,ou=MSc ISB,o=toto of Kent,c=gb + > objectClass: organizationalPerson + > objectClass: pkiUser + > objectClass: pmiUser + > objectClass: uidObject + > sn: gayot + > cn: Olivier Gayot + > uid: 80101 + > permisRole: student + > userPassword:: Zm9vQmFy + +That's it! By the way, we can note that our password 'foobar' is stored as +'Zm9vQmFy' (its NT-OWF hashed format). |