====== SunOne Directory Server ======
===== Administration =====
==== SSL ====
===Initialize the database===
# ./shared/bin/certutil -N -d alias -P slapd-
===Import the CA certificate===
# ./shared/bin/certutil -A -n "" -t "CT,c,c" -i /tmp/cacert.pem -d -P slapd-
=== Create a CSR ===
# ./shared/bin/certutil -R -s "cn=" -a -d -P slapd-
=== Import a certificate ===
# ./shared/bin/certutil -A -n "" -t "u,," -a -i /tmp/sunone.pem -d alias -P slapd-
=== List certificates ===
# ./shared/bin/certutil -d alias -L -P slapd-
==== Backup, restore ====
=== Backup ===
# cd /slapd-
# ./db2ldif -s ''
===== ACI =====
* Prevent an OU to be read by anonymous user
aci: (targetattr != "userPassword || passwordHistory || passwordExpirationTime
|| passwordExpWarned || passwordRetryCount || retryCountResetTime || accountU
nlockTime || passwordAllowChangeTime ")(target != "ldap:///ou=contacts,ou=Peo
ple, dc=asyd, dc=net") (version 3.0; acl "Anonymous access"; allow (read, sea
rch, compare)userdn = "ldap:///anyone";)
* Grant to a group all access to a single OU
aci: (targetattr = "*")(target="ldap:///ou=People,dc=asyd,dc=net")(version 3.0
;acl "Write access to bureau"; allow (all) groupdn="ldap:///cn=Bureau,ou=Grou
ps,dc=asyd,dc=net";)
The (targetattr = "*") is **required**
~~DISCUSSION~~