Openldap: Difference between revisions
From wikinotes
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
LDAP is a read-optimized, scalable(distributed) way of storing data with 2x goals: | |||
* sharing information with unrelated services | * sharing information with unrelated services | ||
Line 6: | Line 5: | ||
It does this by: | |||
* Storing information using pre-defined, standardized Attributes (posixPassword, username, employeeNumber, mail, ipaddress, port, ...) | * Storing information using pre-defined, standardized Attributes (posixPassword, username, employeeNumber, mail, ipaddress, port, ...) | ||
Line 13: | Line 12: | ||
* Entries are stored in a hierarchy, which can be anything you'd like. | * Entries are stored in a hierarchy, which can be anything you'd like. | ||
Using this stored information, LDAP can be used to integrate several entirely unrelated services. | |||
Using this stored information, LDAP can be used to integrate several entirely | |||
unrelated services. | |||
* It can be used to handle multiple authentication methods for single-sign-in (SSO) | * It can be used to handle multiple authentication methods for single-sign-in (SSO) | ||
Line 22: | Line 18: | ||
* It can use to determine what resources (websites, services, machines) a user should have permission to use. | * It can use to determine what resources (websites, services, machines) a user should have permission to use. | ||
< | = Documentation = | ||
<blockquote> | |||
{| class="wikitable" | |||
|- | |||
| official docs || https://www.openldap.org/doc/admin24/ | |||
|- | |||
|} | |||
</blockquote><!-- Documentation --> | |||
= Locations = | |||
<blockquote> | |||
{| class="wikitable" | |||
|- | |||
| <code>/var/lib/ldap</code> || || location of ldap data (generally in bdb files) | |||
|- | |||
| <code>/etc/ldap/slapd.d</code> || || location of ldap configuration | |||
|} | |||
</blockquote><!-- Locations --> | |||
< | = Tutorials = | ||
< | <blockquote> | ||
{| class="wikitable" | |||
|- | |||
| when/why use ldap Novell || https://support.novell.com/techcenter/articles/ana20011101.html | |||
|- | |||
| when/why use ldap O'Reilly || http://archive.oreilly.com/pub/a/perl/excerpts/system-admin-with-perl/ten-minute-ldap-utorial.html | |||
|- | |||
|} | |||
</blockquote><!-- Tutorials --> | |||
= Notes = | |||
{| | <blockquote> | ||
{| | |||
|- | |||
| [[openldap install]] | |||
|- | |- | ||
| [[openldap tutorials]] | |||
|- | |- | ||
| [[openldap concepts]] | | [[openldap concepts]] | ||
Line 49: | Line 66: | ||
| [[openldap urls]] | | [[openldap urls]] | ||
|- | |- | ||
|} | |} | ||
< | </blockquote><!-- Notes --> | ||
< | |||
= | = Integrations = | ||
<blockquote> | <blockquote> | ||
{| class="wikitable" | |||
|- | |||
{| | | [[phpldapadmin]] | ||
| | |||
|- | |- | ||
|} | |} | ||
</blockquote><!-- | </blockquote><!-- Integrations --> | ||
= Install = | = Install = | ||
Line 85: | Line 84: | ||
slapd \ | slapd \ | ||
ldap-utils | ldap-utils | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 93: | Line 91: | ||
</blockquote><!-- Install --> | </blockquote><!-- Install --> | ||
= Resources = | = Resources = | ||
Line 102: | Line 98: | ||
|- | |- | ||
| http://www.allgoodbits.org/articles/view/29 || nginx ldap authentication | | http://www.allgoodbits.org/articles/view/29 || nginx ldap authentication | ||
|- | |- | ||
| https://wiki.archlinux.org/index.php/OpenLDAP || arch wiki page for openldap | | https://wiki.archlinux.org/index.php/OpenLDAP || arch wiki page for openldap | ||
|- | |- |
Revision as of 15:35, 2 July 2022
LDAP is a read-optimized, scalable(distributed) way of storing data with 2x goals:
- sharing information with unrelated services
- fine-grained, filter-rule based authorization to every stored attribute
It does this by:
- Storing information using pre-defined, standardized Attributes (posixPassword, username, employeeNumber, mail, ipaddress, port, ...)
- Create/ReUse groups of attributes called ObjectClasses (Person, Organization, Account, ...)
- Entries are instances of these ObjectClasses.
- Entries are stored in a hierarchy, which can be anything you'd like.
Using this stored information, LDAP can be used to integrate several entirely unrelated services.
- It can be used to handle multiple authentication methods for single-sign-in (SSO)
- It can be used to share user images, descriptions etc with various programs
- It can use to determine what resources (websites, services, machines) a user should have permission to use.
Documentation
official docs https://www.openldap.org/doc/admin24/
Locations
/var/lib/ldap
location of ldap data (generally in bdb files) /etc/ldap/slapd.d
location of ldap configuration
Tutorials
when/why use ldap Novell https://support.novell.com/techcenter/articles/ana20011101.html when/why use ldap O'Reilly http://archive.oreilly.com/pub/a/perl/excerpts/system-admin-with-perl/ten-minute-ldap-utorial.html
Notes
openldap install openldap tutorials openldap concepts openldap components openldap configuration openldap usage openldap urls
Integrations
phpldapadmin
Install
sudo apt install \ slapd \ ldap-utilsCreating a new Database:
Resources
https://hynek.me/articles/ldap-a-gentle-introduction/ ldap intro http://www.allgoodbits.org/articles/view/29 nginx ldap authentication https://wiki.archlinux.org/index.php/OpenLDAP arch wiki page for openldap https://help.ubuntu.com/lts/serverguide/openldap-server.html ubuntu wiki page for openldap Videos
https://www.youtube.com/watch?v=GSP2Xzl6ncc intro video