Secure LDAP Configuration

sajuptpm sajuptpm at gmail.com
Thu Aug 12 14:26:57 CEST 2010


I want to create an LDAP database for my company with following
settings.

	Only the ldap user belongs to my company can search and view ldap
entries
	I want to protect ldap user belongs to my company
	One ldap user can't search and view others details
	Only allow ldap users to authenticate with there username and
password
	I need an LDAP administrator for my company.Only he can add and
delete users from LDAP.

For these how configure /etc/openldap/slapd.conf



	I need to add group and role infornations to ldap directory.Can i use
existing attributes like 'ou' for these or need to add new attribute.


Here is the LDAP entry i configured.

dn: uid=user6,dc=localhost,dc=localdomain
objectclass: top
objectclass: person
objectclass: inetorgperson
ou: [('userGroup111','userr'),('adminGroup','admin'),
('Server111','operator')]
cn: user6
sn: My company
uid: user6
userPassword: 123456


ou: [('userGroup111','userr'),('adminGroup','admin'),
('Server111','operator')] <-----newly added group and role pair.Is it
correct way????

Have any other way to do it.



More information about the Python-list mailing list