LDAP Topics
====== Installation & Configuration ======
==== Reset OpenLDAP root password ====
slappasswd -h "{SHA}"
vim '/etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif'
==== LDAP PHP Module ====
* yum install php-ldap
* vim /etc/php.ini ... add: ''extension=ldap.so''
* service httpd restart
==== Active Directory server discovery ====
In a command terminal: // (where the domain name is ''MS'') //
nslookup
set type=all
_ldap._tcp.dc._msdcs.MS
==== Apache 2.4 Auth via LDAP ====
# Git-smart HTTP/HTTPS back-end
SetEnv GIT_PROJECT_ROOT /home/www/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
Options +ExecCGI
Order deny,allow
AuthType Basic
AuthName "Private Git Access"
AuthBasicProvider ldap
AuthLDAPURL "ldap://cosmos.samudio.net/dc=samudio,dc=net?uid?sub?"
AuthName "GIT -- Bluejay"
# AuthUserFile /home/www/git/.htpasswd
Require valid-user
=== AuthLDAPURL for Active Directory ===
AuthLDAPURL "ldap://ad-ldap-prod.uhc.com:389/dc=ms,dc=ds,dc=uhc,dc=com?sAMAccountName?sub?(objectCategory=person)(objectClass=user)"
====== Notes ======
# Show all entries, as root ...
ldapsearch -h cosmos -D dc=root,dc=samudio,dc=net -w rootpassword -b dc=samudio,dc=net "(objectClass=inetOrgPerson)"
# Show all entries as authenticated user:
ldapsearch -h cosmos -D "uid=msamud1,ou=person,dc=samudio,dc=net" -w yourpassword -b dc=samudio,dc=net
# Show one searched-for entry:
ldapsearch -h cosmos -D "uid=msamud1,ou=person,dc=samudio,dc=net" -w yourpassword -b dc=samudio,dc=net "(&(objectClass=inetOrgPerson)(sn=Samudio))"
# To add an entry, something like:
ldapadd -x -D "dc=root,dc=samudio,dc=net" -w rootpassword -f optum.ldif
# Sample add.ldif content ...
dn: uid=mattbot,ou=person,dc=samudio,dc=net
objectclass: inetOrgPerson
cn: Matt Bot
sn: Bot
uid: mattbot
ou: InfoTech
mail: mattbot@albertleadata.com
mail: mattbot@albertleadata.org
# To change an entry, something like:
ldapmodify -x -D "dc=root,dc=samudio,dc=net" -w rootpassword -f chg.ldif
# Sample chg.ldif content ...
dn: uid=mattbot,ou=person,dc=samudio,dc=net
changetype: modify
add: ou
ou: bluejayuser
# Changing/adding a password for user, using root ...
ldappasswd -xv -D dc=root,dc=samudio,dc=net -w rootpassword -S "uid=msamud1,ou=person,dc=samudio,dc=net"
==== Some specific settings ... ====
'ldap_host' => 'cosmos.samudio.net',
'ldap_group' => 'bluejayuser',
'ldap_udn' => 'dc=samudio,dc=net',
'ldap_bind' => 'uid=%s,%s',
'ldap_xia' => 'ou=person,dc=samudio,dc=net',
'ldap_filter' => '(&(objectClass=inetOrgPerson)(uid=%s))',
'ldap_key' => 'ou',