Horizon Mobile Manager: Working with the embedded OpenLDAP (2036044)
This information is intended for experienced system administrators who are familiar with standard LDAP operations and commands.
The embedded OpenLDAP server runs on TCP port 389. The OpenLDAP server is accessible only locally from the Linux console for the Horizon Mobile Manager virtual appliance. You can use standard LDAP commands to perform operations in the embedded OpenLDAP server. The required binaries (ldapadd, ldapsearch, ldapdelete, and ldapmodify) are installed in the virtual appliance.
By default, when the virtual appliance is installed and configured, the embedded OpenLDAP service is preconfigured with entries that have common names (cn) that follow the pattern Enterprise User 1, Enterprise User 2, and so on. The users are preconfigured with the following attributes:
- uid: In the pattern user1, user2, and so on
- ou: people
cn = Enterprise User 1
sn = User
mail = email@example.com
uid = user1
Base Distinguished Name (DN), Bind DN, and Bind PWThe base Distinguished Name (DN) for the embedded OpenLDAP server is dc=mvp, dc=org.
The bind DN is admin, and the bind PW is vmware.
Changing the Password for the Default System Administrator EntryTo change the password for the preconfigured administrator entry (uid: admin), create an LDAP Data Interchange Format (LDIF) file with the appropriate attribute settings and run the ldapmodify command to update the existing values to those in the LDIF file.
- Log into the virtual appliance from its console.
- Use a text editor to create a new LDIF file within the file system. For example, vi /home/tcserver/changepass.ldif
- Type the appropriate lines in the LDIF file and save the file. In this example, the password for the admin uid is changed to classic*CD:
- Run the following command:
/usr/bin/ldapmodify -c -H ldap://127.0.0.1:389 -D 'cn=admin,dc=mvp,dc=org' -w vmware -f /home/tcserver/changepass.ldif
Adding a User to the Embedded OpenLDAPIn demonstration environments, you might want to have user accounts that correspond to people in your organization or team, or use names other than the preconfigured ones. You can use an LDIF file and the standard ldapadd operation to add new entries to the OpenLDAP service. For example, create an LDIF file named addentry.ldif, that contains the following lines to define an entry for individual Stacy Barr, with uid:sbarr and userPassword:stacy*b.
cn: Stacy Barr
/usr/bin/ldapadd -c -H ldap://127.0.0.1:389 -D 'cn=admin,dc=mvp,dc=org' -w vmware -f /home/tcserver/addentry.ldif
Removing a User from the Embedded OpenLDAPUse the ldapdelete command in the virtual appliance console to remove an entry from the embedded OpenLDAP service. For example, to remove the preconfigured user50 entry, run:
/usr/bin/ldapdelete -c -H ldap://127.0.0.1:389 -D 'cn=admin,dc=mvp,dc=org' -w vmware "uid=user50,ou=people,dc=mvp,dc=org"
Changing User PasswordsSimilar to the steps for changing the password of the default admin account, to change passwords for users, you can use an LDIF file and the standard ldapmodifyoperation. To change more than one user's password using a single LDIF file in one ldapmodify operation, include in the file a four-line block for each user, with each block separated by a blank line.
For example, a LDIF file named changeuserpwd.ldif has the following lines to change the passwords for preconfigured user21, user22, user23, and user24:
/usr/bin/ldapmodify -c -H ldap://127.0.0.1:389 -D 'cn=admin,dc=mvp,dc=org' -w vmware -f /home/tcserver/changeuserpwds.ldif
Using Other OpenLDAP CommandsYou can use standard OpenLDAP commands with the embedded OpenLDAP service. For more information on OpenLDAP, see OpenLDAP, Main Page.
Note: The preceding link was correct as of November 5, 2012. If you find that the link is broken, please provide feedback and a VMware employee will update the link.