TDS/SDS Blogs

So....just how many entries is under that LDAP Branch??

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

 SDS/TDS Fix Patches:

This will be very simple and concise.   If you work with TDS or SDS (Security Directory Server) - from time to time you NEED to apply the latest fixes and patches from IBM.  To do this is simple.  Just following the 1-2-3 process below:

 

Step 1:

Goto the IBM support website and search for your version of SDS/TDS and get the latest /recommended fixes - download them.  Yes you need to have appropriate access via a login ID.

Fix will look like this (example):

6.4.0.12-ISS-ISDS-Linux-IF0012.zip

Step #2:

After you have downloaded the fix patch code, you will need to place in some accessable folder and unzip.

Then enter into the resulting folder - generally the same as the zip file name.

Step #3:

*see the log file: /tmp/idsinstall_07-10-16-08-20-26.log  for more details

 

So....just how many entries is under that LDAP Branch??

User Rating: 3 / 5

Star ActiveStar ActiveStar ActiveStar InactiveStar Inactive

 SDS/TDS Fix Patches:

This will be very simple and concise.   If you work with TDS or SDS (Security Directory Server) - from time to time you NEED to apply the latest fixes and patches from IBM.  To do this is simple.  Just following the 1-2-3 process below:

 

Step 1:

Goto the IBM support website and search for your version of SDS/TDS and get the latest /recommended fixes - download them.  Yes you need to have appropriate access via a login ID.

Fix will look like this (example):

6.4.0.12-ISS-ISDS-Linux-IF0012.zip

Step #2:

After you have downloaded the fix patch code, you will need to place in some accessable folder and unzip.

Then enter into the resulting folder - generally the same as the zip file name.

Step #3:

Now the last process step is the execute the install of the patch.  The program called idsinstall is used to do this.  Example of the format is as follows:

==> ./idsinstall -u -f

* You must be in the directory where the fixpatch is located.

Results:

IBM Security Directory Server 6.4.0.0 license Agreement has already been accepted and is in /opt/ibm/ldap/V6.4/license

Force installing the following update packages:

./images/idsldap-clt32bit64-6.4.0.12.linux.rpm

./images/idsldap-clt64bit64-6.4.0.12.linux.rpm

./images/idsldap-cltbasebit64-6.4.0.12.linux.rpm

./images/idsldap-msg64-en-6.4.0.12.noarch.rpm

./images/idsldap-srv64bit64-6.4.0.12.linux.rpm

./images/idsldap-srvbase64bit64-6.4.0.12.linux.rpm

./images/idsldap-cltjava64bit64-6.4.0.12.linux.rpm

 ..

..

ALL Packages were installed successfully!

*see the log file: /tmp/idsinstall_07-10-16-08-20-26.log  for more details

 

So....just how many entries is under that LDAP Branch??

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

 

I have seen a couple of tools that shows the number of entries (or typically users or objects) under a LDAP branch (node).  Working with a colleague who is helping to improve our LDAP Browser, we wanted to add that "nice to know" feature to the tree.  So that is where "numSubordinates" comes in to play.

The ldap search has a great number of parameter to get data about the structure and schema and it's contents.  Here I want to quickly show the power of that one little parm.  Without it, we would have to dump the entire tree of objects and do some type of scripting to read and count each one.  Fortunately, the numSubordinate will do that job for us.  See below:

 

From Search Command:

zflexldap: # idsldapsearch -D cn=root -w ? -h localhost -p 53889 -b "ou=members,ou=megachurch,o=church,dc=zflexsoftware,dc=com" -s base "objectclass=*" numSubordinates

Results:

ou=members,ou=megachurch,o=church,dc=zflexsoftware,dc=com

numSubordinates=12655

From Search Command (megachurch OU branch difference):

zflexldap:# idsldapsearch -D cn=root -w ? -h localhost -p 53889 -b "ou=megachurch,o=church,dc=zflexsoftware,dc=com" -s base "objectclass=*" numSubordinates

Results:

ou=megachurch,o=church,dc=zflexsoftware,dc=com

numSubordinates=2

From Search Command (staff OU branch):

zflexldap: # idsldapsearch -D cn=root -w ? -h localhost -p 53889 -b "ou=staff,ou=megachurch,o=church,dc=zflexsoftware,dc=com" -s base "objectclass=*" numSubordinates

ou=staff,ou=megachurch,o=church,dc=zflexsoftware,dc=com

numSubordinates=3

Visual example:

 

So....just how many entries is under that LDAP Branch??

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

 

I have seen a couple of tools that shows the number of entries (or typically users or objects) under a LDAP branch (node).  Working with a colleague who is helping to improve our LDAP Browser, we wanted to add that "nice to know" feature to the tree.  So that is where "numSubordinates" comes in to play.

OK.  Gotcha.

So, by read/write/update/compare, I assume you do not want any "add child entry" or "delete entry", is that correct?

For later reading, you can learn about ACL Access Evaluation here: http://www.ibm.com/support/knowledgecenter/en/SSVJJU_6.3.0/com.ibm.IBMDS.doc/admin_gd420.htm#accesseval

And ACL Propagation here: http://www.ibm.com/support/knowledgecenter/SSVJJU_6.3.0/com.ibm.IBMDS.doc/admin_gd419.htm#propagation

 

If my assumption above is correct, you would model it similar to the aclEntry for TDSAdmins, but change the "object:ad" to "object:deny:ad" - where "a" means "add" and "d" is for "delete entry".

 

aclEntry:

    group:CN=ADMINGRP,OU=GROUP,OU=GUESTS,DC=zFLEXSOFTWARE,DC=COM:

        restricted:rwsc:

        system:rwsc:

        critical:rwsc:

        sensitive:rwsc:

        normal:rwsc:

        object:deny:ad

 

Such that the command for adding this aclEntry on any branch will look like this:

LDIF CONTENTS:

 

dn: <branch DN>

changetype: modify

add: aclEntry

aclEntry: group:CN=ADMINGRP,OU=GROUP,OU=GUESTS,DC=zFLEXSOFTWARE,DC=COM:restricted:rwsc:system:rsc:critical:rwsc:sensitive:rwsc:normal:rwsc:object:deny:ad

 

 

 

 

 

Previous Next

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

While the Web Administration Tool is the preferred method, updates to the server configuration file can be made using LDAP utilities. The LDAP modify requests can be generated by:
•A C-application using the C-client provided with the IBM® Tivoli® Directory Server
•A Java™ application using JNDI
•Any other interface that generates a standard V3 LDAP.

Examples that are provided use the idsldapmodify command line utility.

The idsldapmodify command can be run either in interactive mode or with input specified in a file. For most examples in this guide, the file contents to be used with the idsldapmodify command are supplied. The general form of the command to use with these files is:
idsldapmodify -D <adminDN> —w <password> —i <filename>

To update the server configuration settings dynamically, you need to issue the following idsldapexop commands. This command updates all configuration settings that are dynamic: 
idsldapexop -D <adminDN> -w <adminPW> -op readconfig -scope entire

This command updates a single setting. 
idsldapexop -D <adminDN> -w<adminPW> -op readconfig -scope single <entry DN>
<attribute>

About zFlex Software

zFlex Software have over of 25 years experience working with the IT field.  Over 15 years working directly with IBM products and projects in Enterprise System Environments.  We focus on IBM product installation, Infrastructure Setup and Solution Design in the Mainframe (z/OS), Linux, Solaris and Window platforms.   Knowledge of these various platforms makes our consulting very flexible for Integration tasks around these various platforms, enabling zFlex to meet your business needs.

© 2016 zFlex Software,LLC. All Rights Reserved. Designed By zFlex Software

Search