LDAP

LDAP 目錄結構組成 DN，Distinguished Name：識別名稱，LDAP 中一筆記錄的位置 RDN，Relative Distinguished Name：相對識別名稱，CN 及 CN 的值。例如：cn=deyu 獨一無二的屬性。 CN，Common Name/uid：顯示名稱，一筆 LDAP 記錄的名字/ID OU，Organizational Unit：組織，一筆 LDAP 記錄所屬組織 DC，Domain Componet：網域元件，一筆 LDAP 記錄所屬區域 LDAP DN例子：在 deyu.wang 網域內 people 組織中使用者 dywtest。 dn: cn=dywtest,ou=people,dc=deyu,dc=wang

Redhat 389 Directory Server

8.5. Managing Organizational Units | Red Hat Product Documentation
389 Directory Server - Howto: Users and Groups
GitHub - slominskir/keycloak_ldap: Docker Compose with Keycloak and 389 LDAP Directory Server
- use the "Users" page directly in test-realm will fail
  - workaround: after log in keycloak, need to change the "User federation" test-realm-ldap-provider
    - Users DN from ou=people,dc=example,dc=com into ou=People,dc=example,dc=com

dsidm localhost -b "dc=example,dc=com" account list
dsidm localhost -b "dc=example,dc=com" organizationalunit list
dsidm localhost -b "dc=example,dc=com" organizationalunit create --ou Groups
dsidm localhost -b "dc=example,dc=com" group create
dsidm localhost -b "dc=example,dc=com" user list
# (option 1)create user
# not working in slominskir/keycloak_ldap container
dsidm localhost -b "dc=example,dc=com" user create

# (option 2)create user
# works in this slominskir/keycloak_ldap container
ldapadd -D "cn=Directory Manager" -w password -H ldap://ldap:3389 -x <<EOF
dn: uid=william,ou=People,dc=example,dc=com
uid: william
givenName: William 
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
sn: Brown
cn: William
EOF

dsidm localhost group add_member my_awesome_group uid=william,ou=People,dc=example,dc=com
dsidm localhost user get william

dsidm localhost account reset_password uid=jdoe,ou=People,dc=example,dc=com