22.4.5 Initializing an Organization in LDAP

Before you can define people, groups, servers, printers, and other entitles for your organization, you must first set up information in LDAP for the organization itself.

To define an organization in LDAP:

  1. Create an LDIF file that defines the organization, for example mydom-com-organization.ldif:

    # Organization mydom.com
    dn: dc=mydom,dc=com
    dc: mydom
    objectclass: dcObject
    objectclass: organizationalUnit
    ou: mydom.com
    # Users
    dn: ou=People,dc=mydom,dc=com
    objectClass: organizationalUnit
    ou: people
    # Groups
    dn: ou=Groups,dc=mydom,dc=com
    objectClass: organizationalUnit
    ou: groups
  2. If you have configured LDAP authentication, use the ldapadd command to add the organization to LDAP:

    # ldapadd -cxWD "cn=admin,dc=mydom,dc=com" -f mydom-com-organization.ldif
    Enter LDAP Password: admin_password
    adding new entry "dc=mydom,dc=com"
    adding new entry "ou=People,dc=mydom,dc=com"
    adding new entry "ou=Groups,dc=mydom,dc=com"

    If you have configured Kerberos authentication, use kinit to obtain a ticket granting ticket (TGT) for the admin principal, and use this form of the ldapadd command:

    # ldapadd -f mydom-com-organization.ldif

For more information, see the ldapadd(1) manual page.