ApacheDS configuration of users and user groups to achieve SSO - server - newfreesoft.com

Home

PC Games

Linux

Windows

Database

Network

Programming

Server

Mobile


	Home \ Server \ ApacheDS configuration of users and user groups to achieve SSO			- Git Rebase Tutorial: Using Git Rebase turn back the clock (Linux) - Ubuntu 14.04 / 12.04 subscribe users to install software Liferea 1.10.10 (Linux) - CentOS 6.5 start ActiveMQ being given to solve (Server) - Linux static library generated Guide (Programming) - Cache implementation APP interacts with the server-side interface control Session (Server) - Ubuntu 14.04 installed NVIDIA graphics driver (Linux) - Linux regex sed detailing (Linux) - Linux ln command - create a file / directory link (Linux) - hexdump Linux command (Linux) - Graphical interface for the CentOS 6.4 installed and connected by remote VNC (Linux) - Ubuntu install virtual machine software VirtualBox 4.3.10 (Linux) - Example of use WebSocket (Programming) - Deepin Tutorial: Depth Description Installer expert mode (Linux) - Linux 0.12 kernel and modern kernels difference in memory management (Linux) - Ubuntu method for single-card dual-IP (Linux) - CentOS6.0 successful installation and configuration OpenCV (Linux) - Bootable ISO image using GRUB (Linux) - Linux cron job (crontab) Examples (Linux) - Ubuntu 14.04 VirtualBox can not start solution (Linux) - Android Studio and Git Git configuration file status (Linux)

	ApacheDS configuration of users and user groups to achieve SSO
	Add Date : 2017-01-08



	ApacheDS document more difficult to read, relatively obscure part of the definition of user rights, has been eating good hoe down. First, the useful information I saw the left: 1, the official documentation - Basic user manual: http: //directory.apache.org/apacheds/basic-user-guide.html describes the installation and basic operations, log on and so on. 2, the official documentation - Advanced User Guide: http: //directory.apache.org/apacheds/advanced-user-guide.html introduced the code is compiled, system architecture, service configuration and service access management, Tucao look here, really incomprehensible, and various TODO; 3, looks like an official document: http: //joacim.breiler.com/apacheds/book.html introduce a very detailed example is also very rich. 4, access control instance FR20_ApacheDS_Access_Control_Administration_The_X.500_Way.pdf Commonly used term analysis: DIT Directory Information Tree AA administrative areas AP administrative points AAA autonomous administrative area managed regional autonomy, all entities are unified management SAA specific administrative area-specific management area IAA inner administrative area internal management area SAP specific administrative point ACI Access Control Information Usually an entry is selected as the administrative point and marked with an operational attribute. The attributeType of the operational attribute is 'administrativeRole'. By adding an optional attribute to make the entity become a management point ACSA access control specific area Practical exercise demand: 1, LDAP super administrator to manage all the data on the LDAP; 2, anonymous users can view the user information; 3, the user is divided into development, testing and operation and maintenance of three groups; 4, through the user group authorization Instructions: 1, install ApacheDS server; Download: apacheds-2.0.0-M15-64bit.bin downloaded to the directory / home / apacheds / chmod + x * .bin /etc/init.d/apacheds-2.0.0-M15-default start This completes the installation and startup of ApacheDS 2, install Apache Directory Studio The use of Eclipse plug-ins, see http://directory.apache.org/studio/installation-in-eclipse.html, also supports the Eclipse market installation. 3, Connection and Configuration Switch to Eclipse LDAP view, New Connection hostname: 199.155.122.90 port: 10389 encryption method: nocryption (different encryption algorithms port Note) authentication method: simple user: uid = admin, ou = system passwd: secret (the default is the highest authority users) OpenConfiguration enable Access Control, anonymous login disabled Apacheds service restart to take effect 4, partition settings The default partition example, we delete it and create a new, this time to create dc = xxx.com 5, the new ou = users, new ou = groups. dn: ou = groups, dc = taotaosou.com objectClass: organizationalUnit objectClass: top ou: groups dn: ou = users, dc = taotaosou.com objectClass: organizationalUnit objectClass: top ou: users 6, the root directory to enable access control, add the key attribute administrativeRole dn: dc = taotaosou.com objectclass: domain objectclass: top dc: taotaosou.com administrativeRole: accessControlSpecificArea 7, add the anonymous read access dn: cn = enableAllUsersRead, dc = taotaosou.com objectClass: subentry objectClass: accessControlSubentry objectClass: top cn: enableAllUsersRead prescriptiveACI: {identificationTag "enableAllUsersRead", precedence 0, aut henticationLevel none, itemOrUserFirst userFirst: {userClasses {allUsers }, UserPermissions {{protectedItems {entry, allUserAttributeTypesAndValu es}, grantsAndDenials {grantCompare, grantFilterMatch, grantRead, grantRe turnDN, grantBrowse}}}}} subtreeSpecification: {} 8, add the user to modify the permissions profile dn: cn = allowSelfAccessAndModification, dc = taotaosou.com objectClass: subentry objectClass: accessControlSubentry objectClass: top cn: allowSelfAccessAndModification prescriptiveACI: {identificationTag "allowSelfAccessAndModification", prece dence 10, authenticationLevel simple, itemOrUserFirst userFirst: {userClas ses {thisEntry}, userPermissions {{protectedItems {entry, allUserAttri buteTypesAndValues}, grantsAndDenials {grantRemove, grantExport, grantCom pare, grantImport, grantRead, grantFilterMatch, grantModify, grantInvoke, g rantDiscloseOnError, grantRename, grantReturnDN, grantBrowse, grantAdd}} }}} subtreeSpecification: {} 9, add administrator privileges dn: cn = enableAdminSuper, dc = taotaosou.com objectClass: subentry objectClass: accessControlSubentry objectClass: top cn: enableAdminSuper prescriptiveACI: {identificationTag "enableAdminSuper", precedence 0, authe nticationLevel strong, itemOrUserFirst userFirst: {userClasses {userGroup { "Cn = administrator, ou = gourp, dc = taotaosou.com"}}, userPermissions {{pr otectedItems {entry, allUserAttributeTypesAndValues}, grantsAndDenials { grantRemove, grantExport, grantCompare, grantImport, grantRead, grantFilter Match, grantModify, grantInvoke, grantDiscloseOnError, grantRename, grantRe turnDN, grantBrowse, grantAdd}}}}} subtreeSpecification: {}



	More:
	- Fedora network set up simple (Linux) - DVD production using CentOS installation source within the company Yum (Linux) - Linux installation beautify early experience (Linux) - Linux unpack the tar file to a different directory (Linux) - 5 fast Node.js application performance tips (Programming) - Linux file and directory permissions settings (Linux) - Install Ubuntu text editor KKEdit 0.2.10 (Linux) - OpenGL Superb Learning Notes - Depth Texture and Shadows (Programming) - Elixir: the future of programming languages (Programming) - How to use Quagga BGP (Border Gateway Protocol) router to filter BGP routing (Linux) - 12 Linux Process Management Commands (Linux) - Oracle VirtualBox Problem Solving Case (Linux) - Linux common network tools: traceroute routing of scanned (Linux) - Ubuntu 14.04 and derivative versions of the user install Pantheon Photos 0.1 (Linux) - Linux System Getting Started Learning: Disable Ubuntu Apport internal error reporting procedures (Linux) - CentOS 6.7 compile and install LAMP (Server) - Linux command line ten magic usage (Linux) - Detailed iptables (Linux) - Mongo-connector integrated MongoD to achieve incremental Solr index (Server) - Java programmers talk about those advanced knowledge and direction (Programming)


	CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.