Preparing LDAP Domain Configuration Data
Before adding a storage system to an LDAP domain, collect configuration data of the LDAP domain server.
LDAP Domain Parameters
LDAP data is organized in a tree structure that clearly lays out organizational information. A node on this tree is called as Entry. Each Entry has a distinguished name (DN). The DN of an Entry is composed of the Base DN and RDN. The Base DN refers to the position of the parent node where the Entry resides on the tree, and the RDN refers to an attribute (such as UID or CN) that distinguishes the Entry from others.
LDAP directories function as file system directories. For example, LDAP directory dc=redmond,dc=wa,dc=microsoft,dc=com can be considered as the following file system directory: com\microsoft\wa\redmond. In another example of directory cn=user1,ou=user,dc=example,dc=com, cn=user1 indicates a user name and ou=user indicates the organization unit of Active Directory (AD), that is, user1 is in the user organization unit of the example.com domain.
The following figure shows data structure of an LDAP server:
Table 5-4 describes meanings of acronyms in the LDAP entries.
Obtaining LDAP Configuration Data in Windows
OpenLDAP is a free and open-source implementation method of the LDAP developed by the OpenLDAP Project. It is released under the OpenLDAP Public License. This section uses OpenLDAP as an example to describe how to obtain LDAP configuration data.
The OpenLDAP installation package is available on the Userbooster website, but not the OpenLDAP website. It can run on the following types of Windows operating systems: Windows XP, Windows Server 2003, Windows Server 2008, Windows Vista, Windows 7, Windows 8, and Windows Server 2012.
- Open the OpenLDAP installation directory.
- Find the slapd.conf system configuration file.
- Use the text editing software to open the configuration file and search for the following fields:
suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" rootpw XXXXXXXXXXXX
- dc=example,dc=com maps to Base DN on the storage system configuration page.
- cn=Manager,dc=example,dc=com maps to Bind DN on the storage system configuration page.
- XXXXXXXXXXXX maps to Bind Password on the storage system configuration page. If the password is in ciphertext, contact LDAP server administrators to obtain the password.
- Find configuration files (with .ldif as the file name extension) of users and user groups that need to access the storage system.
LDAP Interchange Format (LDIF) is one of the most common file formats for LDAP applications. It is a standard mechanism that represents directories in the text format, and it allows users to import data to and export data from the directory server. LDIF files store LDAP configurations and directory contents. You can obtain parameter information from LDIF files.
- Use the text editing software to open the configuration file and find the DNs that map to User Directory and Group Directory respectively on the storage system configuration page.
#root on the top dn: dc=example,dc=com dc: example objectClass: domain objectClass: top #First organization unit name: user dn: ou=user,dc=example,dc=com ou: user objectClass: organizationalUnit objectClass: top #Second organization unit name: groups dn: ou=group,dc=example,dc=com ou: groups objectClass: organizationalUnit objectClass: top #The first user represents user1 that belongs to organization unit user in the organizational structure topology. dn: cn=user1,ou=user,dc=example,dc=com cn: user1 objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson sn: user1 uid: user1 uidNumber: 2882 gidNumber: 888 homeDirectory: /export/home/ldapuser loginShell: /bin/bash userPassword: {ssha}eoWxtWNl8YbqsulnwFwKMw90Cx5BSU9DRA==xxxxxx #The second user represents user2 that belongs to organization unit user in the organizational structure topology. dn: cn=user2,ou=user,dc=example,dc=com cn: user2 objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson sn: client uid: client uidNumber: 2883 gidNumber: 888 homeDirectory: /export/home/client loginShell: /bin/bash userPassword: {ssha}eoWxtWNl8YbqsulnwFwKMw90Cx5BSU9DRA==xxxxxx #The first user group represents group1 that belongs to organization unit group in the organizational structure topology. The group contains user1 and user2. dn: cn=group1,ou=group,dc=example,dc=com cn: group1 gidNumber: 888 memberUid: user1#Belongs to the group. memberUid: user2#Belongs to the group. objectClass: posixGroup
Obtaining LDAP Configuration Data in Linux
OpenLDAP Software for LDAP support is included in several common Linux distributions. This section uses OpenLDAP as an example to describe how to obtain LDAP configuration data. The operation procedure is as follows:
- Log in to an LDAP server as user root.
- Run the cd /etc/openldap command to go to the /etc/openldap directory.
linux-ldap:~ # cd /etc/openldap linux-ldap:/etc/openldap #
- Run the ls command to view the slapd.conf system configuration file and the configuration file (with .ldif as the file name extension) of users and user groups who want to access the storage system.
linux-ldap:/etc/openldap #ls example.ldif ldap.conf schema slap.conf slap.con slapd.conf
- Run the cat command to open the slapd.conf system configuration file where you can view related parameters.
linux-ldap:/etc/openldap #cat slapd.conf suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" rootpw XXXXXXXXXXXX
- dc=example,dc=com maps to Base DN on the storage system configuration page.
- cn=Manager,dc=example,dc=com maps to Bind DN on the storage system configuration page.
- XXXXXXXXXXXX maps to Bind Password on the storage system configuration page. If the password is in ciphertext, contact LDAP server administrators to obtain the password.
- Run the cat command to open the example.ldif file. Find the DNs that map to User Directory and Group Directory respectively on the storage system configuration page. For details about the parameters, see the example LDIF file in Windows.
