El 22/5/19 a las 8:43, Fernando Jacas Planas escribió: > Saludos > Alguien ha probado esto del Ldap+ MultiAdmin > probé con lo que pusieron pero me da error. > > > -----Original Message----- > From: Leandro <lreye...@nauta.cu> > To: Arian Molina Aguilera <linuxc...@teknik.io>, Lista cubana de > soporte técnico en Tecnologias Libres <gutl-l@listas.jovenclub.cu> > Date: Fri, 17 May 2019 23:22:26 -0400 (GMT-04:00) > Subject: [Gutl-l] Re: Duda Ldap+ MultiAdmin > > Gracias pruebo y les comento como me fue > > > ---Desde mi teléfono con SIJÚ > > El May 17, 2019 6:42:13 PM UTC, Arian Molina Aguilera > <linuxc...@teknik.io> escribió: > El 17/5/19 a las 14:07, Leandro escribió: > > Si openldap debían > > > aquí tienes como hacerlo > https://ludopoitou.com/2011/01/10/multiple-directory-administrative-users/ > > > Most of LDAP directory servers configure a single well known directory > administrative account (cn=Directory Manager [,dc=example,dc=com]) > which > has full access to everything. While there is a need to have one > special > user to bootstrap the server, we are too often seeing that special > account being used by all applications that have specific > administrative > needs : the provisioning application, the email management > application, > … > > OpenDJ <http://opendj.forgerock.org <http://opendj.forgerock.org>> > has different mechanisms to define > multiple administrative accounts, but today, I’m going to focus on the > “Root DNs” i.e. defining multiple Directory Managers. > > The default administrative account is “cn=Directory Manager”, and is > stored in the configuration under the “cn=Root DNs,cn=config” > container > entry. > > Adding another administrative account is as simple as adding another > entry under that container, with one specific objectClass : > ds-cfg-root-dn-user. > > Create a file newAdmin.ldif > > dn: cn=Second Admin,cn=Root DNs,cn=config > cn: Second Admin > objectclass: top > objectclass: person > objectclass: organizationalPerson > objectclass: inetOrgPerson > objectclass: ds-cfg-root-dn-user > sn: Second Admin > ds-cfg-alternate-bind-dn: cn=Admin2,dc=example,dc=com > ds-pwp-password-policy-dn: cn=Root Password Policy,cn=Password > Policies,cn=config > userPassword: password42 > > ldapmodify -a -D cn=Directory Manager -j /var/tmp/dmpassfile -f > newAdmin.ldif > > Processing ADD request for cn=Second Admin,cn=Root DNs,cn=config > ADD operation successful for DN cn=Second Admin,cn=Root > DNs,cn=config > > If you prefer, you can choose not to set the password in the LDIF > file, > but set it in a secure way afterwards : > > $ bin/ldappasswordmodify -p 1389 -D “cn=directory manager” -j > /var/tmp/dmpassfile -a “”cn=Admin2,dc=example,dc=com” -N > /var/tmp/newpw > The LDAP password modify operation was successful > > Where /var/tmp/dmpassfile contains the password for “cn=directory > manager” and /var/tmp/newpw the new password for Admin2. > > Did you notice the “ds-cfg-alternate-bind-dn” attribute in the > definition of the new administrative account ? This enables to > authenticate to the directory server with the DN value specified > in this > attribute, while the entry still has a DN and is located under the > “cn=config” suffix. > > So now, don’t hesitate to create different administrative accounts for > the various applications that need special access to the directory. > > In a follow-up post, I will explain how to restrict what those > administrative accounts can do in the OpenDJ directory service. > _______________________________________________ > Gutl-l mailing list -- gutl-l@listas.jovenclub.cu > To unsubscribe send an email to gutl-l-le...@listas.jovenclub.cu > > > _______________________________________________ > Gutl-l mailing list -- gutl-l@listas.jovenclub.cu > To unsubscribe send an email to gutl-l-le...@listas.jovenclub.cu
Podrías decirnos que error te da, y por favor evita el top posting que rompes la cadena de los hilos. -- Arian Molina Aguilera Administrador de Redes y Servicios Telemáticos Linux Usuario Registrado #392892 Telfs: +53(7)696-7510 ext 236 jabber: linuxc...@teknik.io Brascuba Cigarrillos S.A. La Habana. Cuba. “Nunca consideres el estudio como una obligación, sino como una oportunidad para penetrar en el bello y maravilloso mundo del saber. Albert Einstein”
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gutl-l mailing list -- gutl-l@listas.jovenclub.cu To unsubscribe send an email to gutl-l-le...@listas.jovenclub.cu
