Appendix B - The configuration file for LDAP at The University of Kent

 

The contents of slapd.conf for the Openldap at The University of Kent have the following lines, among other:

 
# This includes the PMI related definitions - attributeCertificateAttribute, pmiUser, etc
include /etc/openldap/schema/pmi.schema
 
# This allows mod_auth_ldap to use authentication - it uses LDAP v2 protocol
allow bind_v2
 
# Access Control List to allow anonymous binds for authentication and read operations
# we don't allow modifications to anyone, but Root
access to *
       by * read
       by * auth
 
# we have more than one country in our LDAP
suffix ""

The contents of /etc/openldap/schema/pmi.schema are as follows:

 
attributetype (2.5.4.58 NAME 'attributeCertificateAttribute'
  DESC 'A binary attribute certificate'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.8)
 
attributetype (1.2.826.0.1.3344810.1.1.14 NAME 'permisRole'
  DESC 'A permisRole to be passed to Shibboleth'
  SUP name)
 
objectclass (2.5.6.24 NAME 'pmiUser'
  SUP top AUXILIARY
  DESC 'a pmi entity that can contain X509 ACs'
  MAY (attributeCertificateAttribute $ associatedDomain $ permisRole $ uid))

 


If you have any further queries regarding PERMIS SAAM, please contact either:

Wensheng Xu at w.xu@kent.ac.uk 

or

Alexander Otenko at: o.otenko@kent.ac.uk