Dell Wyse Enhanced Ubuntu Linux T50 Manual de usuario descargar pdf (Pagina 217)

Appendix C. Manually Conﬁguring Integration with Novell eDirectory

• Begin by creating a user in eDirectory at an appropriate place in the tree. This user is a so-called

application DN, so if your tree already has a place for similar users, place the user there. In our

example, the DN of the user will be cn=tl-posixsearcher,ou=thinlinc,o=example. This DN will be

used as binddn in /etc/ldap.conf on the ThinLinc server.

• Set a password for the user using the normal procedure (choose properties on the object, set the

password under the Restrictions tab). Do not use a password that is used for anything else. This

password will be used as bindpw in /etc/ldap.conf on the ThinLinc server and will be readable

by all users on the ThinLinc server.

• Now add the user just created as a trustee on a appropriate object in the tree. This object should be

above all users that should be able to login to the ThinLinc server(s). For example, if all users reside

under ou=People,o=example, add the user as a trustee on the ou=People,o=example object. Adding

the trustee is done using the following procedure:

• Right-click the object where the trustee should be added. Select "Trustees of this object..."

• Press "Add Trustee..." in the dialog that appears and select the user we just created

(cn=tl-posixsearcher,ou=thinlinc,o=example in our example).

• Select the user just added and press "Assigned Rights". For each of the attributes CN, gidNumber,

homeDirectory, loginShell, uidNumber, Member, and uniqueID do:

• Press the "Add Property..." button.

• Locate the attribute in question and select it. You will have to check the "Show all properties"

checkbox to see all required attributes. Also note that the sorting order in the dialog is a bit

peculiar - attributes that begin with lowercase are sorted after all attributes that begin with

uppercase. The easiest way to ﬁnd attributes is probably to type their name, since the dialog then

will ﬁnd them for you.

• After selecting the attribute, return to the "Rights assigned to" dialog box by pressing OK, and

check the "inheritable" checkbox for the newly added attribute.

Repeat the procedure for [Entry Rights] which is not a normal LDAP attribute but a special

keyword. Without browse rights on entries, the user will not be able to see any objects at all which

is the ﬁrst step in reading the information in them.

If tl-nds-mountpath (described in Section 10.2.4.4.2.2 is to be used, read access must also be

enabled for the ndsHomeDirectory attribute.

• Close all dialogs by pressing "OK". Your posixsearcher user should now be able to search the

directory and retrieve all relevant attributes. Test this by executing the following command:

[root@test root]

ldapsearch -x -D \

cn=tl-posixsearcher,ou=thinlinc,o=example’ -W -H \

ldaps://ldap.example.com -b \

ou=People,o=example

The output should contain CN, gidNumber, homeDirectory, loginShell, uidNumber, and uid. Also,

if you add this users dn and password to /etc/ldap.conf on the ldap server, all users should be

present in the output of getent passwd.

An alternative way of assigning the ACLs required is to add the following LDIF to the toplevel object

(ou=People,o=example in our example) using ldapmodify or a similar tool:

ACL: 3#subtree#cn=tl-posixsearcher,ou=thinlinc,o=example#CN

207

1 2 ... 212 213 214 215 216 217 218 219 220

Comentarios a estos manuales

Sin comentarios

Dell Wyse Enhanced Ubuntu Linux T50 Manual de usuario Pagina 217

Comentarios a estos manuales

Relacionado con productos y manuales para Servidores Dell Wyse Enhanced Ubuntu Linux T50