LDAP Resources

  


[an error occurred while processing this directive]

No Title

[an error occurred while processing this directive]

Reference: Cisco: Internetworking Basics

Contents

Introduction

This guide demonstrates how to extract information from local OS user accounts and groups on the Linux platform and then export those users and objects to a readable LDIF file that can be modified (if necessary) and imported into an LDAP directory. This provides a nice shortcut for setting up users and groups in a newly initialized directory that can be used to authenticate through LDAP.

The Linux machine used in this example is running the latest version of Oracle which at the time of this writing is Oracle Database 11g Release 2 (11.2.0.3.0). The machine name for the database server is racnode1.idevelopment.info and contains user accounts and groups that best define the conventions that I would want to centralize for all Oracle database servers. The local user accounts and groups will be exported from the database server and imported to an LDAP directory on ldapsrv.idevelopment.info.

The example used in this tutorial is based on a clean installation of OpenLDAP Software on the CentOS 6 platform. This tutorial will also work for Red Hat Enterprise Linux 6 and Oracle Linux 6. The LDAP directory used in this guide has been initialized with a base DN of dc=idevelopment,dc=info and organization units People, Group, and Hosts. Obviously, the name of your LDAP server and the base DN will differ and the examples presented in this guide will need to be modified accordingly for you environment.

Refer to the following two tutorials on how to install OpenLDAP Software and initialize the LDAP directory on the server (ldapsrv.idevelopment.info in this guide) on the CentOS 6 platform.

Oracle Users and Groups

The users and groups being migrated to LDAP are reflective of a typical Oracle RAC 11g Release 2 configuration that includes Oracle Grid Infrastructure and Oracle Database software.

Groups
Group Name gidNumber
oinstall 1000
asmadmin 1200
asmdba 1201
asmoper 1202
dba 1300
oper 1301

Users
Username uidNumber gidNumber Groups loginShell homeDirectory
grid 1100 1000 1000(oinstall),1200(asmadmin),1201(asmdba),1202(asmoper) /bin/bash /home/grid
oracle 1101 1000 1000(oinstall),1201(asmdba),1300(dba),1301(oper) /bin/bash /home/oracle
jhunter 500 500 500(jhunter),1300(dba),1301(oper) /bin/bash /home/jhunter

In the end, we will also be able to create additional LDAP users based on a template LDIF record for a user and group developed in the migration phase of this guide.

Install OpenLDAP Server Package

Migrate Users and Groups

Test User Authentication Through LDAP

About the Author

Jeffrey Hunter is an Oracle Certified Professional, Java Development Certified Professional, Author, and an Oracle ACE. Jeff currently works as a Senior Database Administrator for The DBA Zone, Inc. located in Pittsburgh, Pennsylvania. His work includes advanced performance tuning, Java and PL/SQL programming, developing high availability solutions, capacity planning, database security, and physical / logical database design in a UNIX / Linux server environment. Jeff's other interests include mathematical encryption theory, tutoring advanced mathematics, programming language processors (compilers and interpreters) in Java and C, LDAP, writing web-based database administration tools, and of course Linux. He has been a Sr. Database Administrator and Software Engineer for over 20 years and maintains his own website site at: http://www.iDevelopment.info. Jeff graduated from Stanislaus State University in Turlock, California, with a Bachelor's degree in Computer Science and Mathematics.



Copyright (c) 1998-2017 Jeffrey M. Hunter. All rights reserved.

All articles, scripts and material located at the Internet address of http://www.idevelopment.info is the copyright of Jeffrey M. Hunter and is protected under copyright laws of the United States. This document may not be hosted on any other site without my express, prior, written permission. Application to host any of the material elsewhere can be made by contacting me at jhunter@idevelopment.info.

I have made every effort and taken great care in making sure that the material included on my web site is technically accurate, but I disclaim any and all responsibility for any loss, damage or destruction of data or any other property which may arise from relying on it. I will in no case be liable for any monetary damages arising from such loss, damage or destruction.

Last modified on
Wednesday, 22-Aug-2012 15:56:17 EDT
Page Count: 2069