RHEL 6.3 – LDAP Series – Part 1 : Implementation of LDAP Authentication
Other Learning Articles that you may like to read
Free Courses We Offer
Paid Training Courses we Offer
What is LDAP
LDAP ( Lightweight Directory Access Protocol) is client-server protocol which provides directory services to the client machines. Each LDAP server contain the data required to making up the LDAP database, commonly BDB ( Berkely DB), a high performance transactional database. LDAP manages it’s data in the form objects which are defined with several attributes.
Right now the current LDAP standard provides following basic types of object classes:
- Groups – unordered lists of individual objects or groups of objects
- Location – e.g. Country name and description
- Organisational Units – for Organisational classification of the directory
- People – Individual user login accounts in the directory
As mentioned earlier each object class supported by additional information in the form of attributes. And these attributes are paired together with the values that customizes each object as unique entity in the LDAP database.
e.g: for example the “user” object has an attribute named “commonName in short cn” which is having the user name as it’s value
In this post, I am providing the steps required to configure a LDAP Server ( RHEL 6.3 ) with basic LDAP configuration, and then later configure a ldap client to use the nscld authentication ( legecy for RHEL6.3). And we also discussed about sssd autentication which is out of scope for this document.
Configuration of LDAP Server
[root@gurkulrhel1 ~]# rpm -qa|grep ldap
compat-openldap-2.3.43-2.el6.x86_64
mod_authz_ldap-0.26-15.el6.x86_64
nss-pam-ldapd-0.7.5-14.el6_2.1.x86_64
openldap-servers-sql-2.4.23-26.el6_3.2.x86_64
python-ldap-2.3.10-1.el6.x86_64
openldap-devel-2.4.23-26.el6_3.2.x86_64
krb5-server-ldap-1.9-33.el6.x86_64
bind-dyndb-ldap-1.1.0-0.9.b1.el6.x86_64
openldap-servers-2.4.23-26.el6_3.2.x86_64
openldap-2.4.23-26.el6_3.2.x86_64
php-ldap-5.3.3-14.el6_3.x86_64
openldap-clients-2.4.23-26.el6_3.2.x86_64
ldapjdk-4.18-6.el6.x86_64
apr-util-ldap-1.3.9-3.el6_0.1.x86_64
pam_ldap-185-11.el6.x86_64[root@gurkulrhel1 ~]# cat /var/lib/ldap/DB_CONFIG
cat: /var/lib/ldap/DB_CONFIG: No such file or directory[root@gurkulrhel1 ~]# egrep -v “^#|^$” /usr/share/openldap-servers/DB_CONFIG.example
set_cachesize 0 268435456 1
set_lg_regionmax 262144
set_lg_bsize 2097152
# service iptables stop
[root@gurkulrhel1 ~]# cp /usr/share/openldap-servers/slapd.conf.obsolete /root/slapd.conf
Generate root password for LDAP cn=config configuration:
New password: <pasword>
Re-enter new password:<password>
{SSHA}5kO/K1KBzJ0wEaKBAGjIDY6MG6TGzg9Q <== note down this encrypted password [root@gurkulrhel1 ~]# vi /root/slapd.conf
And made below modifiations, under “database bdb” Sectionsuffix “dc=gurkulindia,dc=com”
checkpoint 1024 15
rootdn “cn=Manager,dc=my-domain,dc=com”
rootpw {SSHA}5kO/K1KBzJ0wEaKBAGjIDY6MG6TGzg9Q [root@gurkulrhel1 log]#
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
# include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema # Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2 # Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args # Load dynamic backend modules
# – modulepath is architecture dependent value (32/64-bit system)
# – back_sql.la overlay requires openldap-server-sql package
# – dyngroup.la and dynlist.la cannot be used at the same time # modulepath /usr/lib/openldap
# modulepath /usr/lib64/openldap # moduleload accesslog.la
# moduleload auditlog.la
# moduleload back_sql.la
# moduleload chain.la
# moduleload collect.la
# moduleload constraint.la
# moduleload dds.la
# moduleload deref.la
# moduleload dyngroup.la
# moduleload dynlist.la
# moduleload memberof.la
# moduleload pbind.la
# moduleload pcache.la
# moduleload ppolicy.la
# moduleload refint.la
# moduleload retcode.la
# moduleload rwm.la
# moduleload seqmod.la
# moduleload smbk5pwd.la
# moduleload sssvlv.la
# moduleload syncprov.la
# moduleload translucent.la
# moduleload unique.la
# moduleload valsort.la # The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by running
# /usr/libexec/openldap/generate-server-cert.sh. Your client software may balk
# at self-signed certificates, however.
TLSCACertificatePath /etc/openldap/certs
TLSCertificateFile “”
TLSCertificateKeyFile /etc/openldap/certs/password # Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base=”” by * read
# access to dn.base=”cn=Subschema” by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., “access to * by * read”)
#
# rootdn can always read and write EVERYTHING! # enable on-the-fly configuration (cn=config)
database config
access to *
by dn.exact=”gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth” manage
by * none # enable server status monitoring (cn=monitor)
database monitor
access to *
by dn.exact=”gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth” read
by dn.exact=”cn=Manager,dc=my-domain,dc=com” read
by * none #######################################################################
# database definitions
####################################################################### database bdb
suffix “dc=gurkulindia,dc=com”
checkpoint 1024 15
rootdn “cn=Manager,dc=gurkulindia,dc=com”
rootpw {SSHA}5kO/K1KBzJ0wEaKBAGjIDY6MG6TGzg9Q
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg # The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap # Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub # Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com@EXAMPLE.COM
[root@gurkulrhel1 log]#
[root@gurkulrhel1 ~]# rm -rf /etc/openldap/slapd.d/*[root@gurkulrhel1 ~]# rm -rf /var/lib/ldap/*
Initialize DB files for content in /var/lib/ldap directory
[root@gurkulrhel1 ~]# echo “” | slapadd -f /root/slapd.conf
The first database does not allow slapadd; using the first available one (2)
Convert the slapd.conf to cn=config model
total 8
drwxr-x— 3 root root 4096 Mar 24 20:52 cn=config
-rw——- 1 root root 1120 Mar 24 20:52 cn=config.ldif
[root@gurkulrhel1 ~]# chmod -R u+rwX /etc/openldap/slapd.d
[root@gurkulrhel1 ~]# chown -R ldap.ldap /var/lib/ldap
# At least one of SLAPD_LDAP, SLAPD_LDAPI and SLAPD_LDAPS must be set to ‘yes’!
SLAPD_LDAPI=yes
# – it doesn’t overwrite settings of $SLAPD_LDAP, $SLAPD_LDAPS and $SLAPD_LDAPI options
# – it isn’t overwritten by settings of $SLAPD_LDAP, $SLAPD_LDAPS and $SLAPD_LDAPI options
Starting slapd: [ OK ]
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
# # config
dn: cn=config
objectClass: olcGlobal
cn: config
olcConfigFile: /root/slapd.conf
olcConfigDir: /etc/openldap/slapd.d/
olcAllows: bind_v2
olcArgsFile: /var/run/openldap/slapd.args
olcAttributeOptions: lang-
olcAuthzPolicy: none
olcConcurrency: 0
olcConnMaxPending: 100
olcConnMaxPendingAuth: 1000
olcGentleHUP: FALSE
olcIdleTimeout: 0
olcIndexSubstrIfMaxLen: 4
olcIndexSubstrIfMinLen: 2
olcIndexSubstrAnyLen: 4
olcIndexSubstrAnyStep: 2
olcIndexIntLen: 4
olcLocalSSF: 71
olcPidFile: /var/run/openldap/slapd.pid
olcReadOnly: FALSE
olcReverseLookup: FALSE
olcSaslSecProps: noplain,noanonymous
olcSockbufMaxIncoming: 262143
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 16
olcTLSCACertificatePath: /etc/openldap/certs
olcTLSCertificateFile: “OpenLDAP Server”
olcTLSCertificateKeyFile: /etc/openldap/certs/password
olcTLSVerifyClient: never
olcToolThreads: 1
olcWriteTimeout: 0 :::::: SNIP the ouput :::: # # {2}bdb, config
dn: olcDatabase={2}bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {2}bdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=gurkulindia,dc=com
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=Manager,dc=gurkulindia,dc=com
olcRootPW: {SSHA}5kO/K1KBzJ0wEaKBAGjIDY6MG6TGzg9Q
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbCacheSize: 1000
olcDbCheckpoint: 1024 15
olcDbConfig: {0}set_cachesize 0 268435456 1
olcDbConfig: {1}set_lg_regionmax 262144
olcDbConfig: {2}set_lg_bsize 2097152
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass pres,eq
olcDbIndex: cn pres,eq,sub
olcDbIndex: uid pres,eq,sub
olcDbIndex: uidNumber pres,eq
olcDbIndex: gidNumber pres,eq
olcDbIndex: mail pres,eq,sub
olcDbIndex: ou pres,eq,sub
olcDbIndex: loginShell pres,eq
olcDbIndex: sn pres,eq,sub
olcDbIndex: givenName pres,eq,sub
olcDbIndex: memberUid pres,eq,sub
olcDbIndex: nisMapName pres,eq,sub
olcDbIndex: nisMapEntry pres,eq,sub
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0 # search result
search: 2
result: 0 Success # numResponses: 19
# numEntries: 18
Convert configuration file into dynamic configuration under /etc/openldap/slapd.d directory
[root@gurkulrhel1 ~]#
[root@gurkulrhel1 ~]# ldapmodify -Y EXTERNAL -H ldapi:///
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}5kO/K1KBzJ0wEaKBAGjIDY6MG6TGzg9Q <<< the encrypted password that we created using slappasswd earlier
dn: dc=gurkulindia,dc=com
objectClass: top
objectClass: domain
dc: gurkulindia dn: ou=Groups,dc=gurkulindia,dc=com
objectClass: top
objectClass: organizationalunit
ou: Groups dn: ou=People,dc=gurkulindia,dc=com
objectClass: top
objectClass: organizationalunit
ou: People
Enter LDAP Password: <== enter the password you enabled for bdb database
adding new entry “ou=Groups,dc=gurkulindia,dc=com”
adding new entry “ou=People,dc=gurkulindia,dc=com”
dn: uid=gurkuluser,ou=People,dc=gurkulindia,dc=com
givenName: ldap
sn: user1
loginShell: /bin/bash
uidNumber: 1250
gidNumber: 1500
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
uid: gurkuluser
cn: ldap user1
homeDirectory: /home/gurkuluser
userPassword: {SSHA}5kO/K1KBzJ0wEaKBAGjIDY6MG6TGzg9Q dn: cn=redhat,ou=Groups,dc=gurkulindia,dc=com
objectClass: posixGroup
objectClass: top
cn: redhat
Enter LDAP Password: <- enter the password we set for bdb databse
adding new entry “uid=gurkuluser,ou=People,dc=gurkulindia,dc=com”
adding new entry “cn=redhat,ou=Groups,dc=gurkulindia,dc=com”
Gurkulrhel2 : LDAP CLient Configuration
Check for all required client Packages
pam_ldap-185-11.el6.x86_64
python-ldap-2.3.10-1.el6.x86_64
apr-util-ldap-1.3.9-3.el6_0.1.x86_64
nss-pam-ldapd-0.7.5-14.el6_2.1.x86_64
compat-openldap-2.3.43-2.el6.x86_64
openldap-devel-2.4.23-26.el6.x86_64
openldap-clients-2.4.23-26.el6.x86_64
ldapjdk-4.18-6.el6.x86_64
[root@gurkulrhel2 log]#
Or If you want to use menu based configuration(GUI) use the below command
System>Administration>Authentication (or execute authconfig-gtk from a terminal)
gurkuluser@192.168.1.32’s password:
Access denied::: syslog will log below errors /var/log/messages Mar 24 11:10:48 gurkulrhel2 sssd: Starting up
Mar 24 11:10:48 gurkulrhel2 sssd[be[default]]: Starting up
Mar 24 11:10:48 gurkulrhel2 sssd[nss]: Starting up
Mar 24 11:10:48 gurkulrhel2 sssd[pam]: Starting up
Mar 24 11:10:59 gurkulrhel2 sssd[be[default]]: Could not start TLS encryption. TLS error -8157:Certificate extension not found.
or you can enable this parameter from command line , using
# authconfig –enableforcelegacy –update
Finally enable ldap authentication for the client using the command
Starting nslcd: [ OK ]
Starting oddjobd: [ OK ]
Stopping nslcd: [FAILED]
Starting nslcd: [ OK ]
gurkuluser@192.168.1.32’s password:
Creating home directory for gurkuluser.
[gurkuluser@gurkulrhel2 ~]$
If you want to know little more about LDAP jsut stay tuned with me, for the next post.
How to Stay Close to Us ?
You can simply subscribe for our free email posts from here
You can always stay close to us by connecting in Facebook, LinkedIn , twitter and Google + social networks. We are also managing the unixbook as a writing space for you. And We have very active Facebook’s just-UNIX-no-noise group and Linked in Enterprise UNIX administration group, for active discussions.
We always love to hear your comments and feedback.
Nice writeup.
HI ,
I am getting below error,please some one help me ..
ldap_bind: Invalid credentials (49)
venu, i have mentioned the troubleshooting procedures here http://gurkulindia.com/main/2013/04/rhel-6-3-ldap-series-part-4-troubleshooting/ , for various ldap authentication issues.
Hi,
How to give the full permission to change the password to ldap user ? Please help me .
ldapmodify -Y EXTERNAL -H ldapi:///
it’s take too much time
How to Solve This
[root@ldap migrationtools]# ldapadd -x -h localhost -D cn=Manager,dc=example,dc=com -f /root/user.ldif -W
Enter LDAP Password:
ldapadd: attributeDescription “dn”: (possible missing newline after line 19, entry “uid=gurkuluser,ou=People,dc=example,dc=com”?)
adding new entry “uid=gurkuluser,ou=People,dc=example,dc=com”
ldap_add: Invalid syntax (21)
additional info: gidNumber: value #1 invalid per syntax
please Check if there are any typos in the user.dif file, because the error says invalid syntax with the parameter “gidNumber”
I get the following error when adding the domain i.e.
[root@ldap ~]# ldapadd -x -h localhost -D cn=Manager,dc=testdom,dc=com -f /root/domain.ldif -W
Enter LDAP Password:
adding new entry “dc=testdom,dc=com”
ldap_add: Type or value exists (20)
additional info: objectClass: value #0 provided more than once
my domain.ldif file conains this:
dn: dc=testdom,dc=com
objectClass: top
objectClass: domain
dc: testdom dn: ou=Groups,dc=testdomdc=com
objectClass: top
objectClass: organizationalunit
ou: Groups dn: ou=People,dc=testdom,dc=com
objectClass: top
objectClass: organizationalunit
ou: People
Can you advise?
Thanks
Kman
Hello, it seems some content from the file  domain.ldif  had duplicate entries please doble check.
Seems there’s an error in the procedure. The step “Initialize the DB_CONFIG Settings from default file” builds the /var/lib/ldap/DB_CONFIG file, but the step “Removing default ldap configuration data” deletes it.
Also, the step “Now we will make some basic entries for domain, and organizational units named  groups and people.” is missing some line breaks.
Hi Tim, Corrected it.
How to fix this problem?
I am having same problem.
Hi Hashmath, can you tell me which problem you are referring?
[root@ldap06 ~]# ldapadd -x -h localhost -D cn=Manager,dc=testdom,dc=com -f /root/domain.ldif -W
Enter LDAP Password:
adding new entry “dc=testdom,dc=comâ€
ldap_add: Type or value exists (20)
additional info: objectClass: value #0 provided more than once
my domain.ldif file conains this:
dn: dc=testdom,dc=com
objectClass: top
objectClass: domain
dc: testdom dn: ou=Groups,dc=testdomdc=com
objectClass: top
objectClass: organizationalunit
ou: Groups dn: ou=People,dc=testdom,dc=com
objectClass: top
objectClass: organizationalunit
ou: People
Thanks,
Hashmath.
Hi Hasmath, can you try the command after removing below 3 lines from the top of your ldif file ?
dn: dc=testdom,dc=com
objectClass: top
objectClass: domain
After openldap configuration i am facing following issue
[root@ldap01 ldap]# Â ldapsearch -x -b “cn=config” -D “cn=admin,cn=config” -w config -h localhost dn -LLL | grep -v ^$
ldap_bind: Invalid credentials (49)
[root@rldap01 ldap]#
Â
when I am trying to add olcRootPW following by instruction – it is giving me an ERROR ldap_modify: Inappropriate matching (18) additional info: modify/add: olcRootPW: no equality matching rule
Could you please help to solve this ERROR
My OS Version is – Red Hat Enterprise Linux Server release 6.4 (Santiago)
[root@gurkulrhel1 ~]# ldapmodify -Y EXTERNAL -H ldapi:///
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}5kO/K1KBzJ0wEaKBAGjIDY6MG6TGzg9Q
modifying entry “olcDatabase={0}config,cn=configâ€
ERROR
modifying entry “olcDatabase={0}config,cn=config”
ldap_modify: Inappropriate matching (18)
additional info: modify/add: olcRootPW: no equality matching rule
I suspect there might be issues with the step “Modify /root/slapd.conf to reflect the domain name and password” .. please do verify the file again and also make sure the verification was good with the below command.
“ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config”
Ideally the olcRootPW should show the default password here
Missing required extension
Your install of PHP appears to be missing LDAP support.
Please install LDAP support before using phpLDAPadmin.
(Dont forget to restart your web server afterwards)
I am new to a company and i got a task to setup a linux domain for users authentication and management. i went through different articles and finally decided to configure openldap. i have seen different methods to create it and i tried almost all of them also the method just described above. none of them was a success.
Actually i am totally confused that which method will give a positive output. I need to create it as soon as possible..
server in RHEL6 and the client Fedora20 please help !
Hi All,
i getting some error on openldap client side. please assist. when i run ldapsearch command on client side it give me an error : ldap_sasl_bind(simple) can’t contact ldap server (-1). i am using nslcd authentication. i am not using TLS or certificate. its just a simple authentication.
Machine : Fedora 20
[root@client ~]# systemctl -l status nslcd.service
nslcd.service – Naming services LDAP client daemon.
Loaded: loaded (/usr/lib/systemd/system/nslcd.service; enabled)
Active: active (running) since Mon 2014-08-25 16:54:35 IST; 3min 12s ago
Process: 19065 ExecStart=/usr/sbin/nslcd (code=exited, status=0/SUCCESS)
Main PID: 19066 (nslcd)
CGroup: /system.slice/nslcd.service
ââ€â€Ã¢â€â‚¬19066 /usr/sbin/nslcd
Aug 25 16:54:24 client.example.com systemd[1]: Unit nslcd.service entered failed state.
Aug 25 16:54:24 client.example.com systemd[1]: Starting Naming services LDAP client daemon….
Aug 25 16:54:35 client.example.com systemd[1]: PID file /var/run/nslcd/nslcd.pid not readable (yet?) after start.
Aug 25 16:54:35 client.example.com nslcd[19066]: version 0.8.13 starting
Aug 25 16:54:35 client.example.com nslcd[19066]: accepting connections
Aug 25 16:54:35 client.example.com systemd[1]: Started Naming services LDAP client daemon..
Aug 25 16:55:14 client.example.com nslcd[19066]: [8b4567] failed to bind to LDAP server ldap://15.0.0.1: Can’t contact LDAP server: Connection timed out
Aug 25 16:55:14 client.example.com nslcd[19066]: [8b4567] no available LDAP server found: Can’t contact LDAP server: Connection timed out
Aug 25 16:56:47 client.example.com nslcd[19066]: [7b23c6] failed to bind to LDAP server ldap://15.0.0.1: Can’t contact LDAP server: Transport endpoint is not connected
Aug 25 16:56:47 client.example.com nslcd[19066]: [7b23c6] no available LDAP server found: Can’t contact LDAP server: Transport endpoint is not connected
Thanks in Advance
Deepak
Hi Ramdev, very nicely explained the article. but i am facing below mentioned issue.
1. i have followed the steps as mentioned in article but not getting : getent command output.
kindly let me know the reason & solution.
[root@ldapmaster ~]# getent passwd jeevetha
[root@ldapmaster ~]# nothing getting.
slapcat output:-
[root@ldapmaster ~]# slapcat
The first database does not allow slapcat; using the first available one (2)
dn: dc=shiva,dc=com
objectClass: top
objectClass: domain
dc: shiva
structuralObjectClass: domain
entryUUID: 3abc86ec-d820-1033-9ae9-67219d7b460e
creatorsName: cn=Manager,dc=shiva,dc=com
createTimestamp: 20140924102102Z
entryCSN: 20140924102102.323033Z#000000#000#000000
modifiersName: cn=Manager,dc=shiva,dc=com
modifyTimestamp: 20140924102102Z
dn: ou=Groups,dc=shiva,dc=com
objectClass: top
objectClass: organizationalUnit
ou:: R3JvdXBzIA==
structuralObjectClass: organizationalUnit
entryUUID: 3abe5cc4-d820-1033-9aea-67219d7b460e
creatorsName: cn=Manager,dc=shiva,dc=com
createTimestamp: 20140924102102Z
entryCSN: 20140924102102.335061Z#000000#000#000000
modifiersName: cn=Manager,dc=shiva,dc=com
modifyTimestamp: 20140924102102Z
dn: ou=People,dc=shiva,dc=com
objectClass: top
objectClass: organizationalUnit
ou: People
structuralObjectClass: organizationalUnit
entryUUID: 3abf04d0-d820-1033-9aeb-67219d7b460e
creatorsName: cn=Manager,dc=shiva,dc=com
createTimestamp: 20140924102102Z
entryCSN: 20140924102102.339363Z#000000#000#000000
modifiersName: cn=Manager,dc=shiva,dc=com
modifyTimestamp: 20140924102102Z
dn: uid=jeevetha,ou=People,dc=shiva,dc=com
givenName: ldap
sn: user1
loginShell: /bin/bash
uidNumber: 1250
gidNumber: 1500
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
uid: jeevetha
cn: ldap user1
homeDirectory: /home/jeevetha
userPassword:: e1NTSEF9d1F2L1Y3eE84WVJvR2xWK0l3dUNMOGZobnhSb2RKZS8=
structuralObjectClass: inetOrgPerson
entryUUID: 14449e80-d822-1033-9aec-67219d7b460e
creatorsName: cn=Manager,dc=shiva,dc=com
createTimestamp: 20140924103416Z
entryCSN: 20140924103416.777242Z#000000#000#000000
modifiersName: cn=Manager,dc=shiva,dc=com
modifyTimestamp: 20140924103416Z
dn: cn=redhat,ou=Groups,dc=shiva,dc=com
objectClass: posixGroup
objectClass: top
cn: redhat
gidNumber: 1500
structuralObjectClass: posixGroup
entryUUID: 1448e7ce-d822-1033-9aed-67219d7b460e
creatorsName: cn=Manager,dc=shiva,dc=com
createTimestamp: 20140924103416Z
entryCSN: 20140924103416.805334Z#000000#000#000000
modifiersName: cn=Manager,dc=shiva,dc=com
modifyTimestamp: 20140924103416Z