Home Contact Download

asyd.net

Welcome to Bruno Bonfils's (aka asyd homepage).
Trace: » sunone

SunOne Directory Server

Administration

SSL

Initialize the database

# ./shared/bin/certutil -N -d alias -P slapd-<instance>

Import the CA certificate

# ./shared/bin/certutil -A -n "<name>" -t "CT,c,c" -i /tmp/cacert.pem -d <directory> -P slapd-<instance>

Create a CSR

# ./shared/bin/certutil -R -s "cn=<dns name>" -a -d <directory> -P slapd-<instance>

Import a certificate

# ./shared/bin/certutil -A -n "<name>" -t "u,," -a -i /tmp/sunone.pem -d alias -P slapd-<instance>

List certificates

# ./shared/bin/certutil -d alias -L -P slapd-<instance>

Backup, restore

Backup

# cd <prefix>/slapd-<instance>
# ./db2ldif -s '<suffix>'

ACI

  • Prevent an OU to be read by anonymous user
aci: (targetattr != "userPassword || passwordHistory || passwordExpirationTime
 || passwordExpWarned || passwordRetryCount || retryCountResetTime || accountU
 nlockTime || passwordAllowChangeTime ")(target != "ldap:///ou=contacts,ou=Peo
 ple, dc=asyd, dc=net") (version 3.0; acl "Anonymous access"; allow (read, sea
 rch, compare)userdn = "ldap:///anyone";)
  • Grant to a group all access to a single OU 
aci: (targetattr = "*")(target="ldap:///ou=People,dc=asyd,dc=net")(version 3.0
 ;acl "Write access to bureau"; allow (all) groupdn="ldap:///cn=Bureau,ou=Grou
 ps,dc=asyd,dc=net";)

The (targetattr = “*”) is required

Discussion