[ This post is part of my ongoing instructional series on setting up some baseline IT infrastructure for the fictional startup Shoestring Lab. Shoestring has committed to using Open Source wherever possible. Shoestring Lab has standardized on Ubuntu for its server and desktop/laptop computer systems.

Today's lesson

Part of your job is managing user access to various internal computer resources. This task involves adding groups to OpenLDAP.]

 

Now that you have a working OpenLDAP installation and you have installed Apache Directory Studio to manage it, you are probably looking to add groups to manage access to your system services.

Adding Groups

First, you will create a general group for users and another group for email accounts. Open Apache DS and connect to your OpenLDAP Server. Open the root DSE until you see the entry for ou=groups. Select that node in Apache DS:

Right-click on the node and select New > New Entry.

Click Next and type group into the box at left, then select groupOfUniqueNames:

Click Add to add groupOfUniqueNames. top is added as a dependency:

Click Next. For the RDN, enter cn on the left and email on the right:

Click Next. The wizard will prompt you to enter a value under uniqueMember:

You don't need to add anything yet, so just click Finish. You should now have an entry for cn=email under ou=groups in your tree.

Repeat these steps for the users group. You should now have two entries under your ou=groups node.

Next, you will add users to the directory.