LDIF for ADLDS (Active Directory Lightweight Directory Services)

[Graz]

I've just started trying out PWM.

I've got it to work well with ApacheDS by using \supplemental\ldif\ApacheDS-schema.ldif to set up a dev directory.

But our production system is going to use ADLDS (Active Directory Lightweight Directory Services). Although it says in the Administration Guide that "Because many AD sites find extending the AD schema to be impractical, the recommended approach for AD integration is to use an RDBMs database to store user's challenge/response answers." as we have not yet finalised our schema, we are in the position of being able to add any required PWM attributes to the ADLDS schema.

But our Active Directory administrators would like me to supply them with an LDIF file to add the required attributes.

Does such a file exist? I couldn't find any in the installation.

BTW, I also noticed there is a reference in the Administrator's guide to /etc/
ldap/slapd.conf for OpenLDAP. I can't locate that either.

Thanks

Graz

[Menno Pieters]

Hi,

On Mon, Aug 20, 2012 at 5:50 PM, Graz <graham...@johnlewis.co.uk> wrote:

I've just started trying out PWM.

I've got it to work well with ApacheDS by using \supplemental\ldif\ApacheDS-schema.ldif to set up a dev directory.

But our production system is going to use ADLDS (Active Directory Lightweight Directory Services).  Although it says in the Administration Guide that "Because many AD sites find extending the AD schema to be impractical, the recommended approach for AD integration is to use an RDBMs database to store user's challenge/response answers." as we have not yet finalised our schema, we are in the position of being able to add any required PWM attributes to the ADLDS schema.

You need to add the following attributes:

• pwmEventLog: Octet String / 1.3.6.1.4.1.1466.115.121.1.40
  
• pwmResponseSet: Octet String / 1.3.6.1.4.1.1466.115.121.1.40
  
• pwmLastPwdUpdate: Generalized Time / 1.3.6.1.4.1.1466.115.121.1.24, single value
  
• pwmGUID (optional, depending on settings): Directory String / 1.3.6.1.4.1.1466.115.121.1.15, single value
  

And an auxiliary object class:

• pwmUser

You can rename all of these if you like, but you need to reconfigure PWM for that. These are the default names.

 I don't have a schema LDIF for you, but I assume you could just create these attributes and class through the GUI and export one. Contributions are welcome ;-)

Regards,

Menno

But our Active Directory administrators would like me to supply them with an LDIF file to add the required attributes.

Does such a file exist?  I couldn't find any in the installation.

BTW, I also noticed there is a reference in the Administrator's guide to /etc/
ldap/slapd.conf for OpenLDAP.  I can't locate that either.

Thanks

Graz

--
You received this message because you are subscribed to the Google Groups "pwm-general" group.
To post to this group, send email to pwm-g...@googlegroups.com.
To unsubscribe from this group, send email to pwm-general...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/pwm-general/-/WOKoF3U-c78J.
For more options, visit https://groups.google.com/groups/opt_out.