Appendix B - The configuration file for LDAP at The University of Kent

 

The contents of slapd.conf for the Openldap at The University of Kent have the following lines, among other:

# This includes the PMI related definitions - attributeCertificateAttribute, pmiUser, etc

include /etc/openldap/schema/pmi.schema

# This allows mod_auth_ldap to use authentication - it uses LDAP v2 protocol

allow bind_v2

# Access Control List to allow anonymous binds for authentication and read operations

# we don't allow modifications to anyone, but Root

access to *

       by * read

       by * auth

# we have more than one country in our LDAP

suffix ""

The contents of /etc/openldap/schema/pmi.schema are as follows:

attributetype (2.5.4.58 NAME 'attributeCertificateAttribute'

  DESC 'A binary attribute certificate'

  SYNTAX 1.3.6.1.4.1.1466.115.121.1.8)

attributetype (1.2.826.0.1.3344810.1.1.14 NAME 'permisRole'

  DESC 'A permisRole to be passed to Shibboleth'

  SUP name)

objectclass (2.5.6.24 NAME 'pmiUser'

  SUP top AUXILIARY

  DESC 'a pmi entity that can contain X509 ACs'

  MAY (attributeCertificateAttribute $ associatedDomain $ permisRole $ uid))

 

If you have any further queries regarding PERMIS SAAM, please contact either:

Wensheng Xu at w.xu@kent.ac.uk 

or

Alexander Otenko at: o.otenko@kent.ac.uk