OpenLDAP Faq-O-Matic : Trash :
How do I Integrate OpenLDAP with Netscape Enterprise Server?1. Get netscape.at.conf from http://www.openldap.org/faq/data/cache/385.html (netscape.oc.conf is provided below).
2. Add the schema to your slapd.conf file. (duh!)
3. Now in your slapd.conf, make sure your rootdn is something
like uid=<nes_uid>,o=<organisation>,c=<country>
where nes_uid is the NES user ID (the username
that you use to login into NES Admin).
4. Make sure also the rootpw in slapd.conf is identical with NES
Admin password (the password that you use to login into NES Admin).
It is not advised to use cleartext password however, use ldappasswd
to hash it.
----- Sample of slapd.conf ------
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
#include /usr/local/etc/openldap/slapd.at.conf
#include /usr/local/etc/openldap/slapd.oc.conf
include /usr/local/etc/openldap/netscape.at.conf
include /usr/local/etc/openldap/netscape.oc.conf
schemacheck on
#referral ldap://root.openldap.org/
pidfile /usr/local/var/slapd.pid
argsfile /usr/local/var/slapd.args
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "o=SNTRoot, c=MY"
index cn
index sn,uid eq,sub,approx
index default none
rootdn "uid=admin, o=SNTRoot,
c=MY"
rootpw {sha}0DPiKuNIrrVmDkhDxNqZc==
directory /usr/local/var/openldap-ldbm
----------------------------------
5. Now start slapd and add this initial entry, Suitespot's server expect this... (modify according to your setup, especially the userpassword and dn)
dn: o=SNTRoot,c=MY
changetype: add
objectclass: top
objectclass: organisation
aci: (targetattr = "*")(version 3.0; acl "Suitespot
Adminstrators Group"; allow (all) groupdn = "ldap:///uid=admin,o=SNTRoot,c=MY";)
dn: uid=admin, o=SNTRoot,c=MY
changetype: add
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: SuiteSpot Manager
sn: Manager
givenname: SuiteSpot
uid: admin
userpassword: {sha}0DPiKuNIrrVmDkhDxNqZc==
6. You are done. Congratulations!
rosdi@snt.com.my
There are a few errors in netscape.oc.conf pointed by the link above. Please use this one;
#
# ------- netscape.oc.conf ---------
#
objectclass groupOfNames
requires
objectClass,
cn,
member
allows
memberURL,
businessCategory,
description,
o,
ou,
owner,
seeAlso
objectclass groupOfUniqueNames
requires
objectClass,
cn
allows
uniqueMember,
businessCategory,
description,
o,
ou,
owner,
seeAlso
objectclass LDAPServer
requires
objectClass,
cn
allows
changeLogMaximumAge,
changeLogMaximumSize,
description,
generation,
l,
ou,
seeAlso,
aci
objectclass LDAPReplica
requires
objectClass,
cn
allows
description,
l,
ou,
replicaBinddn,
replicaBindMethod,
replicaCredentials,
replicaHost,
replicaPort,
replicaRoot,
replicaUpdateFailedAt,
replicaUpdateReplayed,
replicaUpdateSchedule,
replicaUseSSL,
seeAlso,
aci
objectclass country
requires
objectClass,
c
allows
description,
searchGuide
objectclass locality
requires
objectClass
allows
description,
l,
seeAlso,
st,
streetAddress,
searchGuide
objectclass organization
requires
objectClass,
o
allows
businessCategory,
description,
facsimileTelephoneNumber,
l,
physicalDeliveryOfficeName,
postalAddress,
postalCode,
postOfficeBox,
preferredDeliveryMethod,
seeAlso,
st,
street,
searchGuide,
telephoneNumber,
userPassword
objectclass organizationalUnit
requires
objectClass,
ou
allows
businessCategory,
description,
facsimileTelephoneNumber,
l,
physicalDeliveryOfficeName,
postalAddress,
postalCode,
postOfficeBox,
preferredDeliveryMethod,
seeAlso,
st,
street,
searchGuide,
telephoneNumber,
userPassword
objectclass inetOrgPerson
requires
objectClass,
cn,
sn
allows
businessCategory,
carLicense,
departmentNumber,
description,
employeeNumber,
employeeType,
facsimileTelephoneNumber,
givenName,
homePhone,
homePostalAddress,
initials,
jpegPhoto,
l,
labeledURI,
mail,
manager,
mobile,
ou,
pager,
physicalDeliveryOfficeName,
postalAddress,
postalCode,
postOfficeBox,
preferredDeliveryMethod,
roomNumber,
secretary,
seeAlso,
st,
streetAddress,
aci,
telephoneNumber,
title,
uid,
userPassword,
x500UniqueIdentifier
objectclass NTUser
requires
objectClass,
NTUserDomainId
allows
NTUserAcctExpires,
NTUserAuthFlags,
NTUserBadPwCount,
NTUserCodePage,
NTUserComment,
NTUserCountryCode,
NTUserCreateNewAccount,
NTUserDeleteAccount,
NTUserFlags,
NTUserHomeDir,
NTUserHomeDirDrive,
NTUserLastLogoff,
NTUserLastLogon,
NTUserLogonHours,
NTUserLogonServer,
NTUserMaxStorage,
NTUserNumLogons,
NTUserPasswordExpired,
NTUserPrimaryGroupId,
NTUserProfile,
NTUserScriptPath,
NTUserUniqueId,
NTUserUnitsPerWeek,
NTUserUsrComment,
NTUserParms,
NTUserWorkstations
objectclass organizationalPerson
requires
objectClass,
cn,
sn
allows
description,
facsimileTelephoneNumber,
l,
ou,
physicalDeliveryOfficeName,
postalAddress,
postalCode,
postOfficeBox,
preferredDeliveryMethod,
seeAlso,
st,
street,
telephoneNumber,
title,
userPassword
objectclass organizationalRole
requires
objectClass,
cn
allows
description,
destinationIndicator,
facsimileTelephoneNumber,
internationalIsdnNumber,
l,
ou,
physicalDeliveryOfficeName,
postalAddress,
postalCode,
postOfficeBox,
preferredDeliveryMethod,
registeredAddress,
roleOccupant,
seeAlso,
st,
streetAddress,
telephoneNumber,
teletexTerminalIdentifier,
telexNumber,
x121Address
objectclass person
requires
objectClass,
cn,
sn
allows
description,
seeAlso,
telephoneNumber,
userPassword
objectclass netscapeCalendarServer
requires
objectClass
objectclass nsCalAdmin
requires
objectClass,
cn
allows
facsimileTelephoneNumber,
generationQualifier,
givenName,
initials,
organizationalUnit,
postalAddress,
surname,
telephoneNumber,
userPassword,
nsCalAccess,
nsCalAccessDomain,
nsCalAdmd,
nsCalFlags,
nsCalHost,
nsCalLanguageId,
nsCalNodeAlias,
nsCalOrgUnit2,
nsCalOrgUnit3,
nsCalOrgUnit4,
nsCalPasswordRequired,
nsCalPrmd,
nsCalServerVersion,
nsCalSysopCanWritePassword,
nsCalXItemId
objectclass nsCalResource
requires
objectClass,
cn
allows
facsimileTelephoneNumber,
postalAddress,
telephoneNumber,
userPassword,
nsCalAccess,
nsCalAccessDomain,
nsCalDefaultNoteReminder,
nsCalDefaultReminder,
nsCalDefaultTaskReminder,
nsCalDisplayPrefs,
nsCalFlags,
nsCalHost,
nsCalLanguageId,
nsCalNodeAlias,
nsCalNotifMechanism,
nsCalOperatingPrefs,
nsCalPasswordRequired,
nsCalRefreshPrefs,
nsCalResourceCapacity,
nsCalResourceNumber,
nsCalServerVersion,
nsCalSysopCanWritePassword,
nsCalTimezone,
nsCalXItemId
objectclass nsCalUser
requires
objectClass
allows
generationQualifier,
nsCalAccess,
nsCalAccessDomain,
nsCalAdmd,
nsCalDefaultNoteReminder,
nsCalDefaultReminder,
nsCalDefaultTaskReminder,
nsCalDisplayPrefs,
nsCalFlags,
nsCalHost,
nsCalLanguageId,
nsCalNodeAlias,
nsCalNotifMechanism,
nsCalOperatingPrefs,
nsCalOrgUnit2,
nsCalOrgUnit3,
nsCalOrgUnit4,
nsCalPasswordRequired,
nsCalPrmd,
nsCalRefreshPrefs,
nsCalServerVersion,
nsCalSysopCanWritePassword,
nsCalTimezone,
nsCalXItemId
objectclass netscapeCertificateServer
requires
objectClass
objectclass netscapeNewsServer
requires
objectClass
objectclass nginfo
requires
objectClass,
ngcomponent
allows
description,
nsnewsACL,
aci,
nsaclrole,
nsprettyname,
nsflags,
nscreator
objectclass netscapeCompassServer
requires
objectClass
objectclass personalInterestProfile
requires
objectClass,
pipuid
allows
pipuniqueid,
pipstatus,
pipusertype,
pipstfrequency,
pipmedium,
pipformat,
piphour,
pipmaxhits,
pipresultset,
pipsortorder,
piptimestamp,
pipirlist,
pipiroption,
pippwp,
piplastcount,
piptotalcount,
piptotalrun,
pipnotify,
pipprivilege,
pipgroup,
pipidstcount,
pipstid,
pipstname,
pipstquery,
pipsttaxonomy,
pipstinterest,
pipsttype,
pipstprivacy,
pipststatus,
pipstlastcount,
pipsttotalcount,
pipsttotalrun,
pipstcategory,
pipstfrequency,
pipstmedium,
pipstformat,
pipsthour,
pipstmaxhits,
pipstresultset,
pipstsortorder,
pipsttimestamp,
pipstirlist,
pipstiroption,
pipreservedces1,
pipreservedces2,
pipreservedces3,
pipreservedcis1,
pipreservedcis2,
pipreservedcis3,
pipreservedcis4,
pipreservedcis5,
pipreservedcis6
objectclass PIPUser
requires
objectClass
allows
pipuniqueid,
pipcompassservers,
pipreservedces1,
pipreservedces2,
pipreservedces3,
pipreservedcis1,
pipreservedcis2,
pipreservedcis3,
pipreservedcis4,
pipreservedcis5,
pipreservedcis6
objectclass PIPUserInfo
requires
objectClass,
cn
allows
mail,
userPassword,
description,
pipcompassservers,
pipuniqueid
objectclass changeLogEntry
requires
objectClass,
targetDn,
changeTime,
changeNumber,
changeType
allows
changes,
deleteOldRDN,
newRDN,
newSuperior
objectclass cirReplicaSource
requires
objectClass,
cn
allows
cirReplicaRoot,
cirHost,
cirPort,
cirBindDN,
cirUsePersistentSearch,
cirUseSSL,
cirBindCredentials,
cirLastUpdateApplied,
cirUpdateSchedule,
cirSyncInterval,
cirUpdateFailedAt,
cirBeginORC,
replicaNickname,
replicaEntryFilter,
replicatedAttributeList
objectclass glue
requires
objectClass
objectclass groupOfCertificates
requires
objectClass,
cn
allows
businessCategory,
description,
memberCertificateDescription,
o,
ou,
owner,
seeAlso
objectclass netscapeDirectoryServer
requires
objectClass
objectclass netscapeServer
requires
objectClass,
cn
allows
description,
serverRoot,
serverHostname,
serverProductName,
serverVersionNumber,
installationTimeStamp,
administratorContactInfo,
adminURL
objectclass nsLicenseUser
requires
objectClass
allows
nsLicensedFor,
nsLicenseStartTime,
nsLicenseEndTime
objectclass NTGroup
requires
objectClass,
NTGroupDomainId
allows
description,
l,
ou,
description,
seeAlso,
NTGroupId,
NTGroupAttributes,
NTgroupCreateNewGroup,
NTgroupDeleteGroup
objectclass passwordObject
requires
objectClass
allows
passwordExpirationTime,
retryCountResetTime,
accountUnlockTime,
passwordHistory
objectclass passwordPolicy
requires
objectClass
allows
passwordMaxAge,
passwordExp,
passwordMinLength,
passwordKeepHistory,
passwordInHistory,
passwordChange,
passwordCheckSyntax,
passwordWarning,
passwordLockout,
passwordMaxFailure,
passwordResetDuration,
passwordUnlock,
passwordLockoutDuration
objectclass referral
requires
objectClass
allows
ref
objectclass groupOfMailEnhancedUniqueNames
requires
objectClass,
cn
allows
businessCategory,
description,
o,
ou,
seeAlso
objectclass mailRecipient
requires
objectClass,
cn
allows
mail,
mailAccessDomain,
mailAlternateAddress,
mailAutoReplyMode,
mailAutoReplyText,
mailDeliveryOption,
mailForwardingAddress,
mailHost,
mailMessageStore,
mailProgramDeliveryInfo,
mailQuota,
multiLineDescription,
uid,
userPassword
objectclass mailGroup
requires
objectClass,
mail
allows
cn,
mailAlternateAddress,
mailHost,
mgrpAllowedBroadcaster,
mgrpAllowedDomain,
mgrpDeliverTo,
mgrpErrorsTo,
mgrpModerator,
mgrpMsgMaxSize,
mgrpMsgRejectAction,
mgrpMsgRejectText,
mgrpRFC822MailMember,
owner
objectclass netscapeMailServer
requires
objectClass
objectclass nsLicenseUser
requires
objectClass
objectclass netscapeMediaServer
requires
objectClass
objectclass netscapeProxyServer
requires
objectClass
objectclass netscapeWebServer
requires
objectClass
objectclass account
requires
objectClass,
uid
allows
description,
host,
l,
o,
ou,
seeAlso
objectclass alias
requires
objectClass,
aliasedObjectName
objectclass applicationEntity
requires
objectClass,
presentationAddress,
cn
allows
description,
l,
o,
ou,
seeAlso,
supportedApplicationContext
objectclass applicationProcess
requires
objectClass,
cn
allows
description,
l,
ou,
seeAlso
objectclass cacheObject
requires
objectClass
allows
ttl
objectclass certificationAuthority
requires
objectClass,
cACertificate;binary
allows
authorityRevocationList;binary,
certificateRevocationList;binary,
crossCertificatePair;binary
objectclass device
requires
objectClass,
cn
allows
description,
l,
o,
ou,
owner,
seeAlso,
serialNumber
objectclass DNSDomain
requires
objectClass
allows
dnsRecord
objectclass document
requires
objectClass,
documentIdentifier
allows
abstract,
authorCn,
authorSn,
cn,
description,
documentAuthor,
documentLocation,
documentPublisher,
documentStore,
documentTitle,
documentVersion,
keyWords,
l,
o,
obsoletedByDocument,
obsoletesDocument,
ou,
seeAlso,
subject,
updatedByDocument,
updatesDocument
objectclass documentSeries
requires
objectClass,
dc
allows
description,
l,
o,
ou,
seeAlso,
telephoneNumber
objectclass domain
requires
objectClass,
dc
allows
associatedName,
businessCategory,
description,
destinationIndicator,
facsimileTelephoneNumber,
internationalIsdnNumber,
l,
manager,
o,
physicalDeliveryOfficeName,
postalAddress,
postalCode,
postOfficeBox,
preferredDeliveryMethod,
registeredAddress,
searchGuide,
seeAlso,
st,
streetAddress,
telephoneNumber,
teletexTerminalIdentifier,
telexNumber,
userPassword,
x121Address
objectclass domainRelatedObject
requires
objectClass
allows
associatedDomain
objectclass dSA
requires
objectClass
objectclass friendlyCountry
requires
objectClass
allows
c
objectclass labeledURIObject
requires
objectClass
allows
labeledURI
objectclass newPilotPerson
requires
objectClass
allows
businessCategory,
drink,
homePhone,
homePostalAddress,
janetMailBox,
mail,
mailPreferenceOption,
mobile,
organizationalStatus,
otherMailbox,
pager,
personalSignature,
personalTitle,
preferredDeliveryMethod,
roomNumber,
secretary,
textEncodedOrAddress,
uid,
userClass
objectclass pilotObject
requires
objectClass
allows
audio,
ditRedirect,
info,
jpegPhoto,
lastModifiedBy,
lastModifiedTime,
manager,
photo,
uniqueIdentifier
objectclass pilotOrganization
requires
objectClass,
o,
ou
allows
buildingName,
businessCategory,
description,
destinationIndicator,
facsimileTelephoneNumber,
internationalIsdnNumber,
l,
physicalDeliveryOfficeName,
postalAddress,
postalCode,
postOfficeBox,
preferredDeliveryMethod,
registeredAddress,
searchGuide,
seeAlso,
st,
streetAddress,
telephoneNumber,
teletexTerminalIdentifier,
telexNumber,
userPassword,
x121Address
objectclass residentialPerson
requires
objectClass,
l
allows
businessCategory,
destinationIndicator,
facsimileTelephoneNumber,
internationalIsdnNumber,
physicalDeliveryOfficeName,
postalAddress,
postalCode,
postOfficeBox,
preferredDeliveryMethod,
registeredAddress,
st,
streetAddress,
teletexTerminalIdentifier,
telexNumber,
x121Address
objectclass RFC822LocalPart
requires
objectClass
allows
cn,
sn
objectclass room
requires
objectClass,
cn
allows
description,
roomNumber,
seeAlso,
telephoneNumber,
lastModifiedTime,
manager,
photo,
uniqueIdentifier
objectclass simpleSecurityObject
requires
objectClass,
userPassword
objectclass strongAuthenticationUser
requires
objectClass,
userCertificate,
userCertificate;binaryrosdi@snt.com.my