Differences

This shows you the differences between two versions of the page.

--- tech:ldap:start [2017/09/18 12:24]
rk4n3 created
+++ tech:ldap:start [2019/06/08 13:09] (current)
rk4n3
@@ Line 1: / Line 1: @@
-====== LDAP Topics ======
+<typo fs:xx-large; fw:bold>LDAP Topics</typo>
+====== Installation & Configuration ======
-==== LDAP PHP Module ====
+==== Reset OpenLDAP root password ====
+<code>slappasswd -h "{SHA}"
+vim '/etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif'</code>
+==== LDAP PHP Module ====
   * yum install php-ldap
   * vim /etc/php.ini ... add: ''extension=ldap.so''
   * service httpd restart
+==== Active Directory server discovery ====
+In a command terminal: // (where the domain name is ''MS'') // <code>
+nslookup
+set type=all
+_ldap._tcp.dc._msdcs.MS
+</code>
+==== Apache 2.4 Auth via LDAP ====
+<code>
+# Git-smart HTTP/HTTPS back-end
+SetEnv GIT_PROJECT_ROOT /home/www/git
+SetEnv GIT_HTTP_EXPORT_ALL
+ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
+<Directory "/usr/libexec/git-core">
+        Options +ExecCGI
+        Order deny,allow
+        AuthType Basic
+        AuthName "Private Git Access"
+        AuthBasicProvider ldap
+        AuthLDAPURL "ldap://cosmos.samudio.net/dc=samudio,dc=net?uid?sub?"
+        AuthName "GIT -- Bluejay"
+#       AuthUserFile /home/www/git/.htpasswd
+        Require valid-user
+</Directory>
+</code>
+=== AuthLDAPURL for Active Directory ===
+<code>AuthLDAPURL "ldap://ad-ldap-prod.uhc.com:389/dc=ms,dc=ds,dc=uhc,dc=com?sAMAccountName?sub?(objectCategory=person)(objectClass=user)"</code>
+====== Notes ======
+<WRAP prewrap>
+<code>
+# Show all entries, as root ...
+ldapsearch -h cosmos -D dc=root,dc=samudio,dc=net -w rootpassword -b dc=samudio,dc=net "(objectClass=inetOrgPerson)"
+# Show all entries as authenticated user:
+ldapsearch -h cosmos -D "uid=msamud1,ou=person,dc=samudio,dc=net" -w yourpassword -b dc=samudio,dc=net
+# Show one searched-for entry:
+ldapsearch -h cosmos -D "uid=msamud1,ou=person,dc=samudio,dc=net" -w yourpassword -b dc=samudio,dc=net "(&(objectClass=inetOrgPerson)(sn=Samudio))"
+# To add an entry, something like:
+ldapadd -x -D "dc=root,dc=samudio,dc=net" -w rootpassword -f optum.ldif
+# Sample add.ldif content ...
+dn: uid=mattbot,ou=person,dc=samudio,dc=net
+objectclass: inetOrgPerson
+cn: Matt Bot
+sn: Bot
+uid: mattbot
+ou: InfoTech
+mail: mattbot@albertleadata.com
+mail: mattbot@albertleadata.org
+# To change an entry, something like:
+ldapmodify -x -D "dc=root,dc=samudio,dc=net" -w rootpassword -f chg.ldif
+# Sample chg.ldif content ...
+dn: uid=mattbot,ou=person,dc=samudio,dc=net
+changetype: modify
+add: ou
+ou: bluejayuser
+# Changing/adding a password for user, using root ...
+ldappasswd -xv -D dc=root,dc=samudio,dc=net -w rootpassword -S "uid=msamud1,ou=person,dc=samudio,dc=net"
+</code>
+</WRAP>
+==== Some specific settings ... ====
+<code>
+'ldap_host' => 'cosmos.samudio.net',
+'ldap_group' => 'bluejayuser',
+'ldap_udn' => 'dc=samudio,dc=net',
+'ldap_bind' => 'uid=%s,%s',
+'ldap_xia' => 'ou=person,dc=samudio,dc=net',
+'ldap_filter' => '(&(objectClass=inetOrgPerson)(uid=%s))',
+'ldap_key' => 'ou',
+</code>

Albert Lea Data Wiki

User Tools

Site Tools

Differences

Page Tools