directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: How to add Users and Groups - the right way
Date Fri, 23 Dec 2016 16:24:46 GMT


Le 23/12/16 à 16:39, Gideon Ravenor a écrit :
> I created a new partition, and copied Users and Groups from System into it,
> the entire tree beneath those elements.
>
>  
>
> I added a user (hboggart) by adding an inetOrgPerson entry to ou=users as
> follows. 
>
>  
>
> cn=Henry+sn=Bogart+givenName=Henry+uid=hbogart+mail=hbogart@geemail.com+mobi
> leTelephoneNumber=555-555-555,ou=users,dc=deadbeef,dc=com

This is certainly not the DN you want to use...
>
>  
>
> 1.       So what should the canonical name (cn) above be? Should it be my
> firstname, or my login id?

Your choice. There is no rule, just usages...
>
> 2.       I used uid as my login ID, is this a best practice? 
As soon as this helps you to retrieve your entry easily, yes.

>
> 3.       I used sn as my last name (surname) but I see fields for Given Name
> and surname (why is this stuff so unclear?)
https://tools.ietf.org/html/rfc4519#section-2.32 :

" The 'sn' ('surname' in X.500) attribute type contains name strings for
the family names of a person"


https://tools.ietf.org/html/rfc4519#section-2.12 :

"The 'givenName' attribute type contains name strings that are the part
of a person's name that is not their surname."

It's pretty clear.

>
> 4.       I want to add a json object for custom properties to this user -
> which entry should I use?
You should use an attribute, not an entry. You should define an
AttributeType for such a value, that could store an OCTET STRING, and
you should also define a dedicated ObjectClass to contain this specific
AttributeType.

That requires a bit more of knowledge about LDAP to be able to do that,
though (see later)

>
>  
>
> I then added the user to the ready-made group cn=Administrators which is a
> groupOfUniqueNames and now I have no idea how to add a the user cmdematos to
> this.
???

>
> I find all manner of conflicting information about this on the web, people
> mention 'add a member attribute then add the members as values', but when I
> try adding a member attribute I get .

???

>
>  
>
>
>
>  
>
> So instead I added an account entry. It accepts this, but I have no idea
> whether this is correct.

Eitehr you aren't providing enough info, or your mail got borked, but in
any case I can't provide helps with the partial infos I see in your
mail. Try to be accurate.

>
>  
>
>
>
>  
>
>  
>
> Where can I go to get a succinct explanation on the schemas and how to
> construct user and groups entries?

There are many places you can find information about LDAP on the net.
Things like :

http://www.ldapman.org/articles/intro_to_ldap.html

But at some point, the best is to buy a book and read a bit of it. One
which is not too bad is
https://www.amazon.com/Understanding-Deploying-LDAP-Directory-Services/dp/0672323168.


>
>  
>
> What schemas should I use and how will this affect code that works with the
> schemas? 

I can't tell. It all depends on your needs.

>
>  
>
> The purpose of the LDAP install is as follows:
>
>  
>
> 1.       To Serve as a central Authentication and Authorization service for
> Commercial Software Offerings (Team Source, Jira, Sonatype Nexus etc)
>
> 2.       To serve as Authentication and Authorization for custom software
> development (OAUTH, Kerberos and LDAP)
>
> 3.       To handle multiple domains of authentication and authorization.
>
>  
>
> I really in the blind here and am hoping to avoid weeks of reading the
> driest, most boring stuff known to man (X.500 and LDAP schemas) just to
> learn the high level of what I am trying to do.

You are pretty much telling us : "I woant to learn french without having
to read boring grammar books or dictionnaries". Sorry, you missed the
opportunity to be born in France, you'll have to ride it the hard way...

Do you realize that 122 LDAP RFCs are defining LDAP, and the core LDAP
RFCs are representing 305 page of very dense information ?

> Any good articles or cookbook recommendations are very much appreciated. 

Check the book I mentionned. This is most certainly a very good start
and a very good spend for the value.

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org


Mime
View raw message