Exacq exacqVision Server/Client OS: Linux OpenLDAP User Manual User Manual

Ubuntu linux server & client and openldap/kerberos, Configuration

Advertising
background image

Ubuntu Linux Server & Client and OpenLDAP/Kerberos


www.e

x

acq.com

+1.317.845.5710
+44.1438.310163

USA (Corporate Headquarters)
Europe/Middle East/Asia

Page 1 of 5

12/1/2011


1

Configuration


The following process allows you to configure exacqVision permissions and privileges for accounts that exist on an
OpenLDAP/Kerberos server:

1. On the OpenLDAP/Kerberos server, ensure that your installed schema includes the following object types:

inetOrgPerson (RFC 2798)

organization (RFC 2256)

krbPrincipalAux (provided by the Ubuntu krb5-kdc-ldap package)

2. On the OpenLDAP/Kerberos server, ensure that your user accounts exist as inetOrgPerson objects, and that each account is

also marked with the krbPrincipalAux auxiliary object type. Ensure that each user account has the following attribute
values:

cn -- the user account's display name (for example, "John Smith").

krbPrincipalName -- the user account's Kerberos principal name (for example, "john.smith@REALM").

entryUUID -- the unique identifier for the user account, managed by the slapd daemon

3. On the OpenLDAP/Kerberos server, ensure that your user groups exist as organization objects and that each group has the

following attribute values:

o -- the group's display name (for example, "Marketing")

entryUUID -- the unique identifier for the group, managed by the slapd daemon

4. On the OpenLDAP/Kerberos server, ensure that your user accounts are associated with groups via an "o" attribute for each

group. Each inetOrgPerson object can have as many associated "o" attribute values as desired. The attribute value should
resemble "o=Engineers", for example, instead of "o=Engineers,dc=exacq,dc=test,dc=com."

If installing an exacqVision server, complete steps 5 through 10. Otherwise, skip to step 11.

5. On the exacqVision server or client computer, configure your DNS domain name. Configure the hostname file with your

fully qualified host name, as in the following example:

/etc/hostname
evserver.exacq.test.com.

6. Edit your hosts file with your fully qualified host name preceding localhost, as in the following example:

/etc/hosts
127.0.0.1 evserver.exacq.test.com localhost

7. Restart the system.

8. Open a terminal window and confirm the fully qualified host name using the following command:

dnsdomainname --fqdn

Advertising
See also other documents in the category Exacq Accessories for video: