AIM - How to authenticate AIM users against OpenLDAP

AIM - How to authenticate AIM users against OpenLDAP

As specified in the Operations Topic, it is possible to authenticate AIM users through an LDAP server. The following procedure describes a basic way to install and configure OpenLDAP allowing authentication of AIM users.


1. Install a recent version of Red Hat Linux with Software Development. In this example, RHEL5U4 64-bits was used

2. Select an IP address and a hostname for the LDAP service and register them in DNS if desired.

3. Download OpenLDAP and Berkeley DB from these links:

OpenLDAP does not support BDB 5.x so the latest 4.x version is used. The dependency chart can be accessed here. .

4. Install Berkeley DB

tar -xvf db-4.8.30.tar.tar

cd db-4.8.30/build_unix



make install

5. Install OpenLDAP

tar -xzf openldap-2.4.23.tgz

cd openldap-2.4.23



LDFLAGS="-L/usr/local/lib -L/usr/local/BerkeleyDB.4.8/lib -R/usr/local/BerkeleyDB.4.8/lib"

export LDFLAGS




make depend


make install

6. Configure OpenLDAP

6a. Add a schema file (usr/local/etc/openldap/schema/local.schema) containing the Scalent role. Here is an example:

attributetype (
NAME 'role'
DESC 'role'

objectclass (
NAME 'scalentRole'
SUP inetOrgPerson
MAY ( role )

6b. Add the following lines to /usr/local/etc/openldap/slapd.conf in the include section:

include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/local.schema

6c. Edit the database definition in /usr/local/etc/openldap/slapd.conf with the information specific to your server. Here is an example:

database bdb
suffix "dc=dell,dc=com"
rootdn "cn=Manager,dc=dell,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw Aim4Dell
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data
# Indices to maintain
index objectClass eq

7. Add the ldap user and set the database ownership

useradd ldap

chown -R ldap:ldap /usr/local/var/openldap-data/

chown -R ldap:ldap /usr/local/etc/openldap/

chown ldap:ldap /usr/local/var/run

8. Configure OpenLDAP to start automatically

Copy the attached script (ldap) to /etc/init.d

chmod 755 /etc/init.d/ldap

chkconfig --add ldap

chkconfig ldap on

9. Start OpenLDAP

[root@ldapnc ~]# service ldap start
Starting slapd: [ OK ]

10. Add entries to the directory

10a. Add the organization

[root@ldapnc tmp]# cat organization.ldif
dn: dc=dell,dc=com
objectclass: dcObject
objectclass: organization
o: Dell
dc: dell

[root@ldapnc tmp]# ldapadd -x -D "cn=Manager,dc=dell,dc=com" -W -f organization.ldif

Enter LDAP Password:
adding new entry "dc=dell,dc=com"

10b. Add the organizationalRole

[root@ldapnc tmp]# cat organizationalRole.ldif
dn: cn=Manager,dc=dell,dc=com
objectclass: organizationalRole
cn: Manager

[root@ldapnc tmp]# ldapadd -x -D "cn=Manager,dc=dell,dc=com" -W -f organizationalRole.ldif

Enter LDAP Password:
adding new entry "cn=Manager,dc=dell,dc=com"

10c. Add the organizationUnit

[root@ldapnc tmp]# cat organizationalUnit.ldif
dn: ou=users,dc=dell,dc=com
objectClass: organizationalUnit
ou: users

[root@ldapnc tmp]# ldapadd -x -D "cn=Manager,dc=dell,dc=com" -W -f organizationalUnit.ldif
Enter LDAP Password:
adding new entry "ou=users,dc=dell,dc=com"

10d. Add a user

[root@ldapnc tmp]# cat user1.ldif
dn: uid=john.smith,ou=users,dc=dell,dc=com
role: ConsoleAccess,Admin
userPassword: M0tdePasse
uid: john,smith
objectclass: inetOrgPerson
objectClass: scalentRole
objectClass: simpleSecurityObject
sn: John Smith
cn: John Smith

[root@ldapnc tmp]# ldapadd -x -D "cn=Manager,dc=dell,dc=com" -W -f user1.ldif

Enter LDAP Password:
adding new entry "uid=john.smith,ou=users,dc=dell,dc=com"

11. Configure the controller to authenticate with the OpenLDAP server

11a. Add the following to the /var/opt/scalent/smc/conf/jetty-jaas.conf file (for earlier versions than 3.4) as specified in chapter 5 of the Operations Topic:

com.scalent.mi.ui.webauth.JAASLdapLoginModule sufficient

For 3.4 and later the file is /opt/dell/aim/smc/conf/jetty-jaas.conf: sufficient

This must be done on both controllers in a resilient configuration.

11b. If the LDAP service hostname was not added to DNS, add an entry in the controller host file

11c. Restart the controller(s)

12. Login to the controller with the user that was just added to the directory.

Quick Tips content is self-published by the Dell Support Professionals who resolve issues daily. In order to achieve a speedy publication, Quick Tips may represent only partial solutions or work-arounds that are still in development or pending further proof of successfully resolving an issue. As such Quick Tips have not been reviewed, validated or approved by Dell and should be used with appropriate caution. Dell shall not be liable for any loss, including but not limited to loss of data, loss of profit or loss of revenue, which customers may incur by following any procedure or advice set out in the Quick Tips.

ID de l'article : SLN61096

Date de la dernière modification : 12/17/2016 01:08 PM

Noter cet article

Facile à comprendre
Avez-vous trouvé cet article utile ?
Oui Non
Envoyez-nous vos commentaires
Les commentaires ne doivent pas contenir les caractères spéciaux : <>()\
Désolé, notre système de collecte des commentaires est actuellement indisponible. Veuillez réessayer ultérieurement.

Merci pour vos commentaires.