LibraryToggle FramesPrintFeedback
Prev   Next

Tutorial: Add User Entries and Group Entries

The basic prerequisite for using LDAP authentication in the broker is to have an X.500 directory server running and configured with a collection of user entries and group entries. For users who are unfamiliar with X.500 directory servers, this section briefly describes how to create user entries and group entries using the Apache Directory Studio as an administrative tool.

As an alternative to creating the user entries and group entries manually, as described here, you could create the entries by importing an LDIF file—for details, see Appendix B.

Perform the following steps to add a user entry to the directory server:

  1. Ensure that the X.500 directory server is running (see Install Apache Directory Server).

  2. Start the LDAP Browser, as follows:

    • If you installed the standalone version of Apache Directory Studio, double-click the relevant icon to launch the application.

    • If you installed the LDAP Browser plug-in into an existing Eclipse IDE, start Eclipse and open the LDAP perspective. To open the LDAP perspective, select Window|Open Perspective|Other and in the Open Perspective dialog, select LDAP and click OK.

  3. Open a connection to the directory server. Right-click inside the Connections view in the lower left corner and select New Connection. The New LDAP Connection wizard opens.

  4. Specify the network parameters for the new connection. In the Connection name field, enter Apache Directory Server. In the Hostname field enter the name of the host where the Apache Directory Server is running. In the Port field, enter the IP port of the directory server (for the default instance of the Apache directory server, this is 10389). Click Next.

    Figure 6.1. New LDAP Connection Wizard

    LDAP connection wizard

  5. Enter the parameters for simple authentication. In the Bind DN or user field, enter the DN of the administrator's account on the directory server (for the default instance of the Apache directory server, this is uid=admin,ou=system). In the Bind password field, enter the administrator's password (for the default instance of the Apache directory server, the administrator's password is secret). Click Finish.

    Figure 6.2. Authentication Step of New LDAP Connection

    form for adding LDAP connection information

  6. If the connection is successfully established, you should see an outline of the Directory Information Tree (DIT) in the LDAP Browser view. In the LDAP Browser view, drill down to the ou=system node, as shown.

    directory information tree in the LDAP browser

  7. The next few steps describe how to create some new nodes to hold the user entries and group entries.

    Right-click on the ou=system node and select New|New Entry. The New Entry wizard appears.

  8. In the Entry Creation Method pane, select the Create entry from scratch radiobutton. Click Next.

  9. In the Object Classes pane, select organisationalUnit from the list of Available object classes on the left and then click Add to populate the list of Selected object classes. Click Next.

    Figure 6.3. New Entry Wizard

    form for adding a new object

  10. In the Distinguished Name pane, complete the RDN field, putting ou in front and ActiveMQ after the equals sign. Click Next and then click Finish.

    Figure 6.4. Distinguished Name Step of New Entry Wizard

    form for adding a DN to an object

  11. In a similar manner as described in steps 7–10, by right-clicking on the ou=ActiveMQ node and invoking the New Entry wizard, create the following organisationalUnit nodes as children of the ou=ActiveMQ node:

    ou=User,ou=ActiveMQ,ou=system
ou=Group,ou=ActiveMQ,ou=system

    In the LDAP Browser window, you should now see the following tree:

    Figure 6.5. DIT after Creating ActiveMQ, User, and Group Nodes

    DIT after Creating ActiveMQ, User, and Group Nodes

  12. The next few steps describe how to create a jdoe user entry.

    Right-click on the ou=User node and select New|New Entry. The New Entry wizard appears.

  13. In the Entry Creation Method pane, select the Create entry from scratch radiobutton. Click Next.

  14. In the Object Classes pane, select inetOrgPerson from the list of Available object classes on the left and then click Add to populate the list of Selected object classes. Click Next.

  15. In the Distinguished Name pane, complete the RDN field, putting uid in front and jdoe after the equals sign. Click Next.

  16. Now fill in the mandatory attributes in the Attributes pane. Set the cn (common name) attribute to Jane Doe and the sn (surname) attribute to Doe.

  17. Add a userPassword attribute in the Attributes pane. Right-click inside the list of attributes and select New Attribute. The New Attribute wizard appears.

  18. From the Attribute type drop-down list, select userPassword. Click Finish.

  19. The Password Editor dialog appears. In the Enter New Password field, enter the password, sunflower. Click Ok.

    Figure 6.6. Attributes Step of New Entry Wizard

    form for adding attributes to a new object

  20. Click Finish, to close the New Entry wizard.

  21. The next few steps describe how to create an admin user entry.

    Right-click on the ou=User node and select New|New Entry. The New Entry wizard appears.

  22. In the Entry Creation Method pane, select the Create entry from scratch radiobutton. Click Next.

  23. In the Object Classes pane, select both account and simpleSecurityObject from the list of Available object classes on the left and then click Add to populate the list of Selected object classes. Click Next.

  24. In the Distinguished Name pane, complete the RDN field, putting uid in front and admin after the equals sign. Click Next.

  25. You are now prompted to provide a password, through the Password Editor dialog. In the Enter New Password field, enter the password, sunflower. Click Ok.

    Figure 6.7. Attributes Step of New Entry Wizard

    form for adding attributes to a new object

  26. Click Finish, to close the New Entry wizard.

  27. The next few steps describe how to create the admins group entry.

    Right-click on the ou=Group node and select New|New Entry. The New Entry wizard appears.

  28. In the Entry Creation Method pane, select the Create entry from scratch radiobutton. Click Next.

  29. In the Object Classes pane, select groupOfNames from the list of Available object classes on the left and then click Add to populate the list of Selected object classes. Click Next.

  30. In the Distinguished Name pane, complete the RDN field, putting cn in front and admins after the equals sign. Click Next.

  31. You are now prompted to provide a value for the mandatory member attribute, through the DN Editor dialog. In the text field, enter the last part of the DN for the admin user, uid=admin. Click Ok.

    Figure 6.8. Attributes Step of New Entry Wizard

    form for adding attributes to a new object

  32. Click Finish, to close the New Entry wizard.

  33. The next few steps describe how to create the users group entry.

    Right-click on the ou=Group node and select New|New Entry. The New Entry wizard appears.

  34. In the Entry Creation Method pane, select the Create entry from scratch radiobutton. Click Next.

  35. In the Object Classes pane, select groupOfNames from the list of Available object classes on the left and then click Add to populate the list of Selected object classes. Click Next.

  36. In the Distinguished Name pane, complete the RDN field, putting cn in front and users after the equals sign. Click Next.

  37. You are now prompted to provide a value for the mandatory member attribute, through the DN Editor dialog. In the text field, enter the last part of the DN for the jdoe user, uid=jdoe. Click Ok.

  38. Click Finish, to close the New Entry wizard.

  39. You should now be able to see the following tree in the LDAP Browser window:

    Figure 6.9. Complete Tree of User Entries and Group Entries

    Complete Tree of User Entries and Group Entries

Comments powered by Disqus
Prev Up Next
 Home 
loading table of contents...