...
SSH into your openLDAP server and create a new 'ldif' file. Example:
| Code Block |
|---|
dn: cn=JoeSmith,ou=people,dc=6connect,dc=com |
...
cn: JoeSmith |
...
sn: JoeSmith |
...
objectclass: top |
...
objectclass: person |
...
objectclass: sixConnectPermissionsV2 |
...
sixConnGroup: "Global Admins" |
...
sixConnGroup: "bonk" |
...
sixConnGroup: "poof" |
...
sixConnGroup: "grood" |
...
userPassword: testpass |
To create a new user, make a new ldif file and change all instances of "JoeSmith" to whatever username you wish to create and update the password. Keep all of the object class definitions as listed above. Add a sixConnGroup declaration for each ProVision user group a user is in.
After the file is created, run the following command to add the new user to LDAP server:
| Code Block |
|---|
ldapadd -h [SERVER] -x -f [LDIF FILE] -D [ROOTDN] -w [ROOT PW] -v |
Example:
| Code Block |
|---|
ldapadd -h localhost -x -f 6connect.ldif -D "cn=Manager,dc=6connect,dc=com" -w secret -v |
The user will now be active in openLDAP and can be used to login to ProVision.
...
To query the LDAP server, run the following command on any server which has openLDAP enabled:
| Code Block |
|---|
ldapsearch -h [IPADDRESS] -D [DOMAIN] -w [PASSWORD] |
...
[USER] |
Note: We have not been able to use a v6 address at with this tool, even though multiple sources say it should work.
At the end of the command where [USER] is specified, user or groups can be used (in LDAP format) to query.
Example:
| Code Block |
|---|
ldapsearch -h 50.240.195.129 -D "cn=JoeSmith,ou=people,dc=6connect,dc=com" -w testpass "cn=JoeSmith" |
...
|
Configure ProVision for LDAP Authentication
...