D.6. Creating the DN used to modify users in the directory

D.6. Creating the DN used to modify users in the directory
Prev	Appendix D. Manually Configuring Integration with Novell eDirectory	Next

In order to function properly, tl-nds-posixuser and tl-nds-posixgroup needs to bind to eDirectory as a user that has appropriate permissions. Specifically, the user needs to write the attributes uidNumber, gidNumber, loginShell, uniqueID, and homeDirectory. Since an objectclass is also added, the user also needs write access to the objectclass attribute. It must also be able to read the cn attribute, and needs browse permissions on [Entry Rights] in order to find the users at all.

Follow the instructions in Section D.5, “ Creating a DN for search operations ” but use another username. On the container that is above all users, set "write" permission on uidNumber, gidNumber, loginShell, uniqueID, objectclass and homeDirectory. Set read permission on the cn attribute and browse on [Entry Rights]. The raw ACL list for this looks as follows (given a DN of cn=tl-posixsetter,ou=thinlinc,o=example):

ACL: 7#subtree#cn=tl-posixsetter,ou=thinlinc,o=example#objectClass
ACL: 1#subtree#cn=tl-posixsetter,ou=thinlinc,o=example#[Entry Rights]
ACL: 7#subtree#cn=tl-posixsetter,ou=thinlinc,o=example#loginShell
ACL: 7#subtree#cn=tl-posixsetter,ou=thinlinc,o=example#uidNumber
ACL: 7#subtree#cn=tl-posixsetter,ou=thinlinc,o=example#gidNumber
ACL: 7#subtree#cn=tl-posixsetter,ou=thinlinc,o=example#homeDirectory
ACL: 7#subtree#cn=tl-posixsetter,ou=thinlinc,o=example#uid
ACL: 3#subtree#cn=tl-posixsetter,ou=thinlinc,o=example#cn

Prev	Up	Next
D.5. Creating a DN for search operations	Home	Appendix E. Configuring CUPS queues on Windows Terminal Servers