Using an LDIF File
1. Creating an LDIF File
Specify in the LDIF file role configuration and user information to be registered in the SSO repository. Modify role configuration and user information set in the sample LDIF file as necessary.
Refer to Role Configuration Entry and User Information Entry for details of the entry attributes of role configuration and user information.
Note the following points for creating an LDIF file:
• Do not insert a blank line at the beginning of the LDIF file. If a blank line is inserted, none of the entries in the LDIF file are registered.
• Insert a blank line between entry information items to separate entry information. If two or more blank lines continue, subsequent entries are not registered.
If the default value of [Public directory] has been changed during creation of an SSO repository, change the bold characters of the sample LDIF file to the directory set in [Public directory].
If 'No' is selected in [Create default tree?], add the following specification example to the beginning of the sample LDIF file.
Example
In this example, the following entries are registered: Public directory: ou=interstage,o=fujitsu,dc=com
Access control information registration destination entry: ou=SSO ACI,ou=interstage,o=fujitsu,dc=com Role configuration registration destination entry: ou=Role,ou=SSO ACI,ou=interstage,o=fujitsu,dc=com Protection resource registration destination entry: ou=Resource,ou=SSO
ACI,ou=interstage,o=fujitsu,dc=com
Repository Server Setup
objectClass: organizationalUnit objectClass: top
ou: Role
dn: ou=Resource,ou=SSO ACI,ou=interstage,o=fujitsu,dc=com
objectClass: organizationalUnit objectClass: top ou: Resource dn: ou=User,ou=interstage,o=fujitsu,dc=com objectClass: organizationalUnit objectClass: top ou: User
The following section shows the name of the sample LDIF file and storage directory:
LDIF File Name
sample.ldif
LDIF file storage directory
C:\Interstage\F3FMsso\ssoatcsv\sample\ldif
/opt/FJSVssosv/sample/ldif
# #
# Interstage Single Sign-on #
# Repository(Directory) Entry sample LDIF # # #****************************************************** # # Role definition # #****************************************************** # Entry: Role: Admin
dn: cn=Admin,ou=Role,ou=SSO ACI,ou=interstage,o=fujitsu,dc=com
<- Registration destination entry of role name "Admin"
objectClass: ssoRole <- Mandatory object class
objectClass: top <- Mandatory object class
cn: Admin <- Role name
# Entry: Role: Leader
dn: cn=Leader,ou=Role,ou=SSO ACI,ou=interstage,o=fujitsu,dc=com
<- Registration destination entry of role name "Leader"
objectClass: top <- Mandatory object class
cn: Leader <- Role name
# Entry: Role: General
dn: cn=General,ou=Role,ou=SSO ACI,ou=interstage,o=fujitsu,dc=com
<- Registration destination entry of role name "General"
objectClass: ssoRole <- Mandatory object class
objectClass: top <- Mandatory object class
cn: General <- Role name
# Entry: RoleSet: AdminSet
dn: cn=AdminSet,ou=Role,ou=SSO ACI,ou=interstage,o=fujitsu,dc=com
<- Registration destination entry of role set name "AdminSet"
ssoRoleName: Admin <- Role to be set in role set
objectClass: ssoRoleSet <- Mandatory object class
objectClass: top <- Mandatory object class
cn: AdminSet <- Role set name
# Entry: RoleSet: LeaderSet
dn: cn=LeaderSet,ou=Role,ou=SSO ACI,ou=interstage,o=fujitsu,dc=com
<- Registration destination entry of role set name "LeaderSet"
ssoRoleName: AdminSet <- Role set to be set in role set
ssoRoleName: Leader <- Role to be set in role set
objectClass: ssoRoleSet <- Mandatory object class
objectClass: top <- Mandatory object class
cn: LeaderSet <- Role set name
# Entry: RoleSet: GeneralSet
dn: cn=GeneralSet,ou=Role,ou=SSO ACI,ou=interstage,o=fujitsu,dc=com
<- Registration destination entry of role set name "GeneralSet"
ssoRoleName: LeaderSet <- Role set to be set in role set
Repository Server Setup
# User definition #
#****************************************************** # Entry: User: user001
dn: cn=user001,ou=User,ou=interstage,o=fujitsu,dc=com
<- Registration destination entry of user "user001"
objectClass: top <- Mandatory object class
objectClass: person <- Mandatory object class
objectClass: organizationalPerson <- Mandatory object class
objectClass: inetOrgPerson <- Mandatory object class
objectClass: ssoUser <- Mandatory object class
uid: user001 <- User ID at password authentication
userPassword: user001 <- Password at password authentication
mail: [email protected] <- Mail address
employeeNumber: 100001 <- Employee number
ssoRoleName: Admin <- Role name
ssoAuthType: basicAuthOrCertAuth <- Authentication method
ssoCredentialTTL: 60 <- Re-authentication interval
ssoNotBefore: 20010101090000+0900 <- Use start time
sn: user001 <- Last name
cn: user001 <- First and last name
# Entry: User: user002
dn: cn=user002,ou=User,ou=interstage,o=fujitsu,dc=com
<- Registration destination entry of user "user002"
objectClass: top <- Mandatory object class
objectClass: person <- Mandatory object class
objectClass: organizationalPerson <- Mandatory object class
objectClass: inetOrgPerson <- Mandatory object class
objectClass: ssoUser <- Mandatory object class
uid: user002 <- User ID at password authentication
userPassword: user002 <- Password at password authentication
mail: [email protected] <- Mail address
ssoRoleName: Admin <- Role name
ssoAuthType: basicAuthOrCertAuth <- Authentication method
ssoCredentialTTL: 60 <- Re-authentication interval
ssoNotBefore: 20010101090000+0900 <- Use start time
sn: user002 <- Last name
cn: user002 <- First and last name
# Entry: User: user003
dn: cn=user003,ou=User,ou=interstage,o=fujitsu,dc=com
<- Registration destination entry of user "user003"
objectClass: top <- Mandatory object class
objectClass: person <- Mandatory object class
objectClass: organizationalPerson <- Mandatory object class
objectClass: inetOrgPerson <- Mandatory object class
objectClass: ssoUser <- Mandatory object class
uid: user003 <- User ID at password authentication
userPassword: user003 <- Password at password authentication
mail: [email protected] <- Mail address
employeeNumber: 100003 <- Employee number
ssoRoleName: Leader <- Role name
ssoAuthType: basicAuth <- Authentication method
ssoCredentialTTL: 60 <- Re-authentication interval
ssoNotBefore: 20010101090000+0900 <- Use start time
sn: user003 <- Last name
Repository Server Setup
objectClass: inetOrgPerson <- Mandatory object class
objectClass: ssoUser <- Mandatory object class
uid: user004 <- User ID at password authentication
userPassword: user004 <- Password at password authentication
mail: [email protected] <- Mail address
employeeNumber: 100004 <- Employee number
ssoRoleName: Leader <- Role name
ssoAuthType: basicAuth <- Authentication method
ssoCredentialTTL: 60 <- Re-authentication interval
ssoNotBefore: 20010101090000+0900 <- Use start time
sn: user004 <- Last name
cn: user004 <- First and last name
# Entry: User: user005
dn: cn=user005,ou=User,ou=interstage,o=fujitsu,dc=com
<- Registration destination entry of user "user005"
objectClass: top <- Mandatory object class
objectClass: person <- Mandatory object class
objectClass: organizationalPerson <- Mandatory object class
objectClass: inetOrgPerson <- Mandatory object class
objectClass: ssoUser <- Mandatory object class
uid: user005 <- User ID at password authentication
userPassword: user005 <- Password at password authentication
mail: [email protected] <- Mail address
employeeNumber: 100005 <- Employee number
ssoRoleName: General <- Role name
ssoAuthType: basicAuthAndCertAuth <- Authentication method
ssoCredentialTTL: 60 <- Re-authentication interval
ssoNotBefore: 20020101090000+0900 <- Use start time
cn: user005 <- First and last name
# Entry: User: user006
dn: cn=user006,ou=User,ou=interstage,o=fujitsu,dc=com
<- Registration destination entry of user "user006"
objectClass: top <- Mandatory object class
objectClass: person <- Mandatory object class
objectClass: organizationalPerson <- Mandatory object class
objectClass: inetOrgPerson <- Mandatory object class
objectClass: ssoUser <- Mandatory object class
uid: user006 <- User ID at password authentication
userPassword: user006 <- Password at password authentication
mail: [email protected] <- Mail address
employeeNumber: 100006 <- Employee number
ssoRoleName: General <- Role name
ssoAuthType: CertAuth <- Authentication method
ssoCredentialTTL: 60 <- Re-authentication interval
ssoNotBefore: 20020101090000+0900 <- Use start time
ssoNotAfter: 20021201085959+0900 <- Use exit time
sn: user006 <- Last name
cn: user006 <- First and last name