Filter
Top Products
168 Fabric OS Administrator’s Guide
53-1002745-02
Remote authentication
5
Assigning a user to a group
Before you can assign a user to a group, the memberOf overlay must be added to the slapd.conf
file. Refer to “Enabling group membership” on page 166 for details.
To create a group and assign a member:
1. In a .ldif file, create a “groupOfNames” objectClass entry with the name of the group, for
example, “admin,” to create a group.
2. Set a “member” attribute for the group instance to identify the member, as in this example:
“cn=Sachin,cn=Users,dc=mybrocade,dc=com”
Automatically the “memberOf” attribute of entry Sachin will have value
“cn=admin,ou=groups,dc=mybrocade,dc=com”, which assigns Sachin to the admin group.
3. Enter the ldapadd command.
For example, the .ldif file might contain something like the following:
#Groups in organization
dn: ou=groups,dc=mybrocade,dc=com
objectclass:organizationalunit
ou: groups
description: generic groups branch
dn: cn=admin,ou=groups,dc=mybrocade,dc=com
objectclass: groupofnames
cn: admin
description: Members having admin permission
#Add members for admin group
member: cn=sachin,cn=Users,dc=mybrocade,dc=com
Assigning the LDAP role to a switch role
Use the ldapCfg -–maprole ldap_role_name switch_role command to map LDAP server
permissions to one of the default roles available on a switch.
Modifying an entry
To modify a directory entry, perform the following steps:
1. Create a .ldif file containing the information to be modified.
2. Enter the ldapmodify -f filename command, where filename is the .ldif file you edited in step 1.
Example to delete a user attribute
1. Create or edit a .ldif file with an entry similar to the following.
#########Deleting an attr
#dn: cn=Sachin,cn=Users,dc=mybrocade,dc=com
#changetype: modify
#delete: memberof
2. Enter the following ldapmodify command, where test.ldif is the name of the file you edited in
step 1.
> ldapmodify -D cn=Sachin,dc=mybrocade,dc=com –x -w secret -f test.ldif