Differences

This shows you the differences between two versions of the page.

--- tech:ldap:start [2018/04/30 08:25]
rk4n3
+++ tech:ldap:start [2019/06/08 13:09] (current)
rk4n3
@@ Line 1: / Line 1: @@
-LDAP Topics
+<typo fs:xx-large; fw:bold>LDAP Topics</typo>
 ====== Installation & Configuration ======
+==== Reset OpenLDAP root password ====
+<code>slappasswd -h "{SHA}"
+vim '/etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif'</code>
 ==== LDAP PHP Module ====
@@ Line 13: / Line 17: @@
 _ldap._tcp.dc._msdcs.MS
 </code>
+==== Apache 2.4 Auth via LDAP ====
+<code>
+# Git-smart HTTP/HTTPS back-end
+SetEnv GIT_PROJECT_ROOT /home/www/git
+SetEnv GIT_HTTP_EXPORT_ALL
+ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
+<Directory "/usr/libexec/git-core">
+        Options +ExecCGI
+        Order deny,allow
+        AuthType Basic
+        AuthName "Private Git Access"
+        AuthBasicProvider ldap
+        AuthLDAPURL "ldap://cosmos.samudio.net/dc=samudio,dc=net?uid?sub?"
+        AuthName "GIT -- Bluejay"
+#       AuthUserFile /home/www/git/.htpasswd
+        Require valid-user
+</Directory>
+</code>
+=== AuthLDAPURL for Active Directory ===
+<code>AuthLDAPURL "ldap://ad-ldap-prod.uhc.com:389/dc=ms,dc=ds,dc=uhc,dc=com?sAMAccountName?sub?(objectCategory=person)(objectClass=user)"</code>
 ====== Notes ======
+<WRAP prewrap>
 <code>
-ldapadd -x -D "dc=root,dc=samudio,dc=net" -w abc123 -f optum.ldif
+# Show all entries, as root ...
+ldapsearch -h cosmos -D dc=root,dc=samudio,dc=net -w rootpassword -b dc=samudio,dc=net "(objectClass=inetOrgPerson)"
-ldapsearch -h cosmos -D dc=root,dc=samudio,dc=net -w abc123 -b dc=samudio,dc=net "(&(objectClass=inetOrgPerson)(sn=Samudio))"
-ldappasswd -xv -D "cn=DeanWormer,o=delta" -w secret2 -S "cn=Hoover Anderson,ou=1960,o=delta"
+# Show all entries as authenticated user:
+ldapsearch -h cosmos -D "uid=msamud1,ou=person,dc=samudio,dc=net" -w yourpassword -b dc=samudio,dc=net
-ldappasswd -xv -D dc=root,dc=samudio,dc=net -w abc123 -S "cn=Matt Samudio,ou=person,dc=samudio,dc=net"
+# Show one searched-for entry:
+ldapsearch -h cosmos -D "uid=msamud1,ou=person,dc=samudio,dc=net" -w yourpassword -b dc=samudio,dc=net "(&(objectClass=inetOrgPerson)(sn=Samudio))"
-ldapsearch -h cosmos -D "cn=Matt Samudio,ou=person,dc=samudio,dc=net" -w dor0tea -b dc=samudio,dc=net "(&(objectClass=inetOrgPerson)(sn=Samudio))"
+# To add an entry, something like:
+ldapadd -x -D "dc=root,dc=samudio,dc=net" -w rootpassword -f optum.ldif
-ldapsearch -h cosmos -D "cn=Matt Samudio,ou=person,dc=samudio,dc=net" -w dor0tea -b dc=samudio,dc=net
+# Sample add.ldif content ...
+dn: uid=mattbot,ou=person,dc=samudio,dc=net
+objectclass: inetOrgPerson
+cn: Matt Bot
+sn: Bot
+uid: mattbot
+ou: InfoTech
+mail: mattbot@albertleadata.com
+mail: mattbot@albertleadata.org
+# To change an entry, something like:
+ldapmodify -x -D "dc=root,dc=samudio,dc=net" -w rootpassword -f chg.ldif
+# Sample chg.ldif content ...
+dn: uid=mattbot,ou=person,dc=samudio,dc=net
+changetype: modify
+add: ou
+ou: bluejayuser
+# Changing/adding a password for user, using root ...
+ldappasswd -xv -D dc=root,dc=samudio,dc=net -w rootpassword -S "uid=msamud1,ou=person,dc=samudio,dc=net"
 </code>
+</WRAP>
+==== Some specific settings ... ====
+<code>
+'ldap_host' => 'cosmos.samudio.net',
+'ldap_group' => 'bluejayuser',
+'ldap_udn' => 'dc=samudio,dc=net',
+'ldap_bind' => 'uid=%s,%s',
+'ldap_xia' => 'ou=person,dc=samudio,dc=net',
+'ldap_filter' => '(&(objectClass=inetOrgPerson)(uid=%s))',
+'ldap_key' => 'ou',
+</code>

Albert Lea Data Wiki

User Tools

Site Tools

Differences

Page Tools