This page contains a Flash digital edition of a book.
Customizing Apple’s Open Directory for the Enterprise
1500:
access to dn.subtree=”ou=stc,ou=bl-uits,ou=bl,dc=ods,dc=iu,dc=edu”

by group/posixGroup/memberUid="cn=admin,cn=groups,ou=stc,ou=bl-uits,ou=bl,dc=ods,dc=iu,dc=edu" write

by group/posixGroup/memberUid="cn=admin,cn=groups,dc=ods,dc=iu,dc=edu" write

by * read
You can use Workgroup Manager, ldapmodify, or phpLDAPadmin to add directives. The
following is the file (acl.ldif) for the ldapmodify method:
dn: cn=default,cn=accesscontrols,dc=ods,dc=iu,dc=edu
changetype: modify
add: apple-acl-entry
apple-acl-entry: 1500:access to dn.subtree="ou=stc,ou=bl-uits,ou=bl,dc=ods,dc=iu,dc=edu"
by group/posixGroup/memberUid="cn=admin,cn=groups,ou=stc,ou=bl-
uits,ou=bl,dc=ods,dc=iu,dc=edu" write
by group/posixGroup/memberUid="cn=admin,cn=groups,dc=ods,dc=iu,dc=edu" write
by * read
Note that the apple-acl-entry should be on a single line (no returns). Here is the corre-
sponding command:
$ ldapmodify -x -D "uid=diradmin,cn=users,dc=ods,dc=iu,dc=edu" -W -f acl.ldif
For more information on OpenLDAP’s access controls, see `man slapd.access` and
<http://www.openldap.org/doc/admin22/slapdconfig.html#Access Control>.
OU Administration
Workgroup Manager
Now that everything is set up, how can local administrators use Workgroup Manager to
create groups, computer lists, and managed preferences in their own OUs?
Normally, one would connect directly to the Open Directory server to manage the users,
groups, computers, etc. (Figure 12).
Figure 12. Standard “Connect…” dialog in Workgroup Manager
This can still be done by the directory administrator (diradmin), but it will only modify the
containers at the root level of the tree (the default configuration). There is no facility
within Workgroup Manager to transverse the directory tree, but we can use a certain
feature to get around this limitation.
20
Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24
Produced with Yudu - www.yudu.com