5.2. Setting up Users to Be Enrolled


When the Token Processing System is installed, one of its configuration settings is the LDAP directory which contains the users who are allowed to enroll a token. Only users who are stored within this authentication directory are allowed to enroll, format, or have a token. Before attempting to enroll a token or smart card, make sure that the person requesting the operation has an entry in the LDAP directory.
The TPS is configured to look at a specific base DN in the LDAP directory. This is configured in the TPS's CS.cfg:
 auth.instance.0.baseDN=dc=example,dc=com    
 auth.instance.0.hostport=server.example.com:389
For a user to be allowed to enroll a token, the user must be somewhere below the base DN.
If the user does not already have an entry, then the administrator must add the user to the specified LDAP directory in the specified base DN before any tokens can be enrolled for the user.
 /usr/bin/ldapmodify -a -D "cn=Directory Manager" -w secret -p 389 -h server.example.com    

 dn: uid=jsmith,ou=People, dc=example,dc=com    
 objectclass: person
 objectclass: inetorgperson
 objectclass: top
 uid: jsmith
 cn: John Smith
 email: jsmith@example.com
 userPassword: secret
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.