Openldap: Difference between revisions

From wikinotes
No edit summary
 
No edit summary
Line 1: Line 1:
 
LDAP is a read-optimized, scalable(distributed) way of storing data with 2x goals:
'''LDAP is a read-optimized, scalable(distributed) way of storing data with 2x goals:'''


* sharing information with unrelated services
* sharing information with unrelated services
Line 6: Line 5:




'''It does this by:'''
It does this by:


* Storing information using pre-defined, standardized Attributes  (posixPassword, username, employeeNumber, mail, ipaddress, port, ...)
* Storing information using pre-defined, standardized Attributes  (posixPassword, username, employeeNumber, mail, ipaddress, port, ...)
Line 13: Line 12:
* Entries are stored in a hierarchy, which can be anything you'd like.
* Entries are stored in a hierarchy, which can be anything you'd like.


<br>
Using this stored information, LDAP can be used to integrate several entirely unrelated services.
 
Using this stored information, LDAP can be used to integrate several entirely
unrelated services.  


* It can be used to handle multiple authentication methods for single-sign-in (SSO)
* It can be used to handle multiple authentication methods for single-sign-in (SSO)
Line 22: Line 18:
* It can use to determine what resources (websites, services, machines) a user should have permission to use.
* It can use to determine what resources (websites, services, machines) a user should have permission to use.


<br>
= Documentation =
<blockquote>
{| class="wikitable"
|-
| official docs || https://www.openldap.org/doc/admin24/
|-
|}
</blockquote><!-- Documentation -->


'''Example of an LDAP integration'''<br>
= Locations =
Let's say you are configuring confluence to authenticate using LDAP.
<blockquote>
You tell it where in your LDAP's hierarchy it should look for your users. It uses
{| class="wikitable"
the pre-defined attributes like fullname,photo,displayname,phone-number for the password
|-
to be used, and for user-data stored within Confluence. The actual user-authentication is
| <code>/var/lib/ldap</code> || || location of ldap data (generally in bdb files)
handed off the LDAP server,
|-
| <code>/etc/ldap/slapd.d</code> || || location of ldap configuration
|}
</blockquote><!-- Locations -->


<br>
= Tutorials =
<br>
<blockquote>
{| class="wikitable"
|-
| when/why use ldap Novell || https://support.novell.com/techcenter/articles/ana20011101.html
|-
| when/why use ldap O'Reilly || http://archive.oreilly.com/pub/a/perl/excerpts/system-admin-with-perl/ten-minute-ldap-utorial.html
|-
|}
</blockquote><!-- Tutorials -->


 
= Notes =
{|  
<blockquote>
{|
|-
| [[openldap install]]
|-
|-
! Components
| [[openldap tutorials]]
|-
|-
| [[openldap concepts]]
| [[openldap concepts]]
Line 49: Line 66:
| [[openldap urls]]
| [[openldap urls]]
|-
|-
! See Also
|-
| [[phpldapadmin]]
|}
|}
<br>
</blockquote><!-- Notes -->
<br>
 


= Overview =
= Integrations =
<blockquote>
<blockquote>
https://www.openldap.org/doc/admin24/
{| class="wikitable"
 
|-
{|
| [[phpldapadmin]]
| <pre>/var/lib/ldap</pre> || || location of ldap data (generally in bdb files)
|-
|-
| <pre>/etc/ldap/slapd.d</pre> || || location of ldap configuration
|}
|}
</blockquote><!-- Overview -->
</blockquote><!-- Integrations -->
<br>
<br>
 
= When and Why to use LDAP =
<blockquote>
* https://support.novell.com/techcenter/articles/ana20011101.html
* http://archive.oreilly.com/pub/a/perl/excerpts/system-admin-with-perl/ten-minute-ldap-utorial.html
 
</blockquote><!-- When and Why to use LDAP -->
<br>
<br>


= Install =
= Install =
Line 85: Line 84:
     slapd \
     slapd \
     ldap-utils
     ldap-utils
</syntaxhighlight>
</syntaxhighlight>


Line 93: Line 91:


</blockquote><!-- Install -->
</blockquote><!-- Install -->
<br>
<br>


= Resources =
= Resources =
Line 102: Line 98:
|-
|-
| http://www.allgoodbits.org/articles/view/29 || nginx ldap authentication
| http://www.allgoodbits.org/articles/view/29 || nginx ldap authentication
|-  
|-
| https://wiki.archlinux.org/index.php/OpenLDAP || arch wiki page for openldap
| https://wiki.archlinux.org/index.php/OpenLDAP || arch wiki page for openldap
|-
|-

Revision as of 15:35, 2 July 2022

LDAP is a read-optimized, scalable(distributed) way of storing data with 2x goals:

  • sharing information with unrelated services
  • fine-grained, filter-rule based authorization to every stored attribute


It does this by:

  • Storing information using pre-defined, standardized Attributes (posixPassword, username, employeeNumber, mail, ipaddress, port, ...)
  • Create/ReUse groups of attributes called ObjectClasses (Person, Organization, Account, ...)
  • Entries are instances of these ObjectClasses.
  • Entries are stored in a hierarchy, which can be anything you'd like.

Using this stored information, LDAP can be used to integrate several entirely unrelated services.

  • It can be used to handle multiple authentication methods for single-sign-in (SSO)
  • It can be used to share user images, descriptions etc with various programs
  • It can use to determine what resources (websites, services, machines) a user should have permission to use.

Documentation

official docs https://www.openldap.org/doc/admin24/

Locations

/var/lib/ldap location of ldap data (generally in bdb files)
/etc/ldap/slapd.d location of ldap configuration

Tutorials

when/why use ldap Novell https://support.novell.com/techcenter/articles/ana20011101.html
when/why use ldap O'Reilly http://archive.oreilly.com/pub/a/perl/excerpts/system-admin-with-perl/ten-minute-ldap-utorial.html

Notes

openldap install
openldap tutorials
openldap concepts
openldap components
openldap configuration
openldap usage
openldap urls

Integrations

phpldapadmin

Install

sudo apt install \
    slapd \
    ldap-utils

Creating a new Database:

Resources

https://hynek.me/articles/ldap-a-gentle-introduction/ ldap intro
http://www.allgoodbits.org/articles/view/29 nginx ldap authentication
https://wiki.archlinux.org/index.php/OpenLDAP arch wiki page for openldap
https://help.ubuntu.com/lts/serverguide/openldap-server.html ubuntu wiki page for openldap

Videos

https://www.youtube.com/watch?v=GSP2Xzl6ncc intro video


Retrieved from "http://willpittman.net:8080/index.php?title=Openldap&oldid=30873"