\documentclass{ictlab} % Copyright (c) 2003 by Nick Urbanik . % This material may be distributed only subject to the terms and % conditions set forth in the Open Publication License, v1.0 or later % (the latest version is presently available at % http://www.opencontent.org/openpub/). \RCS $Revision: 1.2 $ \usepackage{verbatim,alltt,key,xr,biganswerbox} \usepackage[hang,bf,nooneline]{caption2} \ifx\pdftexversion\undefined \else \usepackage[pdfpagemode=None,pdfauthor={Nick Urbanik}]{hyperref} \fi \externaldocument[ls-]{../../lectures/ldap/ldap-slides} \renewcommand*{\bs}{\texttt{\char '134}} % Backslash `\' \newcommand*{\labTitle}{LDAP Operations} \providecommand*{\SNMP}{\acro{SNMP}\xspace} \providecommand*{\MIB}{\acro{MIB}\xspace} \providecommand*{\ID}{\acro{ID}\xspace} \providecommand*{\OID}{\acro{OID}\xspace} \providecommand*{\USM}{\acro{USM}\xspace} \providecommand*{\VACM}{\acro{VACM}\xspace} \renewcommand{\floatpagefraction}{0.75} % default is .5, to increase % density. \renewcommand*{\bottomfraction}{0.6} % default is 0.3 \renewcommand*{\topfraction}{0.85} % default is 0.7 \renewcommand*{\textfraction}{0.1} % default is 0.2 \begin{document} \section{Aims} \label{sec:aims} After you've successfully completed this workshop activity you will be able to: \begin{itemize} \item Make simple searches of an \LDAP directory, understanding the basic search parameters base, scope and attribute list; \item Understand how the \LDAP bind operation works, and \item Be able to apply the bind operation to modifying your own directory entry; \item Modify your directory entry using correct \LDIF together with the \texttt{ldapmodify} \LDAP utility \item Begin to understand \LDAP filters. \end{itemize} \section{Procedure} \label{sec:procedure} \begin{enumerate} \item First, let's set up \texttt{yum} to use local software rather than download updates from the United States\@. This will speed up \texttt{yum} many times. \begin{enumerate} \item Get a copy of the \texttt{yum.conf} file on our web site: \begin{alltt} $ \textbf{cd /tmp} $ \textbf{unset http_proxy} $ \textbf{wget -nH -nd http://ictlab/snm/lab/yum.conf-rh9} \end{alltt}%$ or just shift click on the link in the subject web site and save to the \texttt{/tmp} directory, \item \ldots\,and copy it to the \texttt{/etc} directory: \begin{alltt} $ \textbf{sudo cp /tmp/yum.conf-rh9 /etc/yum.conf} \end{alltt}%$ \end{enumerate} \item Now install the ldap utilities if they are not already installed: \begin{alltt} $ \textbf{sudo yum -y install openldap\bs*} \end{alltt}%$ \begin{explanation} While you're at it, it's a good idea to apply all the updates, and make sure your computer updates them itself in the future: \begin{alltt} $ \textbf{sudo chkconfig yum on} $ \textbf{sudo yum -y update} \end{alltt} Leave that running in the background while you get on with the other activities. \end{explanation} \item Search for your entry in the local ldap server, \texttt{ldap.tyict.vtc.edu.hk}. Note that your Linux system should search this by default. You can do that with a command like: \begin{alltt} $ \textbf{ldapsearch -x '(uid=\meta{user id})'} \end{alltt}%$ Note that this is equivalent to: \begin{alltt} $ \textbf{ldapsearch -x -b 'dc=tyict,dc=vtc,dc=edu,dc=hk' '(uid=\meta{user id})'} \end{alltt}%$ \item What scope did you use in the last search? Now write a suitable command to search for your own entry using a: \begin{enumerate} \item base level scope \begin{biganswerbox}[0.9cm]% \begin{solution}% \begin{alltt} $ \textbf{ldapsearch -x -s base \bs -b 'uid=\meta{user id},ou=People,dc=tyict,dc=vtc,dc=edu,dc=hk' \bs '(uid=\meta{user id})}' \end{alltt}%$ \end{solution} \end{biganswerbox} \item one level scope \begin{biganswerbox}[0.9cm]% \begin{solution}% \begin{alltt} $ \textbf{ldapsearch -x -s one \bs -b 'ou=People,dc=tyict,dc=vtc,dc=edu,dc=hk' \bs '(uid=\meta{user id})}' \end{alltt}%$ \end{solution} \end{biganswerbox} \item subtree scope \begin{biganswerbox}[0.9cm]% \begin{solution}% \begin{alltt} $ \textbf{ldapsearch -x -s sub \bs -b 'dc=tyict,dc=vtc,dc=edu,dc=hk' '(uid=\meta{user id})}' \end{alltt}%$ or simply, \begin{alltt} $ \textbf{ldapsearch -x '(uid=\meta{user id})'} \end{alltt}%$ since subtree scope is the default. \end{solution} \end{biganswerbox} \end{enumerate} \item \label{que:vtc-dn}Search for your \LDAP entry in the \VTC's \LDAP server in Wood Road\@. The base for your search can be \texttt{dc=vtc.edu.hk}. The name of the server is \texttt{ldap.vtc.edu.hk}. Write down the \texttt{ldapsearch} command you used, and the \DN of your entry: \begin{biganswerbox}[0.9cm]% \begin{solution}% \begin{alltt} $ \textbf{ldapsearch -x -s sub -b 'dc=vtc.edu.hk' -h ldap.vtc.edu.hk \bs '(uid=\meta{user id})'} dn: uid=\meta{user id},ou=ICT,ou=TY,o=ftstudent,dc=vtc.edu.hk \end{alltt}%$ \end{solution} \end{biganswerbox} \item Read slide~\S\pageref{ls-sld:ldapmodify-ldif} in the lecture notes, and read \texttt{man ldapmodify}. Then \emph{bind} to the \LDAP server \texttt{vtc.edu.hk}, using your own distinguished name (found in question~\vref{que:vtc-dn}) and password. Of course, you will need to use the password for that directory (the one you access your email by). \begin{enumerate} \item First, add an attribute \texttt{description}. Write your \texttt{ldapmodify} command and the \LDIF you used. I will be checking who has done this exercise! \begin{biganswerbox}[4cm]% \begin{solution}% \begin{alltt} $ \textbf{ldapmodify -x -h ldap.vtc.edu.hk \bs -D 'uid=\meta{user id},ou=ICT,ou=TY,o=ftstudent,dc=vtc.edu.hk' \bs -w \meta{your_password} dn: uid=nicku,ou=ICT,ou=TY,o=staff,dc=vtc.edu.hk changetype: modify add: description description: Likes system administration} \end{alltt}%$ \end{solution} \end{biganswerbox} \item Next, \emph{modify} the attribute you just added, and change its value to some different text. Write the \LDIF you used: \begin{biganswerbox}[4cm]% \begin{solution}% \begin{alltt} $ \textbf{ldapmodify -x -h ldap.vtc.edu.hk \bs -D 'uid=\meta{user id},ou=ICT,ou=TY,o=ftstudent,dc=vtc.edu.hk' \bs -w \meta{your_password} dn: uid=nicku,ou=ICT,ou=TY,o=staff,dc=vtc.edu.hk changetype: modify replace: description description: Likes system administration and network management.} \end{alltt}%$ \end{solution} \end{biganswerbox} \end{enumerate} \end{enumerate} \end{document}