Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Server \ ApacheDS configuration of users and user groups to achieve SSO     - Git Rebase Tutorial: Using Git Rebase turn back the clock (Linux)

- Ubuntu 14.04 / 12.04 subscribe users to install software Liferea 1.10.10 (Linux)

- CentOS 6.5 start ActiveMQ being given to solve (Server)

- Linux static library generated Guide (Programming)

- Cache implementation APP interacts with the server-side interface control Session (Server)

- Ubuntu 14.04 installed NVIDIA graphics driver (Linux)

- Linux regex sed detailing (Linux)

- Linux ln command - create a file / directory link (Linux)

- hexdump Linux command (Linux)

- Graphical interface for the CentOS 6.4 installed and connected by remote VNC (Linux)

- Ubuntu install virtual machine software VirtualBox 4.3.10 (Linux)

- Example of use WebSocket (Programming)

- Deepin Tutorial: Depth Description Installer expert mode (Linux)

- Linux 0.12 kernel and modern kernels difference in memory management (Linux)

- Ubuntu method for single-card dual-IP (Linux)

- CentOS6.0 successful installation and configuration OpenCV (Linux)

- Bootable ISO image using GRUB (Linux)

- Linux cron job (crontab) Examples (Linux)

- Ubuntu 14.04 VirtualBox can not start solution (Linux)

- Android Studio and Git Git configuration file status (Linux)

  ApacheDS configuration of users and user groups to achieve SSO
  Add Date : 2017-01-08      
  ApacheDS document more difficult to read, relatively obscure part of the definition of user rights, has been eating good hoe down.

First, the useful information I saw the left:

1, the official documentation - Basic user manual: http: //directory.apache.org/apacheds/basic-user-guide.html describes the installation and basic operations, log on and so on.

2, the official documentation - Advanced User Guide: http: //directory.apache.org/apacheds/advanced-user-guide.html introduced the code is compiled, system architecture, service configuration and service access management, Tucao look here, really incomprehensible, and various TODO;

3, looks like an official document: http: //joacim.breiler.com/apacheds/book.html introduce a very detailed example is also very rich.

4, access control instance FR20_ApacheDS_Access_Control_Administration_The_X.500_Way.pdf

Commonly used term analysis:

DIT Directory Information Tree
AA administrative areas
AP administrative points

AAA autonomous administrative area managed regional autonomy, all entities are unified management
SAA specific administrative area-specific management area
IAA inner administrative area internal management area

SAP specific administrative point
ACI Access Control Information

Usually an entry is selected as the administrative point and marked with an operational attribute. The attributeType of the operational attribute is 'administrativeRole'.
By adding an optional attribute to make the entity become a management point

ACSA access control specific area

Practical exercise


1, LDAP super administrator to manage all the data on the LDAP;

2, anonymous users can view the user information;

3, the user is divided into development, testing and operation and maintenance of three groups;

4, through the user group authorization


1, install ApacheDS server;

Download: apacheds-2.0.0-M15-64bit.bin downloaded to the directory / home / apacheds /

chmod + x * .bin

/etc/init.d/apacheds-2.0.0-M15-default start

This completes the installation and startup of ApacheDS

2, install Apache Directory Studio

The use of Eclipse plug-ins, see http://directory.apache.org/studio/installation-in-eclipse.html, also supports the Eclipse market installation.

3, Connection and Configuration

Switch to Eclipse LDAP view, New Connection

hostname: port: 10389 encryption method: nocryption (different encryption algorithms port Note)

authentication method: simple user: uid = admin, ou = system passwd: secret (the default is the highest authority users)

OpenConfiguration enable Access Control, anonymous login disabled

Apacheds service restart to take effect

4, partition settings

The default partition example, we delete it and create a new, this time to create dc = xxx.com

5, the new ou = users, new ou = groups.

dn: ou = groups, dc = taotaosou.com
objectClass: organizationalUnit
objectClass: top
ou: groups


dn: ou = users, dc = taotaosou.com
objectClass: organizationalUnit
objectClass: top
ou: users

6, the root directory to enable access control, add the key attribute administrativeRole

dn: dc = taotaosou.com
objectclass: domain
objectclass: top
dc: taotaosou.com
administrativeRole: accessControlSpecificArea

7, add the anonymous read access

dn: cn = enableAllUsersRead, dc = taotaosou.com
objectClass: subentry
objectClass: accessControlSubentry
objectClass: top
cn: enableAllUsersRead
prescriptiveACI: {identificationTag "enableAllUsersRead", precedence 0, aut
 henticationLevel none, itemOrUserFirst userFirst: {userClasses {allUsers
 }, UserPermissions {{protectedItems {entry, allUserAttributeTypesAndValu
 es}, grantsAndDenials {grantCompare, grantFilterMatch, grantRead, grantRe
 turnDN, grantBrowse}}}}}
subtreeSpecification: {}

8, add the user to modify the permissions profile

dn: cn = allowSelfAccessAndModification, dc = taotaosou.com
objectClass: subentry
objectClass: accessControlSubentry
objectClass: top
cn: allowSelfAccessAndModification
prescriptiveACI: {identificationTag "allowSelfAccessAndModification", prece
 dence 10, authenticationLevel simple, itemOrUserFirst userFirst: {userClas
 ses {thisEntry}, userPermissions {{protectedItems {entry, allUserAttri
 buteTypesAndValues}, grantsAndDenials {grantRemove, grantExport, grantCom
 pare, grantImport, grantRead, grantFilterMatch, grantModify, grantInvoke, g
 rantDiscloseOnError, grantRename, grantReturnDN, grantBrowse, grantAdd}}
subtreeSpecification: {}

9, add administrator privileges

dn: cn = enableAdminSuper, dc = taotaosou.com
objectClass: subentry
objectClass: accessControlSubentry
objectClass: top
cn: enableAdminSuper
prescriptiveACI: {identificationTag "enableAdminSuper", precedence 0, authe
 nticationLevel strong, itemOrUserFirst userFirst: {userClasses {userGroup
  { "Cn = administrator, ou = gourp, dc = taotaosou.com"}}, userPermissions {{pr
 otectedItems {entry, allUserAttributeTypesAndValues}, grantsAndDenials {
 grantRemove, grantExport, grantCompare, grantImport, grantRead, grantFilter
 Match, grantModify, grantInvoke, grantDiscloseOnError, grantRename, grantRe
 turnDN, grantBrowse, grantAdd}}}}}
subtreeSpecification: {}
- Fedora network set up simple (Linux)
- DVD production using CentOS installation source within the company Yum (Linux)
- Linux installation beautify early experience (Linux)
- Linux unpack the tar file to a different directory (Linux)
- 5 fast Node.js application performance tips (Programming)
- Linux file and directory permissions settings (Linux)
- Install Ubuntu text editor KKEdit 0.2.10 (Linux)
- OpenGL Superb Learning Notes - Depth Texture and Shadows (Programming)
- Elixir: the future of programming languages (Programming)
- How to use Quagga BGP (Border Gateway Protocol) router to filter BGP routing (Linux)
- 12 Linux Process Management Commands (Linux)
- Oracle VirtualBox Problem Solving Case (Linux)
- Linux common network tools: traceroute routing of scanned (Linux)
- Ubuntu 14.04 and derivative versions of the user install Pantheon Photos 0.1 (Linux)
- Linux System Getting Started Learning: Disable Ubuntu Apport internal error reporting procedures (Linux)
- CentOS 6.7 compile and install LAMP (Server)
- Linux command line ten magic usage (Linux)
- Detailed iptables (Linux)
- Mongo-connector integrated MongoD to achieve incremental Solr index (Server)
- Java programmers talk about those advanced knowledge and direction (Programming)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.