Documentation

User Tools

Site Tools

Trace: simple_db
simple_db

Simple DB

Reference

The following default entries are created when a Simple DB (LDAP) database is created. Entries under ou=Super User branch are not available for reading or modifications. 

dn: o=domain.com
objectClass: top
objectClass: organization
o: domain.com

dn: ou=People,o=domain.com
ou: People
objectClass: organizationalUnit
objectClass: top

dn: ou=Super Users,o=domain.com
ou: Super Users
objectClass: organizationalUnit
objectClass: top

dn: cn=Read,ou=Super Users,domain.com
member: uid=admin, ou=people, o=domain.com
member: cn=Read User, ou=Super Users, o=domain.com
cn: Read
objectClass: groupOfNames
objectClass: top

dn: cn=Suffix Manager,ou=Super Users,o=domain.com
givenName: Suffix
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
cn: Suffix Manager
sn: Manager

dn: cn=Read User,ou=Super Users,o=domain.com
givenName: Read
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
cn: Read User
sn: User

dn: uid=admin,ou=People,o=domain.com
givenName: Admin
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
uid: admin
cn: Admin
loginShell: /usr/bin/bash
sn: Account
gecos: Admin Account
homeDirectory: /home/admin
uidNumber: 1000
gidNumber: 10
preferredLanguage: en

dn: uid=guest,ou=People,o=domain.com
givenName: Guest
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
uid: guest
cn: Guest
loginShell: /usr/bin/bash
sn: Account
gecos: Guest Account
homeDirectory: /home/guest
uidNumber: 1001
gidNumber: 10
preferredLanguage: en

The root suffix in the above example is: o=example.com. Three user accounts that are created. Each have their own passwords. These are described below.

  • uid=guest,ou=People,o=domain.com has specific privileges to allow lookup of user entries one level below the ou=People branch. This user has access to read the following attributes.
    • objectClass
    • uid
    • cn
    • mail
  • uid=admin,ou=People,o=domain.com user has read access to the entire suffix.
  • cn=Suffix Manager,ou=Super Users,o=domain.com can be used to write data into the database.

Users that are created below ou=People have write access to everything below their own Bind DN (when logged in as themselves) with the exception of the uid attribute. This specific attribute can't be deleted or modified explicitly for entries directly below the ou=People branch.

simple_db.txt · Last modified: 2010/03/22 01:49 by admin

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki