Changes between Version 2 and Version 3 of ALL__security_edirrole


Ignore:
Timestamp:
11/25/14 20:01:11 (10 years ago)
Author:
lttoth@…
Comment:

Revised to reflect current status.

Legend:

Unmodified
Added
Removed
Modified
  • ALL__security_edirrole

    v2 v3  
    8585nsRoleFilter: (&(EDIRROLE=*)(EDIRrole=EDIRadmin))Description: filtered role for resource entities administering EDIR 
    8686}}} 
    87 iPlanet roles are created and deleted as follows: 
    88  
     87 
     88== Managing iPlanet Roles == 
     89 
     90The legacy method for managing iPlanet roles was to access a role.<role name>.ldif file and modify the LDAP EDIR listing accordingly. I find no evidence of the following on the production iPlanet directories for the IDMP cluster.  If these are used, they are used solely via EDIR, despite the LDAP scripts and management details residing on idml-3.alaska.edu.   
     91 
     92Current IAM documentation refers users to the Sun iPlanet documents to complete these tasks. 
     93 
     94=== Legacy iPlanet Roles === 
     95The following is a listing of LDIF files remaining on the "E" boxes that correspond to iPlanet roles that were defined in the legacy method: 
     96 
     97{{{ 
     98iplanet@edgar.alaska.edu> find . -name role.* 
     99./local/ldap/schema/ROLE/role.HelpDeskRole.ldif.20050511elm 
     100./local/ldap/schema/ROLE/role.EDIRadminRole.resource.ldif 
     101./local/ldap/schema/ROLE/role.emailAdminRole.ldif.20050511elm 
     102./local/ldap/schema/ROLE/role.passwordSynchRole.resource.ldif 
     103./local/ldap/schema/ROLE/role.authserviceRole.resource.ldif 
     104./local/ldap/schema/ROLE/role.twoStepBindrole.resource.ldif 
     105./local/ldap/schema/ROLE/role.EDIRadminRole.ldif 
     106./local/ldap/schema/ROLE/role.authservicePrivilegedRole.resource.ldif 
     107./local/ldap/schema/ROLE/role.acceptedFERPArole.ldif.20060407elm 
     108./local/ldap/schema/ROLE/role.HelpDeskRole.ldif 
     109./local/ldap/schema/ROLE/role.EDIRadminRole.departments.ldif 
     110./local/ldap/schema/ROLE/role.deptAdminRole.ldif.20050511elm 
     111./local/ldap/schema/ROLE/role.ADadminRole.ldif 
     112./local/ldap/schema/ROLE/role.abideByFERPArole.resource.ldif 
     113./local/ldap/schema/ROLE/role.ADadminRole.people.ldif 
     114./local/ldap/schema/ROLE/role.HelpDeskStudentRole.ldif.20050422elm.not_used 
     115./local/ldap/schema/ROLE/role.deptAdminRole.ldif.20030908eml 
     116./local/ldap/schema/ROLE/role.directoryGatewayRole.ldif 
     117./local/ldap/schema/ROLE/role.phoneBookRole.ldif.20050511elm 
     118./local/ldap/schema/ROLE/role.superUserRole.resource.ldif 
     119./local/ldap/schema/ROLE/role.secretaryAdminRole.ldif.20050511elm 
     120./local/ldap/schema/ROLE/role.EDIRadminRole.routing.ldif 
     121./local/ldap/schema/ROLE/role.directoryPrivilegedRole.resource.ldif 
     122./local/ldap/schema/ROLE/role.authserviceRole.ldif 
     123./local/ldap/schema/ROLE/role.phoneBookRole.ldif.20050303 
     124./local/ldap/schema/ROLE/role.emailAdminRole.resource.ldif.20050603elm 
     125./local/ldap/schema/ROLE/role.directoryGatewayRole.resource.ldif 
     126./local/ldap/schema/ROLE/role.EDIRadminRole.resource.ldif.20070607 
     127./local/ldap/schema/ROLE/role.passwordSynchRole.ldif 
     128./local/ldap/schema/ROLE/role.EDIRadminRole.resource.ldif.20060710 
     129./local/ldap/schema/ROLE/role.administratorsRole.ldif 
     130./local/ldap/schema/ROLE/role.acceptedFERPArole.ldif 
     131./local/ldap/schema/ROLE/role.passwordSynchRole.ldif.20060511 
     132./local/ldap/schema/ROLE/role.passwordSynchRole.ldif.20070307 
     133./local/ldap/schema/ROLE/role.GAE-EDIRgadgetRole.resource.ldif 
     134./local/ldap/schema/ROLE/role.directoryPrivilegedRole.ldif 
     135./local/ldap/schema/ROLE/role.acceptedFERPArole.ldif.20050511elm 
     136./local/ldap/schema/ROLE/role.EDIRadminRole.group.ldif 
     137./local/ldap/schema/ROLE/role.HelpDeskRole.resource.ldif.20050603elm 
     138./local/ldap/schema/ROLE/role.ADadminRole.resource.ldif 
     139./local/ldap/schema/ROLE/role.authservicePrivilegedRole.ldif 
     140./local/ldap/schema/ROLE/role.emplAdminRole.ldif.20050203 
     141./local/ldap/schema/ROLE/role.tklAdminRole.ldif 
     142./local/ldap/schema/ROLE/role.abideByFERPArole.resource.ldif.20070607 
     143./local/ldap/schema/ROLE/role.emailAdminRole.ldif 
     144./local/ldap/schema/ROLE/role.phoneBookRole.ldif 
     145./local/ldap/schema/ROLE/role.emplAdminRole.resource.ldif 
     146./local/ldap/schema/ROLE/role.UaSystemIdRole.resource.ldif 
     147./local/ldap/schema/ROLE/role.secretaryAdminRole.ldif 
     148./local/ldap/schema/ROLE/role.emplAdminRole.ldif.20050511elm 
     149./local/ldap/schema/ROLE/role.EDIRadminRole.ldif.20050511elm 
     150./local/ldap/schema/ROLE/role.deptAdminRole.ldif 
     151./local/ldap/schema/ROLE/role.emplAdminRole.ldif 
     152./local/ldap/schema/ROLE/role.CurrentMailRole.resource.ldif 
     153./local/ldap/schema/ROLE/role.tklAdminRole.ldif.20050511elm 
     154./local/ldap/schema/ROLE/role.administratorsRole.ldif.20050511elm 
     155./local/ldap/schema/ROLE/role.authserviceRole.ldif.tmp 
     156./local/ldap/schema/ROLE/role.abideByFERPArole.ldif 
     157./local/ldap/schema/ROLE/role.HelpDeskRole.ldif.20030716elm 
     158}}} 
     159 
     160=== Running the Scripts to Add and Delete Defined Roles === 
     161 
     162To delete a role enter ldap_delete<instance> at the command line prompt.  The output will resemble the following: 
     163 
     164{{{ 
    89165        iplanet@egegik> ldap_deleteTest  
    90166        inst: test 
     
    102178        entry removed 
    103179        <ctrl+d> 
    104  
     180}}} 
     181 
     182To add a role, enter ldap_add<instance> at the command line prompt.  The output will resemble the following: 
     183 
     184{{{ 
    105185        iplanet@egegik> ldap_addTest -f role.EDIRadminRole.resource.ldif              
    106186        inst: test 
     
    128208        adding new entry cn=EDIRadminRole,ou=resource,dc=alaska,dc=edu 
    129209        modify complete 
     210}}} 
    130211 
    131212iPlanet roles created for ou=people,dc=alaska,dc=edu and ou=resource,dc=alaska,dc=edu  
     
    134215directory data and those branches of the directory are configured for automatic  
    135216replication of directory data changes. 
    136  
    137 # eof