performance / tuning tips. to the point.                
About Us | Site Map | Privacy
Disclaimer | Feedback
About RSS Feed | Useful Links
Search Partner Links
Original Blog
Add to My Yahoo!
Google Reader or Homepage
del.icio.us performancewiki.com Latest Items


© 2005-2012 PerformanceWiki.com
All Rights Reserved.


Quick Tips To Get Started: Setup and Configure IBM Tivoli Directory Server V6.0



LDAP (Lightweight Directory Access Protocol) is a specialized database. LDAP is a standard. LDAP can have different implementations from different vendors (e.g., Novell, Microsoft, IBM, Sun).

LDAP is used to store relatively static information. The phrase "write once read many times" describes the best use of LDAP. LDAP is structured as a directory optimized for lookups. Its tree structure is useful for conceptualizing organizational structures.

Each entry in the LDAP tree is composed of one or more object classes. Every object class has attributes stored in name value pairs. An example of an LDAP attribute name value pair is uid=123181904 (as in SSN).

One easy way to understand LDAP entries is described in an IBM DeveloperWorks article as such:
An entry can be located in LDAP by specifying either the distinguished name (dn) or the relative distinguished name (rdn). The dn is the full LDAP tree path whereas the rdn is just a unique identifier for a specific entry in the tree.

One way to easily conceptualize the difference between the dn and rdn is to think of the difference between directions and an address. The dn would be equivalent to giving directions from the airport to a hotel. The rdn would just be the address of the hotel. Similar to an address a rdn must be unique. It would be very difficult to find your hotel on a city map if its address was not unique.

The following tips help you quickly setup some entries in a IBM Tivoli Directory Server V6.0 so you can try to use the entries in the LDAP server for your applications. The following assumes you have already installed ITDS V6, and have created a admin DN called "cn=root" with a password "pass4pw":


1) ITDS V6 comes with a embedded WebSphere Application Server (Express version) that runs the browser-based
client administration tool. The tool allows you to view, edit, update, configure your LDAP instances / databases.
If you have not selected it during your installation, you will need to to back and install it.  To run the
app, go to the installed directory, on Windows, usually it is c:\Program Files\IBM\LDAP\V6.0\appsrv\bin, and start
the app server "server1":
	
		startServer.bat server1
		
2) Open a browser, and point the address to:

		http://localhost:12100/IDSWebApp/IDSjsp/Login.jsp	
		
   Login as "superadmin" with password "secret" - those are default values.	

3) Create a Suffix DNServer Administration -> Manage Server properties -> Suffixes

		For example, enter "dc=google,dc=com"

	Note: there is another place for Suffixes - under Proxy Server configuration - 
	that is only for proxy server, not for your LDAP server. The Suffix is also 
	called "Base DN" in many context.
	
4) Now done with the Web GUI tool. The rest is done with command line tools - which is much easier and quicker.
   Create a LDIF file (for import; usually generated by an export), call it "setup.ldif", which has content as follows:
   
		# this is a comment the # must be in first column
		
		version: 1
		
		## version not strictly necessary but good practice to include for future releases
		
		## DEFINE DIR ROOT/BASE/SUFFIX ####
		## uses RFC 2377 format
		## replace google and com as necessary below
		#
		
		##
		## dcObject is an AUXILLIARY objectclass and MUST
		## have a STRUCTURAL objectclass (organization in this case)
		## this is an ENTRY sequence and is preceded by a BLANK line
		## Notice that dc=google,dc=com was created as Suffix in step 3)
		
		dn: dc=google,dc=com
		dc: google
		description: My company google.
		objectClass: dcObject
		objectClass: organization
		o: Google, Inc.
		
		
		## -----------------------------------------------------------------------------
		## FIRST Level hierarchy - people
		## uses mixed upper and lower case for objectclass
		## this is an ENTRY sequence and is preceded by a BLANK line
		
		dn: ou=people,dc=google,dc=com
		ou: people
		description: All people in organization
		objectclass: organizationalunit
		
		## -----------------------------------------------------------------------------
		## FIRST Level hierarchy - roles
		## uses mixed upper and lower case for objectclass
		## this is an ENTRY sequence and is preceded by a BLANK line
		
		dn: cn=roles,dc=google,dc=com
		objectclass: container
		objectclass: top
		cn: roles   
		
		## -----------------------------------------------------------------------------
		## SECOND Level hierarchy
		## ADD a single entry under FIRST (people) level
		##
		## ePerson is an AUXILLIARY objectclass from google and MUST
		## have a STRUCTURAL objectclass (inetOrgPerson in this case)
		##
		## this is an ENTRY sequence and is preceded by a BLANK line
		## the ou: Billing is the department
		
		
		dn: uid=c0001,ou=people,dc=google,dc=com
		objectclass: ePerson
		objectclass: inetOrgPerson
		cn: Barbara Jensen
		displayName: Babs Jensen
		sn: Jensen
		givenName: Barbara
		initials: BJJ
		title: Billing manager
		uid: c0001
		userpassword: babs1me
		mail: bjensen@google.com
		mail: barbara.jensen@google.com
		homephone: +1 999 222 3423
		telephoneNumber: +1 999 555 1862
		facsimileTelephoneNumber: +1 999 555 1992
		mobile: +1 999 555 1941
		roomNumber: 0209
		carLicense: 6ABC246
		o: google
		ou: AdSense
		departmentNumber: 2604
		registeredAddress: 348 Parkside Dr Anywhere, IL 23480
		postalAddress: 347 Parkside Dr. Anywhere, IL 23480
		employeeNumber: 5234
		employeeType: full time
		preferredLanguage: fr, en-gb;q=0.8, en;q=0.7
		labeledURI: http://www.google.com/adsense
		telephonenumber: +1 999 243 2312
		jpegphoto: http://www.google.com/photo/babs.jpg
		
		# repeast the above uid additions as neccessary.
		
5) In C:\Program Files\IBM\LDAP\V6.0\bin, there is a command "ldapadd.cmd" that can create the entries defined
   in the LDIF file above.  To run the program, type:
   
   ldapadd -a -c -h ldap:// -D "cn=root" -w pass4pw -f setup.ldif 
   
   Check the output messages from the console. They should say successfully created, otherwise you have errors.
   
6) Now you have users defined in a ITDS LDAP server. To use the user Barbara Jensen, the DN is:

		uid=c0001,ou=people,dc=google,dc=com
		password is "babs1me"
		
   That's it!		

	   

To see related articles on ITDS V5.2, click Installation and simple Java LDAP Programming ITDS V5.2.

    

Couldn't find what you need? Check out our blog entries.