Adding ‘memberOf’ attribute and ‘user’ objectclass into openldap grep TLS /etc/openldap/slapd.conf
TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
TLSCertificateFile /usr/share/ssl/certs/slapd.pem
TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
Note: must enable TLS for listening on port 636 for ilo ldaps connection
Add memberOf and user to custom.schema
attributetype ( 1.3.6.1.4.1.<companysid>.9.1.1 NAME 'memberOf'
DESC 'Group which user belongs to'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
objectClass ( 1.3.6.1.4.1.<companysid>.9.2.1 NAME 'memberOf'
SUP top AUXILIARY
DESC 'Required by Integrated Lights-Out for OpenLDAP'
MAY ( memberOf ) )
objectClass ( 1.3.6.1.4.1.<companysid>.9.2.2 NAME 'user'
SUP top AUXILIARY
DESC 'Required by Integrated Lights-Out for OpenLDAP' )
In open ldap
Create a ou groups and create a ou=users / people i have taken example of people in here.
Add base dn
dn: dc=ldapserver,dc=com
dc: ldapserver
description: Your LDAP entry
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject
Add the above entries to a file test.ldif
To add to ldap
Add one by one you cannot add all at a time
ldapadd -x -D "cn=Manager,dc=ldapserver,dc=com" -W -f test.ldif
Hope this helps....
dc: ldapserver
description: Your LDAP entry
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject
Add ou=people
dn: ou=people,dc=ldapserver,dc=com
objectclass: top
objectclass: organizationalunit
ou: people
objectclass: top
objectclass: organizationalunit
ou: people
Add the above entries to a file test.ldif
Add Ou=Group
dn: ou=group,dc=ldapserver,dc=com
objectclass: top
objectclass: organizationalunit
ou: group
objectclass: top
objectclass: organizationalunit
ou: group
Create a user
dn: cn=testuser,ou=people,dc=ldapserver,dc=com
cn: testuser
uid: test
sn: user
uidnumber: 1000
homedirectory: /home/testuser
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectclass: inetorgperson
objectClass: memberOf
objectClass: user
loginShell: /bin/bash
gidNumber: 1000
displayname: TestUser
userPassword: {SSHA}7kjidfm30u50371789128/b94
memberOf: cn=testuser,ou=group,dc=ldapserver,dc=com
cn: testuser
uid: test
sn: user
uidnumber: 1000
homedirectory: /home/testuser
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectclass: inetorgperson
objectClass: memberOf
objectClass: user
loginShell: /bin/bash
gidNumber: 1000
displayname: TestUser
userPassword: {SSHA}7kjidfm30u50371789128/b94
memberOf: cn=testuser,ou=group,dc=ldapserver,dc=com
To add to ldap
Add one by one you cannot add all at a time
ldapadd -x -D "cn=Manager,dc=ldapserver,dc=com" -W -f test.ldif
On OA administrator
1) Under Directory Settings
Enable Ldap authentication and Enable Local users (Its highly recommended to keep the local user)
Directory server ip address – (whatever the ldap server you want to use)
Port – 636
Search context1 – ou=people, dc=linuxserver,dc=com
2) Under certificate upload copy the certificate from ldap server and paste it in here and upload.
3) Test settings:
Enter the cn and password and all the results should be passed if you do not have cn enabled then use complete string
Uid=testuser,ou=people,dc=linuxserver,dc=com
4) Go to Users/Authentication
Directory Groups
Group Name – cn=iloadmins,ou=group,dc=linuxserver,dc=com
Description – Ilo admin
Privilege level: Administrator
Group permissions – Select all
Update Group
Hope this helps....
Note: make sure entrydn starts with cn and not uid, HP ilo checks entrydn if you use uid as entrydn then you have to give full path while logging in as uid=testuser,dc=linuxserver,dc=com and then password
if you create usernames with entrydn with cn then HP-ILO look only for username
Allow version 2 binding in /etc/openldap/slapd.conf which is ‘allow bind_v2’
Slapd MUST also listen on port 636(ldaps)
No comments:
Post a Comment