Introduction:
1- Directory structure : our directory is an ldap directory and so it's'compliant with the ldap standard. Especially, it's'like a tree : you have a root, identified by an id (in our case, the root id is dc=corpldap,dc=atcsg,dc=net) and contains leafs (children) called mostly organizational unit (ou). In our case, we've 2 important ou, the groups (ou=groups,dc=corpldap,dc=atcsg,dc=net) and the people (ou=persons,dc=corpldap,dc=atcsg,dc=net).
The directory is like the folders hierarchy in Windows : ou are directories and the objects contained in the ou are the files. So, when you'd'like to search in a directory, you should say from where you want to search : so you should give what we call the base dn, and you should give this one in the ldapsearch command (base dn is identified by the -b option). If you want to search for groups, you need to give as base dn the ou where the groups are, in our case it's ou=groups,dc=corpldap,dc=atcsg,dc=net
The groups are identified by their common name (cn) : for example, cn=abc_groups. This id is unique in the groups ou.
The peoples are identified by their sgid. For example, sgid=R2538538.
This id is unique in the people ou.
All the objects are identified by the distinguished name (dn), which is like the full path of a file in Windows. This is unique in the directory.
For groups, the dn will be like : cn=abc_groups,ou=groups,dc=corpldap,dc=atcsg,dc=net
For people, the dn will be like stgosgi=XXXXXX,ou=people,dc=corpldap,dc=atcsg,dc=net
2- In Directory the fields are called "attribute". For example, the cn, the stgosgi and the dn are some attributes (as well as the sn - surname, givenname, etc).
The attributes could be multivalued (for example, a person could have several diploma, so the attribute for diploma could be multivalued)
When you do a ldapsearch command, you can put, at the end of the command, the attributes you'd'like to display
The attributes are part of object classes (objectclass) and they are defined there : the dn, cn are existing in the objectclass "top" for example. We've different object class, like "inetorgperson", "groupofuniquenames, "saintgobaincorporateperson", etc and all of them contains some attributes.
A person, can "belong" to one or more objectclasses. If you need a partticular attribute for a person, it should belong at least to the objectclass where this attribute is defined.
And those objectclasses are part of the whole description (the whole attributes) of a person. If you do an export of the person stgosgi=XXXXXX, you'll see all the objectclasses where this person is "belonging" too.
It's'the same for the groups...
3- To manage data in directory you can use either tools, like ldapbrowser, either commandline using ldapsearch, ldapadd, ldapmodify and ldapdelete commands.
The update commands can use as input an LDIF file, which is standardized file format.
The ldapsearch command can have as output an LDIF file also.
To import data into a directory you can use the ldapadd and give the LDIF file which contains the data to import.
In an LDIF file, the records are separated by a line and each record begin with the dn attribute and then contain all attributes (one attribute per line) of this object to import. For example, the ldif file for myself is something like :
dn: stgosgi=XXXXXXX,ou=people,dc=corpldap,dc=atcsg,dc=net
sn: abc
givenname: company
objectclass: top
objectclass: inetorgperson
objectclass: abccompanycorporateperson
.....
It's the same for all objects
So, in our case, we should create this ldif file then import it into the direcytory using the ldapadd command
In our case, for groups, the ldif file should be like:
dn:cn=app_final_1, ou=groups,dc=corpldap,dc=atcsg,dc=net
uniquemember: stgosgi=XXXXXXX,ou=people,...
uniquemember: stgosgi=X
......
1- Directory structure : our directory is an ldap directory and so it's'compliant with the ldap standard. Especially, it's'like a tree : you have a root, identified by an id (in our case, the root id is dc=corpldap,dc=atcsg,dc=net) and contains leafs (children) called mostly organizational unit (ou). In our case, we've 2 important ou, the groups (ou=groups,dc=corpldap,dc=atcsg,dc=net) and the people (ou=persons,dc=corpldap,dc=atcsg,dc=net).
The directory is like the folders hierarchy in Windows : ou are directories and the objects contained in the ou are the files. So, when you'd'like to search in a directory, you should say from where you want to search : so you should give what we call the base dn, and you should give this one in the ldapsearch command (base dn is identified by the -b option). If you want to search for groups, you need to give as base dn the ou where the groups are, in our case it's ou=groups,dc=corpldap,dc=atcsg,dc=net
The groups are identified by their common name (cn) : for example, cn=abc_groups. This id is unique in the groups ou.
The peoples are identified by their sgid. For example, sgid=R2538538.
This id is unique in the people ou.
All the objects are identified by the distinguished name (dn), which is like the full path of a file in Windows. This is unique in the directory.
For groups, the dn will be like : cn=abc_groups,ou=groups,dc=corpldap,dc=atcsg,dc=net
For people, the dn will be like stgosgi=XXXXXX,ou=people,dc=corpldap,dc=atcsg,dc=net
2- In Directory the fields are called "attribute". For example, the cn, the stgosgi and the dn are some attributes (as well as the sn - surname, givenname, etc).
The attributes could be multivalued (for example, a person could have several diploma, so the attribute for diploma could be multivalued)
When you do a ldapsearch command, you can put, at the end of the command, the attributes you'd'like to display
The attributes are part of object classes (objectclass) and they are defined there : the dn, cn are existing in the objectclass "top" for example. We've different object class, like "inetorgperson", "groupofuniquenames, "saintgobaincorporateperson", etc and all of them contains some attributes.
A person, can "belong" to one or more objectclasses. If you need a partticular attribute for a person, it should belong at least to the objectclass where this attribute is defined.
And those objectclasses are part of the whole description (the whole attributes) of a person. If you do an export of the person stgosgi=XXXXXX, you'll see all the objectclasses where this person is "belonging" too.
It's'the same for the groups...
3- To manage data in directory you can use either tools, like ldapbrowser, either commandline using ldapsearch, ldapadd, ldapmodify and ldapdelete commands.
The update commands can use as input an LDIF file, which is standardized file format.
The ldapsearch command can have as output an LDIF file also.
To import data into a directory you can use the ldapadd and give the LDIF file which contains the data to import.
In an LDIF file, the records are separated by a line and each record begin with the dn attribute and then contain all attributes (one attribute per line) of this object to import. For example, the ldif file for myself is something like :
dn: stgosgi=XXXXXXX,ou=people,dc=corpldap,dc=atcsg,dc=net
sn: abc
givenname: company
objectclass: top
objectclass: inetorgperson
objectclass: abccompanycorporateperson
.....
It's the same for all objects
So, in our case, we should create this ldif file then import it into the direcytory using the ldapadd command
In our case, for groups, the ldif file should be like:
dn:cn=app_final_1, ou=groups,dc=corpldap,dc=atcsg,dc=net
uniquemember: stgosgi=XXXXXXX,ou=people,...
uniquemember: stgosgi=X
......
No comments:
Post a Comment