Operating Systems


The search you just executed uses an anonymous bind, which means anyone who knows the address of your LDAP server can access it. The option that controls this feature is turned on in the configuration file. You don’t need to specify credentials on the bind (in the search parameters). This presents a security exposure that you will fix later.

Before you populate the database, you need to add a few schemas to the configuration. A schema helps define LDAP objects and their characteristics, such as what a telephone number is used for, what other fields it may depend on, and how it’s formatted.

When using the LDBM back-end, you need to add two z/VM distributed schemas, USRSCHEM LDIF and IBMSCHEM LDIF, to the LDAP server. They’re on TCPMAINTs 591 disk. The commands to add them are:

ldapmdfy -h -D "cn=Admin" -w

secret -f //USRSCHEM.LDIF -u on

ldapmdfy -h -D "cn=Admin" -w

secret -f //IBMSCHEM.LDIF -u on

The -D flag identifies the LDAP user to be used to bind (or connect) to the LDAP server. The -f flag denotes a filename where the LDIF file resides. The -u option, when turned on, will replace any existing schema items. LDIF stands for LDAP Data Interchange Format and is a standard file format for exchanging data between LDAP servers. An LDIF file can be input to an LDAP operation or output from an LDAP operation and the file can then be transported to another LDAP server.

When these commands execute, only one response is expected:

6 Pages