Openldap: Difference between revisions
From wikinotes
Line 60: | Line 60: | ||
= Integrations = | = Integrations = | ||
<blockquote> | <blockquote> | ||
{| | {| | ||
|- | |- | ||
| [[phpldapadmin]] | | [[phpldapadmin]] |
Revision as of 15:38, 2 July 2022
LDAP is a read-optimized, scalable(distributed) way of storing data with 2x goals:
- sharing information with unrelated services
- fine-grained, filter-rule based authorization to every stored attribute
It does this by:
- Storing information using pre-defined, standardized Attributes (posixPassword, username, employeeNumber, mail, ipaddress, port, ...)
- Create/ReUse groups of attributes called ObjectClasses (Person, Organization, Account, ...)
- Entries are instances of these ObjectClasses.
- Entries are stored in a hierarchy, which can be anything you'd like.
Using this stored information, LDAP can be used to integrate several entirely unrelated services.
- It can be used to handle multiple authentication methods for single-sign-in (SSO)
- It can be used to share user images, descriptions etc with various programs
- It can use to determine what resources (websites, services, machines) a user should have permission to use.
Documentation
official docs https://www.openldap.org/doc/admin24/
Locations
/var/lib/ldap
location of ldap data (generally in bdb files) /etc/ldap/slapd.d
location of ldap configuration
Notes
openldap install openldap tutorials openldap concepts openldap components openldap configuration openldap usage openldap urls
Integrations
phpldapadmin