Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Horizon Mobile Manager: Working with the embedded OpenLDAP (2036044)

Details

By default, the VMware® Horizon Mobile Manager™ virtual appliance includes a preconfigured, embedded OpenLDAP service. In production environments, you should configure the Horizon Mobile Manager virtual appliance to use your organization's LDAP or Active Directory naming service. However, the embedded OpenLDAP service is suitable for experimental use in proof-of-concept demonstrations.

Solution

When using the embedded OpenLDAP service in a demonstration or test environment, you might want to perform common LDAP operations such as adding new users, deleting existing users, and changing user passwords.

This information is intended for experienced system administrators who are familiar with standard LDAP operations and commands.

The embedded OpenLDAP server runs on TCP port 389. The OpenLDAP server is accessible only locally from the Linux console for the Horizon Mobile Manager virtual appliance. You can use standard LDAP commands to perform operations in the embedded OpenLDAP server. The required binaries (ldapadd, ldapsearch, ldapdelete, and ldapmodify) are installed in the virtual appliance.

By default, when the virtual appliance is installed and configured, the embedded OpenLDAP service is preconfigured with entries that have common names (cn)  that follow the pattern Enterprise User 1, Enterprise User 2, and so on. The users are preconfigured with the following attributes:
  • userPassword:vmware
  • sn:User
  • uid: In the pattern user1, user2, and so on
  • ou:  people
For example, the preconfigured entry for Enterprise User 1 has attribute values:

cn = Enterprise User 1
sn = User
mail = user1@mvp.org
uid = user1

During configuration of the virtual appliance, you specify the user account to use as the default system administrator. This account can log into the Horizon Mobile Manager administration interface and perform all operations. If you retained the default value during configuration of the virtual appliance, this user account is the preconfigured entry in the embedded LDAP service that has its cn attribute set to Admin User, its uid attribute set to admin, and its userPassword attribute set to vmware.

Base Distinguished Name (DN), Bind DN, and Bind PW

The base Distinguished Name (DN) for the embedded OpenLDAP server is dc=mvp, dc=org.
The bind DN is admin, and the bind PW is vmware.

Changing the Password for the Default System Administrator Entry

To change the password for the preconfigured administrator entry (uid: admin), create an LDAP Data Interchange Format (LDIF) file with the appropriate attribute settings and run the ldapmodify command to update the existing values to those in the LDIF file.
  1. Log into the virtual appliance from its console.
  2. Use a text editor to create a new LDIF file within the file system. For example, vi /home/tcserver/changepass.ldif
  3. Type the appropriate lines in the LDIF file and save the file. In this example, the password for the admin uid is changed to classic*CD:

    dn: uid=admin,ou=people,dc=mvp,dc=org
    changetype: modify
    replace: userPassword
    userPassword: classic*CD

  4. Run the following command:

    /usr/bin/ldapmodify -c -H ldap://127.0.0.1:389 -D 'cn=admin,dc=mvp,dc=org' -w vmware -f /home/tcserver/changepass.ldif

If your Horizon Mobile Manager instance uses the preconfigured user account as the default system administrator, the next time you log into the Horizon Mobile Manager administration interface, log in with admin and the new password.

Adding a User to the Embedded OpenLDAP

In demonstration environments, you might want to have user accounts that correspond to people in your organization or team, or use names other than the preconfigured ones. You can use an LDIF file and the standard ldapadd operation to add new entries to the OpenLDAP service. For example, create an LDIF file named addentry.ldif, that contains the following lines to define an entry for individual Stacy Barr, with uid:sbarr and userPassword:stacy*b.

dn: uid=sbarr,ou=people,dc=mvp,dc=org
objectclass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Stacy Barr
sn: Barr
uid:sbarr
mail: s.barr@mvp.org
userPassword: stacy*b

In the virtual appliance console, run the following command to add the entry:

/usr/bin/ldapadd -c -H ldap://127.0.0.1:389 -D 'cn=admin,dc=mvp,dc=org' -w vmware -f /home/tcserver/addentry.ldif

Removing a User from the Embedded OpenLDAP

Use the ldapdelete command in the virtual appliance console to remove an entry from the embedded OpenLDAP service. For example, to remove the preconfigured user50 entry, run:

/usr/bin/ldapdelete -c -H ldap://127.0.0.1:389 -D 'cn=admin,dc=mvp,dc=org' -w vmware "uid=user50,ou=people,dc=mvp,dc=org"

Changing User Passwords

Similar to the steps for changing the password of the default admin account, to change passwords for users, you can use an LDIF file and the standard ldapmodifyoperation. To change more than one user's password using a single LDIF file in one ldapmodify operation, include in the file a four-line block for each user, with each block separated by a blank line.

For example, a LDIF file named changeuserpwd.ldif has the following lines to change the passwords for preconfigured user21, user22, user23, and user24:

dn: uid=user21,ou=people,dc=mvp,dc=org
changetype: modify
replace: userPassword
userPassword: user*21

dn: uid=user22,ou=people,dc=mvp,dc=org
changetype: modify
replace: userPassword
userPassword: user*22

dn: uid=user23,ou=people,dc=mvp,dc=org
changetype: modify
replace: userPassword
userPassword: user*23

dn: uid=user24,ou=people,dc=mvp,dc=org
changetype: modify
replace: userPassword
userPassword: user*24

Then run the ldapmodify command using that LDIF file.

/usr/bin/ldapmodify -c -H ldap://127.0.0.1:389 -D 'cn=admin,dc=mvp,dc=org' -w vmware -f /home/tcserver/changeuserpwds.ldif

Using Other OpenLDAP Commands

You can use standard OpenLDAP commands with the embedded OpenLDAP service. For more information on OpenLDAP, see OpenLDAP, Main Page.
Note: The preceding link was correct as of November 5, 2012. If you find that the link is broken, please provide feedback and a VMware employee will update the link.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 0 Ratings
Actions
KB: