Configure OpenLDAP with SAN File System

This topic lists the steps required to configure OpenLDAP to be used with SAN File System.

Prerequisites

Complete Install OpenLDAP packages, Configure the OpenLDAP client, and Configure the OpenLDAP server before starting this procedure.

Context

This procedure uses an example with a base suffix of "o=yourOrg" and root DN of "cn=Manager,o=yourOrg".

Steps

  1. Enter the stdin input mode of the ldapadd command:
    # ldapadd -x -W -h localhost -D “cn=Manager,o=yourOrg”
    Enter LDAP Password:       (<----- INPUT PASSWORD HERE )
  2. Enter your root DN password as prompted. This is the password that you entered at step 3 of "Configuring OpenLDAP server". If you entered your password correctly, you do not see a prompt. This indicates that the ldapadd command is waiting for you to type input at the keyboard.
  3. Add the entry for the base suffix while in this mode:
    # ldapadd -x -W -h localhost -D “cn=Manager,o=yourOrg”
    Enter LDAP Password: (<----- INPUT PASSWORD HERE )
    dn: o=yourOrg
    objectClass: organization
    o: yourOrg (<=== 2ND ENTER)
    adding new entry “o=yourOrg” (<----- PRESSED Ctrl+D)
    #
  4. When the base suffix has been entered, press Enter a second time to indicate the end of the entry.
  5. Press Ctrl+D to exit from the input mode.
  6. Use the ldapsearch command to verify that the entry was added to the LDAP database:
    # ldapsearch -x -h localhost -x -b o=yourOrg ‘
    (objectclass=organization)’
  7. Import your LDAP configuration using the ldapadd command:
    # sed “s/Example/yourOrg/” sfsExample.ldif > sfsbase.ldif
    Note: After you have changed the organization, you have to modify the userPassword field for each user as required in the sfsbase.ldif file.
  8. Import your entries in the file with the ldapadd command:
    # ldapadd -x -W -h localhost -D “cn=Manager,o=yourOrg”
    -f sfsbase.ldif
    Enter LDAP Password:
    adding new entry “cn=Manager,o=yourOrg”
    adding new entry “ou=Users,o=yourOrg”
    adding new entry “cn=yourOrgAdmin Administrator,ou=Users,
    o=yourOrg”
    adding new entry “cn=yourOrgMon Monitor,ou=Users,o=yourOrg”
    adding new entry “cn=yourOrgBack Backup,ou=Users,o=yourOrg”
    adding new entry “cn=yourOrgOper Operator,ou=Users,
    o=yourOrg”
    adding new entry “ou=Roles,o=yourOrg”
    adding new entry “cn=Administrator,ou=Roles,o=yourOrg”
    adding new entry “cn=Monitor,ou=Roles,o=yourOrg”
    adding new entry “cn=Backup,ou=Roles,o=yourOrg”
    adding new entry “cn=Operator,ou=Roles,o=yourOrg”
  9. Enter your root DN password when prompted, which is the same as you entered in step 3 in "Configuring OpenLDAP server".
    Note: Adding an entry twice fails at that point, and any subsequent entries are not processed. If some entries are correct and others failed, only attempt to add the objects that failed.
  10. Use the ldapsearch command again to verify the objects. Refer to the example in step 6.
  11. The LDAP directory (ldbm) files reside in the directory /var/lib/ldap/ by default. Verify that they exist by entering the following command:
    # ls -lt /var/lib/ldap/
    The output appears similar to the following example:
    total 56
    -rw------- 1 ldap ldap 8192 Sep 21 16:41 cn.dbb
    -rw------- 1 ldap ldap 8192 Sep 21 16:41 dn2id.dbb
    -rw------- 1 ldap ldap 8192 Sep 21 16:41 id2entry.dbb
    -rw------- 1 ldap ldap 8192 Sep 21 16:41 nextid.dbb
    -rw------- 1 ldap ldap 8192 Sep 21 16:41 objectClass.dbb
    -rw------- 1 ldap ldap 8192 Sep 21 16:41 sn.dbb
    -rw------- 1 ldap ldap 8192 Sep 21 16:41 uid.dbb
    Tip: If you want to reconfigure the LDAP directory from scratch, stop slapd, remove the ldbm files, start slapd, then begin the steps in this procedure.

Result

OpenLDAP is now configured and ready to be used with SAN File System.

Parent topic: Configuring LDAP using OpenLDAP
Previous topic: Configure the OpenLDAP server

Library | Support | Terms of use | Feedback
(C) Copyright IBM Corporation 2003, 2004. All Rights Reserved.
IBM TotalStorage SAN File System v2.2