LDAP Topics ====== Installation & Configuration ====== ==== Reset OpenLDAP root password ==== slappasswd -h "{SHA}" vim '/etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif' ==== LDAP PHP Module ==== * yum install php-ldap * vim /etc/php.ini ... add: ''extension=ldap.so'' * service httpd restart ==== Active Directory server discovery ==== In a command terminal: // (where the domain name is ''MS'') // nslookup set type=all _ldap._tcp.dc._msdcs.MS ==== Apache 2.4 Auth via LDAP ==== # Git-smart HTTP/HTTPS back-end SetEnv GIT_PROJECT_ROOT /home/www/git SetEnv GIT_HTTP_EXPORT_ALL ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/ Options +ExecCGI Order deny,allow AuthType Basic AuthName "Private Git Access" AuthBasicProvider ldap AuthLDAPURL "ldap://cosmos.samudio.net/dc=samudio,dc=net?uid?sub?" AuthName "GIT -- Bluejay" # AuthUserFile /home/www/git/.htpasswd Require valid-user === AuthLDAPURL for Active Directory === AuthLDAPURL "ldap://ad-ldap-prod.uhc.com:389/dc=ms,dc=ds,dc=uhc,dc=com?sAMAccountName?sub?(objectCategory=person)(objectClass=user)" ====== Notes ====== # Show all entries, as root ... ldapsearch -h cosmos -D dc=root,dc=samudio,dc=net -w rootpassword -b dc=samudio,dc=net "(objectClass=inetOrgPerson)" # Show all entries as authenticated user: ldapsearch -h cosmos -D "uid=msamud1,ou=person,dc=samudio,dc=net" -w yourpassword -b dc=samudio,dc=net # Show one searched-for entry: ldapsearch -h cosmos -D "uid=msamud1,ou=person,dc=samudio,dc=net" -w yourpassword -b dc=samudio,dc=net "(&(objectClass=inetOrgPerson)(sn=Samudio))" # To add an entry, something like: ldapadd -x -D "dc=root,dc=samudio,dc=net" -w rootpassword -f optum.ldif # Sample add.ldif content ... dn: uid=mattbot,ou=person,dc=samudio,dc=net objectclass: inetOrgPerson cn: Matt Bot sn: Bot uid: mattbot ou: InfoTech mail: mattbot@albertleadata.com mail: mattbot@albertleadata.org # To change an entry, something like: ldapmodify -x -D "dc=root,dc=samudio,dc=net" -w rootpassword -f chg.ldif # Sample chg.ldif content ... dn: uid=mattbot,ou=person,dc=samudio,dc=net changetype: modify add: ou ou: bluejayuser # Changing/adding a password for user, using root ... ldappasswd -xv -D dc=root,dc=samudio,dc=net -w rootpassword -S "uid=msamud1,ou=person,dc=samudio,dc=net" ==== Some specific settings ... ==== 'ldap_host' => 'cosmos.samudio.net', 'ldap_group' => 'bluejayuser', 'ldap_udn' => 'dc=samudio,dc=net', 'ldap_bind' => 'uid=%s,%s', 'ldap_xia' => 'ou=person,dc=samudio,dc=net', 'ldap_filter' => '(&(objectClass=inetOrgPerson)(uid=%s))', 'ldap_key' => 'ou',