Eaton NetDirector B064-016-04-IPH Manual page 46

OSD Operation
Advanced Network Management Settings
OpenLDAP Server Configuration
The main OpenLDAP configuration file, slapd.conf, has to be
customized before launching the server. The modifications to
the configuration file will do the following:
• Specify the Unicode data directory. The default is ./ucdata.
• Choose the required LDAP schemas. The core schema is
mandatory.
• Configure the path for the OpenLDAP pid and args start up
files. The first contains the server pid, the second includes
command line arguments.
• Choose the database type. The default is bdb (Berkeley DB).
• Specify the server suffix. All entries in the directory will
have this suffix, which represents the root of the directory
tree. For example, with suffix dc=tripplite,dc=com, the fully
qualified name of all entries in the database will end with
dc=tripplite,dc=com.
• Define the name of the administrator entry for the server
(rootdn), along with its password (rootpw). This is the
server's super user. The rootdn name must match the suffix
defined above. (Since all entry names must end with the
defined suffix, and the rootdn is an entry)
An example configuration file is provided in the figure, below:
ucdata-path ./ucdata
include ./schema/core.schema
pidfile ./run/slapd.pid
argsfile ./run/slapd.args
database bdb
suffix "dc=eaton, dc=com"
rootdn "cn=Manager, dc=eaton, dc=com"
rootpw secret
directory ./data
Starting the OpenLDAP Server
To start the OpenLDAP Server, run slapd (the OpenLDAP
Server executable file) from the command line. slapd
supports a number of command line options, the most
important option is the d switch that triggers debug
information. For example, a command of slapd -d 256 would
start OpenLDAP with a debug level of 256, as shown in the
following screenshot:
Note: For details about slapd options and their meanings, refer to the
OpenLDAP documentation.
46
Customizing the OpenLDAP Schema
The schema that slapd uses may be extended to support
additional syntaxes, matching rules, attribute types, and
object classes. In the case of the B064-Series KVM Switch,
the B064-Series KVM Switch User class and the permission
attribute are extended to define a new schema. The extended
schema file used to authenticate and authorize users logging
in to the B064-Series KVM Switch is shown in the figure,
below:
attributetype(1.3.6.1.4.1.21317.1.1.4.2.2
Name 'B0064-032-01-IPH-AccessRight'
EQUALITY caseIgnore.Match
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1466.115.121.1.15
SINGLE-VALUE
)
objectclass(1.3.6.1.4.1.21317.1.1.4.1.2
NAME 'User'
SUP organizationalPerson
STRUCTURAL
MAY (B0064-032-01-IPH-AccessRight $userCertificate)
)
LDAP DIT Design and LDIF File
LDAP Data Structure
An LDAP Directory stores information in a tree structure
known as the Directory Information Tree (DIT). The nodes
in the tree are directory entries, and each entry contains
information in attribute-value form. An example of the LDAP
directory tree for the B064-Series KVM Switch is shown in the
figure below: