Assigning a user to a group, Assigning the ldap role to a switch role, Modifying an entry – Dell POWEREDGE M1000E User Manual

Page 168

Advertising
background image

168

Fabric OS Administrator’s Guide

53-1002745-02

Remote authentication

5

Assigning a user to a group

Before you can assign a user to a group, the memberOf overlay must be added to the slapd.conf
file. Refer to

“Enabling group membership”

on page 166 for details.

To create a group and assign a member:

1. In a .ldif file, create a “groupOfNames” objectClass entry with the name of the group, for

example, “admin,” to create a group.

2. Set a “member” attribute for the group instance to identify the member, as in this example:

“cn=Sachin,cn=Users,dc=mybrocade,dc=com”

Automatically the “memberOf” attribute of entry Sachin will have value
“cn=admin,ou=groups,dc=mybrocade,dc=com”, which assigns Sachin to the admin group.

3. Enter the ldapadd command.

For example, the .ldif file might contain something like the following:

#Groups in organization
dn: ou=groups,dc=mybrocade,dc=com
objectclass:organizationalunit
ou: groups
description: generic groups branch

dn: cn=admin,ou=groups,dc=mybrocade,dc=com
objectclass: groupofnames
cn: admin
description: Members having admin permission
#Add members for admin group
member: cn=sachin,cn=Users,dc=mybrocade,dc=com

Assigning the LDAP role to a switch role

Use the ldapCfg -–maprole ldap_role_name switch_role command to map LDAP server
permissions to one of the default roles available on a switch.

Modifying an entry

To modify a directory entry, perform the following steps:

1. Create a .ldif file containing the information to be modified.

2. Enter the ldapmodify -f filename command, where filename is the .ldif file you edited in

step 1

.

Example to delete a user attribute

1. Create or edit a .ldif file with an entry similar to the following.

#########Deleting an attr
#dn: cn=Sachin,cn=Users,dc=mybrocade,dc=com
#changetype: modify
#delete: memberof

2. Enter the following ldapmodify command, where test.ldif is the name of the file you edited in

step 1

.

> ldapmodify -D cn=Sachin,dc=mybrocade,dc=com –x -w secret -f test.ldif

Advertising
Popular Brands
Popular manuals