Graças a resposta do larsks , eis o que fiz.
Primeiro, aqui está uma extração da configuração padrão com o Ubuntu 12.04 (arquivo /etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif
):
dn: olcDatabase={1}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=nodomain
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
s auth by dn="cn=admin,dc=nodomain" write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=nodomain" write by * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=nodomain
Então criei o seguinte change_suffix.ldif
:
dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: o=myorganization,c=fr
-
replace: olcRootDN
olcRootDN: cn=admin,o=myorganization,c=fr
-
replace: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,o=myorganization,c=fr" write by * none
olcAccess: {2}to * by self write by dn="cn=admin,o=myorganization,c=fr" write by * read
e adicionei ao meu ldap com o seguinte comando:
sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f change_suffix.ldif
Agora eu tive que criar o nó da organização com o seguinte myorganization.ldif
:
dn: o=myorganization,c=fr
objectclass: organization
o: myorganization
E, finalmente, adicione-o com o seguinte comando (o primeiro não funcionou devido a Insufficient access (50)
):
ldapadd -x -D cn=admin,o=myorganization,c=fr -W -f myorganization.ldif
Agora, posso adicionar as unidades organizacionais:
dn: ou=GROUPS, o=myorganization,c=fr
ou: GROUPS
objectClass: top
objectClass: organizationalunit
dn: ou=MYAPP, ou=GROUPS, o=myorganization,c=fr
ou: MYAPP
objectClass: top
objectClass: organizationalunit
dn: ou=MYREGION, ou=MYAPP, ou=GROUPS, o=myorganization,c=fr
ou: MYREGION
objectClass: top
objectClass: organizationalunit