HP OSMS Blueprint: Directory Services on HP ProLiant and HP Integrity Servers with RHEL5
Table Of Contents
- HP Open Source Middleware Stacks Blueprint:
- Table of Contents
- Introduction
- Typographic Conventions
- HP Encourages Your Comments
- Overview of HP Directory Services OSMS
- Installing and Configuring Symas CDS and Apache Modules
- Managing the Symas CDS Server
- Performing Backups and Recovery with Berkeley DB
- Configuring the Master-Slave Replication
- Integrating the Apache HTTP Server with the mod_authnz_ldap and mod_ldap Modules
- Setting up Security for the CDS Server
- Monitoring OpenLDAP with the HP OpenView Operations CDS Gallery SPIs
objectClass: organizationalUnit
dc: osm
ou: osm
userPassword:: e1NTSEF9ajJBQjhFUmNvZitTV0V5Rkp3ZGtjWE5va0J6ODFYa0g=
Because the user dc=dn4,dc=example,dc=com is granted the read privilege, the ou and
userPassword attributes are displayed in the results.
11. Create a modify.ldif file, to verify that the user dc=dn4,dc=example,dc=com cannot
modify the ou attribute of dc=osm,dc=example,dc=com, using the following content:
dn: dc=osm,dc=example,dc=com
changetype: modify
replace: ou
ou: osm.test
Notice that in the file, the value of ou is changed to osm.test.
12. Using the ldapmodify command and the user dc=dn4,dc=example,dc=com, apply the
entry modification in the modify.ldif created in step 11 by entering the following
command:
# /opt/symas/bin/ldapmodify -x -D 'dc=dn4,dc=example,dc=com' \
-w abc123 -h cds_server -f /tmp/modify.ldif
The following is displayed:
modifying entry "dc=osm,dc=example,dc=com" ldap_modify: Insufficient
access (50)
This message means that the user dc=dn4,dc=example,dc=com has no privileges to write
the ou attribute of dc=osm,dc=example,dc=com.
13. Now, use the same ldapmodify command with the user dc=dn5,dc=example,dc=com
to verify the user has been given write privileges, by entering the following command:
# /opt/symas/bin/ldapmodify -x -D 'dc=dn5,dc=example,dc=com' \
-w abc123 -h cds_server -f /tmp/modify.ldif
If write privileges are successfully granted, the following message displays:
modifying entry "dc=osm,dc=example,dc=com"
14. Use the ldapsearch command to verify the attributes of dc=osm,dc=example,dc=com
have been successfully changed, by entering the following command:
# /opt/symas/bin/ldapsearch -x -D 'dc=dn5,dc=example,dc=com' \
-w abc123 -h cds_server -b 'dc=osm,dc=example,dc=com' -s base -LLL
The following message is displayed:
dn: dc=osm,dc=example,dc=com
objectClass: dcObject
objectClass: organizationalUnit
dc: osm
userPassword:: e1NTSEF9ajJBQjhFUmNvZitTV0V5Rkp3ZGtjWE5va0J6ODFYa0g=
ou: osm.test
Notice that in the file, the value of ou is changed to osm.test because
dc=dn5,dc=example,dc=com is granted the write privilege. It can also search and read
the values of ou and userPassword, as specified in the ACLs
Monitoring OpenLDAP with the HP OpenView Operations CDS Gallery
SPIs
HP enhances the OSMS Directory Services by using HP OpenView Operations Gallery Smart
Plug-Ins (OVO SPIs).
Monitoring OpenLDAP with the HP OpenView Operations CDS Gallery SPIs 31