User Tools
tech:ldap:start
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
tech:ldap:start [2017/09/18 15:55] rk4n3 |
tech:ldap:start [2019/06/08 13:09] (current) rk4n3 |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== LDAP Topics ====== | + | <typo fs:xx-large; fw:bold>LDAP Topics</typo> |
| + | ====== Installation & Configuration ====== | ||
| + | |||
| + | ==== Reset OpenLDAP root password ==== | ||
| + | <code>slappasswd -h "{SHA}" | ||
| + | vim '/etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif'</code> | ||
| ==== LDAP PHP Module ==== | ==== LDAP PHP Module ==== | ||
| Line 11: | Line 16: | ||
| set type=all | set type=all | ||
| _ldap._tcp.dc._msdcs.MS | _ldap._tcp.dc._msdcs.MS | ||
| + | </code> | ||
| + | |||
| + | ==== Apache 2.4 Auth via LDAP ==== | ||
| + | <code> | ||
| + | # Git-smart HTTP/HTTPS back-end | ||
| + | SetEnv GIT_PROJECT_ROOT /home/www/git | ||
| + | SetEnv GIT_HTTP_EXPORT_ALL | ||
| + | ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/ | ||
| + | |||
| + | <Directory "/usr/libexec/git-core"> | ||
| + | Options +ExecCGI | ||
| + | Order deny,allow | ||
| + | AuthType Basic | ||
| + | AuthName "Private Git Access" | ||
| + | AuthBasicProvider ldap | ||
| + | AuthLDAPURL "ldap://cosmos.samudio.net/dc=samudio,dc=net?uid?sub?" | ||
| + | AuthName "GIT -- Bluejay" | ||
| + | # AuthUserFile /home/www/git/.htpasswd | ||
| + | Require valid-user | ||
| + | </Directory> | ||
| + | </code> | ||
| + | |||
| + | === AuthLDAPURL for Active Directory === | ||
| + | <code>AuthLDAPURL "ldap://ad-ldap-prod.uhc.com:389/dc=ms,dc=ds,dc=uhc,dc=com?sAMAccountName?sub?(objectCategory=person)(objectClass=user)"</code> | ||
| + | |||
| + | |||
| + | ====== Notes ====== | ||
| + | <WRAP prewrap> | ||
| + | <code> | ||
| + | # Show all entries, as root ... | ||
| + | ldapsearch -h cosmos -D dc=root,dc=samudio,dc=net -w rootpassword -b dc=samudio,dc=net "(objectClass=inetOrgPerson)" | ||
| + | |||
| + | # Show all entries as authenticated user: | ||
| + | ldapsearch -h cosmos -D "uid=msamud1,ou=person,dc=samudio,dc=net" -w yourpassword -b dc=samudio,dc=net | ||
| + | |||
| + | # Show one searched-for entry: | ||
| + | ldapsearch -h cosmos -D "uid=msamud1,ou=person,dc=samudio,dc=net" -w yourpassword -b dc=samudio,dc=net "(&(objectClass=inetOrgPerson)(sn=Samudio))" | ||
| + | |||
| + | # To add an entry, something like: | ||
| + | ldapadd -x -D "dc=root,dc=samudio,dc=net" -w rootpassword -f optum.ldif | ||
| + | |||
| + | # Sample add.ldif content ... | ||
| + | dn: uid=mattbot,ou=person,dc=samudio,dc=net | ||
| + | objectclass: inetOrgPerson | ||
| + | cn: Matt Bot | ||
| + | sn: Bot | ||
| + | uid: mattbot | ||
| + | ou: InfoTech | ||
| + | mail: mattbot@albertleadata.com | ||
| + | mail: mattbot@albertleadata.org | ||
| + | |||
| + | # To change an entry, something like: | ||
| + | ldapmodify -x -D "dc=root,dc=samudio,dc=net" -w rootpassword -f chg.ldif | ||
| + | |||
| + | # Sample chg.ldif content ... | ||
| + | dn: uid=mattbot,ou=person,dc=samudio,dc=net | ||
| + | changetype: modify | ||
| + | add: ou | ||
| + | ou: bluejayuser | ||
| + | |||
| + | # Changing/adding a password for user, using root ... | ||
| + | ldappasswd -xv -D dc=root,dc=samudio,dc=net -w rootpassword -S "uid=msamud1,ou=person,dc=samudio,dc=net" | ||
| + | </code> | ||
| + | </WRAP> | ||
| + | |||
| + | ==== Some specific settings ... ==== | ||
| + | <code> | ||
| + | 'ldap_host' => 'cosmos.samudio.net', | ||
| + | 'ldap_group' => 'bluejayuser', | ||
| + | 'ldap_udn' => 'dc=samudio,dc=net', | ||
| + | 'ldap_bind' => 'uid=%s,%s', | ||
| + | 'ldap_xia' => 'ou=person,dc=samudio,dc=net', | ||
| + | 'ldap_filter' => '(&(objectClass=inetOrgPerson)(uid=%s))', | ||
| + | 'ldap_key' => 'ou', | ||
| </code> | </code> | ||
tech/ldap/start.1505768141.txt.gz · Last modified: 2017/09/18 15:55 by rk4n3
Page Tools
