When we configure a LDAP connection from Security Management to a directory server, we need to specify a LDAP profile in the account unit properties.
What’s the use of these LDAP profiles? They’re kind of translation tables to match UserDirectory LDAP request with the specific singularity of the directory server.
For example the Microsoft Active Directory has the attribute memberOfwhich describes the group membership of a user. In the standard LDAP scheme the attribute member is used.
So the LDAP profile Microsoft_AD has the field GroupMembership which contains the value memberOf and therefore the UserDirectory can find the groups correctly.
We have some pre-defined profiles for Microsoft_AD, Netscape_DS, Novell_DS and OPSEC_DS. They’re visible in the drop down menu of LDAP account unit properties but cannot be shown or modified anywhere else.
The documentation states that you can define your own profile, but doesn’t explain how. As the profiles are inside the object_5_0.C I would not encourage anyone to insert information directly in this file.
The safest way seems to be if you modify an existing profile using GUIDBedit. This way you can change values, but there’s no high risk of messing up with the structure of objects_5_0.C.
Post a Comment