LDAP Tutorial: Add User Entries and Group Entries

by robin · Published June 8, 2016 · Updated June 13, 2016

Source: https://access.redhat.com/documentation/en-US/Fuse_MQ_Enterprise/7.1/html/Security_Guide/files/LDAP-AddUserEntries.html

Overview

The basic prerequisite for using LDAP authentication in the broker is to have an X.500 directory server running and configured with a collection of user entries and group entries. For users who are unfamiliar with X.500 directory servers, this section briefly describes how to create user entries and group entries using the Apache Directory Studio as an administrative tool.

Alternative approach

As an alternative to creating the user entries and group entries manually, as described here, you could create the entries by importing an LDIF file—for details, see Appendix B.

Steps to add a user entry

Perform the following steps to add a user entry to the directory server:

Ensure that the X.500 directory server is running (see Install Apache Directory Server).
Start the LDAP Browser, as follows:
- If you installed the standalone version of Apache Directory Studio, double-click the relevant icon to launch the application.
- If you installed the LDAP Browser plug-in into an existing Eclipse IDE, start Eclipse and open the LDAP perspective. To open the LDAP perspective, selectWindow|Open Perspective|Other and in the Open Perspective dialog, select LDAP and click OK.
Open a connection to the directory server. Right-click inside the Connections view in the lower left corner and select New Connection. The New LDAP Connection wizard opens.
Specify the network parameters for the new connection. In the Connection name field, enter Apache Directory Server. In the Hostname field enter the name of the host where the Apache Directory Server is running. In the Port field, enter the IP port of the directory server (for the default instance of the Apache directory server, this is 10389). Click Next.

Figure 5. New LDAP Connection Wizard
Enter the parameters for simple authentication. In the Bind DN or user field, enter the DN of the administrator’s account on the directory server (for the default instance of the Apache directory server, this is uid=admin,ou=system). In the Bind password field, enter the administrator’s password (for the default instance of the Apache directory server, the administrator’s password is secret). Click Finish.

Figure 6. Authentication Step of New LDAP Connection
If the connection is successfully established, you should see an outline of the Directory Information Tree (DIT) in the LDAP Browser view. In the LDAP Browserview, drill down to the ou=system node, as shown.
The next few steps describe how to create some new nodes to hold the user entries and group entries.Right-click on the ou=system node and select New|New Entry. The New Entry wizard appears.
In the Entry Creation Method pane, select the Create entry from scratch radiobutton. Click Next.
In the Object Classes pane, select organisationalUnit from the list of Available object classes on the left and then click Add to populate the list of Selected object classes. Click Next.

Figure 7. New Entry Wizard
In the Distinguished Name pane, complete the RDN field, putting ou in front and ActiveMQ after the equals sign. Click Next and then click Finish.

Figure 8. Distinguished Name Step of New Entry Wizard
In a similar manner as described in steps 710, by right-clicking on the ou=ActiveMQ node and invoking the New Entry wizard, create the followingorganisationalUnit nodes as children of the ou=ActiveMQ node:
```
ou=User,ou=ActiveMQ,ou=system
ou=Group,ou=ActiveMQ,ou=system
```
In the LDAP Browser window, you should now see the following tree:

Figure 9. DIT after Creating ActiveMQ, User, and Group Nodes
The next few steps describe how to create a jdoe user entry.Right-click on the ou=User node and select New|New Entry. The New Entry wizard appears.
In the Entry Creation Method pane, select the Create entry from scratch radiobutton. Click Next.
In the Object Classes pane, select inetOrgPerson from the list of Available object classes on the left and then click Add to populate the list of Selected object classes. Click Next.
In the Distinguished Name pane, complete the RDN field, putting uid in front and jdoe after the equals sign. Click Next.
Now fill in the mandatory attributes in the Attributes pane. Set the cn (common name) attribute to Jane Doe and the sn (surname) attribute to Doe.
Add a userPassword attribute in the Attributes pane. Right-click inside the list of attributes and select New Attribute. The New Attribute wizard appears.
From the Attribute type drop-down list, select userPassword. Click Finish.
The Password Editor dialog appears. In the Enter New Password field, enter the password, sunflower. Click Ok.

Figure 10. Attributes Step of New Entry Wizard
Click Finish, to close the New Entry wizard.
The next few steps describe how to create an admin user entry.Right-click on the ou=User node and select New|New Entry. The New Entry wizard appears.
In the Entry Creation Method pane, select the Create entry from scratch radiobutton. Click Next.
In the Object Classes pane, select both account and simpleSecurityObject from the list of Available object classes on the left and then click Add to populate the list of Selected object classes. Click Next.
In the Distinguished Name pane, complete the RDN field, putting uid in front and admin after the equals sign. Click Next.
You are now prompted to provide a password, through the Password Editor dialog. In the Enter New Password field, enter the password, sunflower. Click Ok.

Figure 11. Attributes Step of New Entry Wizard
Click Finish, to close the New Entry wizard.
The next few steps describe how to create the admins group entry.Right-click on the ou=Group node and select New|New Entry. The New Entry wizard appears.
In the Entry Creation Method pane, select the Create entry from scratch radiobutton. Click Next.
In the Object Classes pane, select groupOfNames from the list of Available object classes on the left and then click Add to populate the list of Selected object classes. Click Next.
In the Distinguished Name pane, complete the RDN field, putting cn in front and admins after the equals sign. Click Next.
You are now prompted to provide a value for the mandatory member attribute, through the DN Editor dialog. In the text field, enter the last part of the DN for theadmin user, uid=admin. Click Ok.

Figure 12. Attributes Step of New Entry Wizard
Click Finish, to close the New Entry wizard.
The next few steps describe how to create the users group entry.Right-click on the ou=Group node and select New|New Entry. The New Entry wizard appears.
In the Entry Creation Method pane, select the Create entry from scratch radiobutton. Click Next.
In the Object Classes pane, select groupOfNames from the list of Available object classes on the left and then click Add to populate the list of Selected object classes. Click Next.
In the Distinguished Name pane, complete the RDN field, putting cn in front and users after the equals sign. Click Next.
You are now prompted to provide a value for the mandatory member attribute, through the DN Editor dialog. In the text field, enter the last part of the DN for thejdoe user, uid=jdoe. Click Ok.
Click Finish, to close the New Entry wizard.
You should now be able to see the following tree in the LDAP Browser window:

Figure 13. Complete Tree of User Entries and Group Entries