Built-in LDAP

Unless you’ve configured your Mu server to use another directory service, it will use its bundled installation of 389 Directory Services. Users created by mu-user-manage are stored here. Note that this does not include the default root/mu system user.

We’re using 389 DS’ built-in schema, but not all software knows by default how to look for the particular object classes/attributes we’re using (our design may merit a custom schema in the future). If you’re configuring software to authenticate against Mu’s LDAP, you may need to know the following:

Users (inetorgperson) are in OU=Users,OU=Mu,DC=platform-mu: - uid: system username - employeeNumber: Numeric POSIX uid - departmentNumber: Numeric POSIX gid for default group - cn, displayName, and givenName + sn: Firstname Lastname - mail: email address - userPassword: password (write-only)

Groups (posixGroup) are in OU=Groups,OU=Mu,DC=platform-mu: - cn: group name - description: Human-friendly descriptive string - gidNumber: Numeric POSIX gid - memberUid: username(s) of group members (same as uid attribute in inetorguser)