Changes between Version 2 and Version 3 of ALL__security_edirrole

Timestamp:

11/25/14 20:01:11 (9 years ago)

Author:

lttoth@…

Comment:

Revised to reflect current status.

ALL__security_edirrole

@@ -85 +85 @@
 nsRoleFilter: (&(EDIRROLE=*)(EDIRrole=EDIRadmin))Description: filtered role for resource entities administering EDIR
 }}}
-iPlanet roles are created and deleted as follows:
-
+
+== Managing iPlanet Roles ==
+
+The legacy method for managing iPlanet roles was to access a role.<role name>.ldif file and modify the LDAP EDIR listing accordingly. I find no evidence of the following on the production iPlanet directories for the IDMP cluster.  If these are used, they are used solely via EDIR, despite the LDAP scripts and management details residing on idml-3.alaska.edu.  
+
+Current IAM documentation refers users to the Sun iPlanet documents to complete these tasks.
+
+=== Legacy iPlanet Roles ===
+The following is a listing of LDIF files remaining on the "E" boxes that correspond to iPlanet roles that were defined in the legacy method:
+
+{{{
+iplanet@edgar.alaska.edu> find . -name role.*
+./local/ldap/schema/ROLE/role.HelpDeskRole.ldif.20050511elm
+./local/ldap/schema/ROLE/role.EDIRadminRole.resource.ldif
+./local/ldap/schema/ROLE/role.emailAdminRole.ldif.20050511elm
+./local/ldap/schema/ROLE/role.passwordSynchRole.resource.ldif
+./local/ldap/schema/ROLE/role.authserviceRole.resource.ldif
+./local/ldap/schema/ROLE/role.twoStepBindrole.resource.ldif
+./local/ldap/schema/ROLE/role.EDIRadminRole.ldif
+./local/ldap/schema/ROLE/role.authservicePrivilegedRole.resource.ldif
+./local/ldap/schema/ROLE/role.acceptedFERPArole.ldif.20060407elm
+./local/ldap/schema/ROLE/role.HelpDeskRole.ldif
+./local/ldap/schema/ROLE/role.EDIRadminRole.departments.ldif
+./local/ldap/schema/ROLE/role.deptAdminRole.ldif.20050511elm
+./local/ldap/schema/ROLE/role.ADadminRole.ldif
+./local/ldap/schema/ROLE/role.abideByFERPArole.resource.ldif
+./local/ldap/schema/ROLE/role.ADadminRole.people.ldif
+./local/ldap/schema/ROLE/role.HelpDeskStudentRole.ldif.20050422elm.not_used
+./local/ldap/schema/ROLE/role.deptAdminRole.ldif.20030908eml
+./local/ldap/schema/ROLE/role.directoryGatewayRole.ldif
+./local/ldap/schema/ROLE/role.phoneBookRole.ldif.20050511elm
+./local/ldap/schema/ROLE/role.superUserRole.resource.ldif
+./local/ldap/schema/ROLE/role.secretaryAdminRole.ldif.20050511elm
+./local/ldap/schema/ROLE/role.EDIRadminRole.routing.ldif
+./local/ldap/schema/ROLE/role.directoryPrivilegedRole.resource.ldif
+./local/ldap/schema/ROLE/role.authserviceRole.ldif
+./local/ldap/schema/ROLE/role.phoneBookRole.ldif.20050303
+./local/ldap/schema/ROLE/role.emailAdminRole.resource.ldif.20050603elm
+./local/ldap/schema/ROLE/role.directoryGatewayRole.resource.ldif
+./local/ldap/schema/ROLE/role.EDIRadminRole.resource.ldif.20070607
+./local/ldap/schema/ROLE/role.passwordSynchRole.ldif
+./local/ldap/schema/ROLE/role.EDIRadminRole.resource.ldif.20060710
+./local/ldap/schema/ROLE/role.administratorsRole.ldif
+./local/ldap/schema/ROLE/role.acceptedFERPArole.ldif
+./local/ldap/schema/ROLE/role.passwordSynchRole.ldif.20060511
+./local/ldap/schema/ROLE/role.passwordSynchRole.ldif.20070307
+./local/ldap/schema/ROLE/role.GAE-EDIRgadgetRole.resource.ldif
+./local/ldap/schema/ROLE/role.directoryPrivilegedRole.ldif
+./local/ldap/schema/ROLE/role.acceptedFERPArole.ldif.20050511elm
+./local/ldap/schema/ROLE/role.EDIRadminRole.group.ldif
+./local/ldap/schema/ROLE/role.HelpDeskRole.resource.ldif.20050603elm
+./local/ldap/schema/ROLE/role.ADadminRole.resource.ldif
+./local/ldap/schema/ROLE/role.authservicePrivilegedRole.ldif
+./local/ldap/schema/ROLE/role.emplAdminRole.ldif.20050203
+./local/ldap/schema/ROLE/role.tklAdminRole.ldif
+./local/ldap/schema/ROLE/role.abideByFERPArole.resource.ldif.20070607
+./local/ldap/schema/ROLE/role.emailAdminRole.ldif
+./local/ldap/schema/ROLE/role.phoneBookRole.ldif
+./local/ldap/schema/ROLE/role.emplAdminRole.resource.ldif
+./local/ldap/schema/ROLE/role.UaSystemIdRole.resource.ldif
+./local/ldap/schema/ROLE/role.secretaryAdminRole.ldif
+./local/ldap/schema/ROLE/role.emplAdminRole.ldif.20050511elm
+./local/ldap/schema/ROLE/role.EDIRadminRole.ldif.20050511elm
+./local/ldap/schema/ROLE/role.deptAdminRole.ldif
+./local/ldap/schema/ROLE/role.emplAdminRole.ldif
+./local/ldap/schema/ROLE/role.CurrentMailRole.resource.ldif
+./local/ldap/schema/ROLE/role.tklAdminRole.ldif.20050511elm
+./local/ldap/schema/ROLE/role.administratorsRole.ldif.20050511elm
+./local/ldap/schema/ROLE/role.authserviceRole.ldif.tmp
+./local/ldap/schema/ROLE/role.abideByFERPArole.ldif
+./local/ldap/schema/ROLE/role.HelpDeskRole.ldif.20030716elm
+}}}
+
+=== Running the Scripts to Add and Delete Defined Roles ===
+
+To delete a role enter ldap_delete<instance> at the command line prompt.  The output will resemble the following:
+
+{{{
         iplanet@egegik> ldap_deleteTest 
         inst: test
@@ -102 +178 @@
         entry removed
         <ctrl+d>
-
+}}}
+
+To add a role, enter ldap_add<instance> at the command line prompt.  The output will resemble the following:
+
+{{{
         iplanet@egegik> ldap_addTest -f role.EDIRadminRole.resource.ldif             
         inst: test
@@ -128 +208 @@
         adding new entry cn=EDIRadminRole,ou=resource,dc=alaska,dc=edu
         modify complete
+}}}
 
 iPlanet roles created for ou=people,dc=alaska,dc=edu and ou=resource,dc=alaska,dc=edu 
@@ -134 +215 @@
 directory data and those branches of the directory are configured for automatic 
 replication of directory data changes.
-
-# eof