Openldap: Difference between revisions
From wikinotes
No edit summary |
No edit summary |
||
(5 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
LDAP is a read-optimized, scalable(distributed) way of storing data with 2x goals: | |||
* sharing information with unrelated services | * sharing information with unrelated services | ||
* fine-grained, filter-rule based authorization to every stored attribute | * fine-grained, filter-rule based authorization to every stored attribute | ||
It does this by: | |||
* Storing information using pre-defined, standardized Attributes (posixPassword, username, employeeNumber, mail, ipaddress, port, ...) | * Storing information using pre-defined, standardized Attributes (posixPassword, username, employeeNumber, mail, ipaddress, port, ...) | ||
Line 13: | Line 11: | ||
* Entries are stored in a hierarchy, which can be anything you'd like. | * Entries are stored in a hierarchy, which can be anything you'd like. | ||
Using this stored information, LDAP can be used to integrate several entirely unrelated services. | |||
Using this stored information, LDAP can be used to integrate several entirely | |||
unrelated services. | |||
* It can be used to handle multiple authentication methods for single-sign-in (SSO) | * It can be used to handle multiple authentication methods for single-sign-in (SSO) | ||
Line 22: | Line 17: | ||
* It can use to determine what resources (websites, services, machines) a user should have permission to use. | * It can use to determine what resources (websites, services, machines) a user should have permission to use. | ||
< | = Documentation = | ||
<blockquote> | |||
{| class="wikitable" | |||
|- | |||
| official docs || https://www.openldap.org/doc/admin24/ | |||
|- | |||
|} | |||
</blockquote><!-- Documentation --> | |||
= Locations = | |||
<blockquote> | |||
{| class="wikitable" | |||
|- | |||
| <code>/var/lib/ldap</code> || || location of ldap data (generally in bdb files) | |||
|- | |||
| <code>/etc/ldap/slapd.d</code> || || location of ldap configuration | |||
|} | |||
</blockquote><!-- Locations --> | |||
= Notes = | |||
< | <blockquote> | ||
{| | |||
|- | |||
| [[openldap install]] | |||
|- | |- | ||
| [[openldap tutorials]] | |||
|- | |- | ||
| [[openldap concepts]] | | [[openldap concepts]] | ||
Line 49: | Line 54: | ||
| [[openldap urls]] | | [[openldap urls]] | ||
|- | |- | ||
|} | |} | ||
< | </blockquote><!-- Notes --> | ||
< | |||
= Integrations = | |||
= | |||
<blockquote> | <blockquote> | ||
{| | |||
{| | |||
|- | |- | ||
| | | [[phpldapadmin]] | ||
|- | |- | ||
|} | |} | ||
</blockquote><!-- Integrations --> | |||
</blockquote><!-- |
Latest revision as of 15:38, 2 July 2022
LDAP is a read-optimized, scalable(distributed) way of storing data with 2x goals:
- sharing information with unrelated services
- fine-grained, filter-rule based authorization to every stored attribute
It does this by:
- Storing information using pre-defined, standardized Attributes (posixPassword, username, employeeNumber, mail, ipaddress, port, ...)
- Create/ReUse groups of attributes called ObjectClasses (Person, Organization, Account, ...)
- Entries are instances of these ObjectClasses.
- Entries are stored in a hierarchy, which can be anything you'd like.
Using this stored information, LDAP can be used to integrate several entirely unrelated services.
- It can be used to handle multiple authentication methods for single-sign-in (SSO)
- It can be used to share user images, descriptions etc with various programs
- It can use to determine what resources (websites, services, machines) a user should have permission to use.
Documentation
official docs https://www.openldap.org/doc/admin24/
Locations
/var/lib/ldap
location of ldap data (generally in bdb files) /etc/ldap/slapd.d
location of ldap configuration
Notes
openldap install openldap tutorials openldap concepts openldap components openldap configuration openldap usage openldap urls
Integrations
phpldapadmin