Examples Static Groups and Roles in Democorp
The following examples show how to set up static groups and roles in Democorp, one of the sample directories provided with CA Directory. You can use these examples as training exercises.
cad1214
The following examples show how to set up static groups and roles in Democorp, one of the sample directories provided with CA Directory. You can use these examples as training exercises.
Example Enable Static Groups in Democorp
Before you create a static group, you need to prepare the directory.
The Democorp directory does not contain any groups. Use these instructions to prepare the directory for static groups.
To enable static groups
- Stop the Democorp DSA by entering the following command at a command prompt:dxserver stop democorp
- Source the x500.dxc schema file in the Democorp configuration, as follows:
- Look in the DXHOME/config/servers directory for thedemocorp.dxifile, and open it in a text editor.This is the Democorp DSA's initialization file.
- Find the following schema file statement:
source "../schema/samples.dxg"; source "x500.dxc";This means that when the Democorp DSA starts, it sources the schema files listed insamples.dxg. - Make thesamples.dxgfile writable.
- Opensamples.dxgin a text editor, and add this line to the file:
- Close and savesamples.dxg.
- Make the DSA sources thex500.dxcschema file supplied with CA Directory. This provides the required object classes.To do this, add the following command to the schema file sourced by the DSA:source "x500.dxc";
- Start the Democorp DSA by entering the following command at a command prompt:dxserver start democorp
- Create a new subtree to store the group entries, as follows:
- Open JXweb and connect to the Democorp DSA.
- Select the DEMOCORP entry in the tree on the left, and then click New.
- Enterou=Groupsin the RDN for New Entry field, click Submit twice, and then click OK.
Example Create a Static Group in Democorp
This example shows how to create a new static group entry in the Democorp directory by loading it from an LDIF file.
This group lists the first aid officers in Democorp. It is already populated with two group members.
To add a static group to the Democorp directory
- Save the following in a text file namedfirstaid.ldif:version: 1 dn: cn=First Aid Officers,ou=Groups,o=DEMOCORP,c=AU objectClass: groupOfUniqueNames objectClass: top cn: First Aid Officers uniqueMember: cn=Craig LINK,ou=Administration,ou=Corporate,o=DEMOCORP,c=AU uniqueMember: cn=Vivienne LEVER,ou=Administration,ou=Corporate,o=DEMOCORP,c=AU
- Open a command prompt and change to the directory in which you saved the LDIF file.
- Load the entry into the Democorp directory, using the following command in the command prompt:dxmodify -a -h hostname -p portnumber -f firstaid.ldif
- -hhostnameSpecifies the name of the computer on which the DSA is running.
- -pportnumberSpecifies the port number of the DSA. By default, the Democorp sample DSA uses port 19389.
Example Enable Static Roles in Democorp
This example shows how to enable static roles in Democorp. To enable roles, you need to change the DSA's settings, which means that you have to stop and start the DSA. These instructions also describe how to identify which settings file is used by the Democorp DSA.
To enable static roles in Democorp
- Identify which settings file is used by Democorp, as follows:
- Open Democorp's initialization file in a text editor.
- Find the following schema file statement:
source "../settings/dxmanager.dxc";This means that when the Democorp DSA starts, it uses the settings insettings/dxmanager.dxc. You need to add the role commands to this file. - Stop the Democorp DSA.
- Add the commands to enable static roles to the Democorp settings file. To do this:
- Ensure that the settings file is writable, and then open it in a text editor.
- Add the following lines to the settings file:
#roles set role-subtree = <c AU><o Democorp><ou Groups>; set use-roles = true;- Close and save the settings file.
- Start the DSA.The Democorp DSA can now use static groups as roles. You can now set limits or access controls for any such groups you have created.