Openldap: Difference between revisions

From wikinotes
No edit summary
 
No edit summary
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
LDAP is a read-optimized, scalable(distributed) way of storing data with 2x goals:
'''LDAP is a read-optimized, scalable(distributed) way of storing data with 2x goals:'''


* sharing information with unrelated services
* sharing information with unrelated services
* fine-grained, filter-rule based authorization to every stored attribute
* fine-grained, filter-rule based authorization to every stored attribute


 
It does this by:
'''It does this by:'''


* Storing information using pre-defined, standardized Attributes  (posixPassword, username, employeeNumber, mail, ipaddress, port, ...)
* Storing information using pre-defined, standardized Attributes  (posixPassword, username, employeeNumber, mail, ipaddress, port, ...)
Line 13: Line 11:
* Entries are stored in a hierarchy, which can be anything you'd like.
* Entries are stored in a hierarchy, which can be anything you'd like.


<br>
Using this stored information, LDAP can be used to integrate several entirely unrelated services.
 
Using this stored information, LDAP can be used to integrate several entirely
unrelated services.  


* It can be used to handle multiple authentication methods for single-sign-in (SSO)
* It can be used to handle multiple authentication methods for single-sign-in (SSO)
Line 22: Line 17:
* It can use to determine what resources (websites, services, machines) a user should have permission to use.
* It can use to determine what resources (websites, services, machines) a user should have permission to use.


<br>
= Documentation =
<blockquote>
{| class="wikitable"
|-
| official docs || https://www.openldap.org/doc/admin24/
|-
|}
</blockquote><!-- Documentation -->


'''Example of an LDAP integration'''<br>
= Locations =
Let's say you are configuring confluence to authenticate using LDAP.
<blockquote>
You tell it where in your LDAP's hierarchy it should look for your users. It uses
{| class="wikitable"
the pre-defined attributes like fullname,photo,displayname,phone-number for the password
|-
to be used, and for user-data stored within Confluence. The actual user-authentication is
| <code>/var/lib/ldap</code> || || location of ldap data (generally in bdb files)
handed off the LDAP server,
|-
| <code>/etc/ldap/slapd.d</code> || || location of ldap configuration
|}
</blockquote><!-- Locations -->


<br>
= Notes =
<br>
<blockquote>
 
{|
 
|-
{|  
| [[openldap install]]
|-
|-
! Components
| [[openldap tutorials]]
|-
|-
| [[openldap concepts]]
| [[openldap concepts]]
Line 49: Line 54:
| [[openldap urls]]
| [[openldap urls]]
|-
|-
! See Also
|-
| [[phpldapadmin]]
|}
|}
<br>
</blockquote><!-- Notes -->
<br>


 
= Integrations =
= Overview =
<blockquote>
<blockquote>
https://www.openldap.org/doc/admin24/
{|  
 
{|
| <pre>/var/lib/ldap</pre> || || location of ldap data (generally in bdb files)
|-
|-
| <pre>/etc/ldap/slapd.d</pre> || || location of ldap configuration
| [[phpldapadmin]]
|}
</blockquote><!-- Overview -->
<br>
<br>
 
= When and Why to use LDAP =
<blockquote>
* https://support.novell.com/techcenter/articles/ana20011101.html
* http://archive.oreilly.com/pub/a/perl/excerpts/system-admin-with-perl/ten-minute-ldap-utorial.html
 
</blockquote><!-- When and Why to use LDAP -->
<br>
<br>
 
= Install =
<blockquote>
<syntaxhighlight lang="bash">
sudo apt install \
    slapd \
    ldap-utils
 
</syntaxhighlight>
 
Creating a new Database:
* http://www.dangtrinh.com/2013/10/ldap-create-new-ldap-directory.html
* https://stackoverflow.com/questions/19537319/change-basedn-in-openldap
 
</blockquote><!-- Install -->
<br>
<br>
 
= Resources =
<blockquote>
{|
| https://hynek.me/articles/ldap-a-gentle-introduction/ || ldap intro
|-
|-
| http://www.allgoodbits.org/articles/view/29 || nginx ldap authentication
|-
| https://wiki.archlinux.org/index.php/OpenLDAP || arch wiki page for openldap
|-
| https://help.ubuntu.com/lts/serverguide/openldap-server.html || ubuntu wiki page for openldap
|}
Videos
{|
| https://www.youtube.com/watch?v=GSP2Xzl6ncc || intro video
|}
|}
 
</blockquote><!-- Integrations -->
 
 
</blockquote><!-- Resources -->

Latest revision as of 15:38, 2 July 2022

LDAP is a read-optimized, scalable(distributed) way of storing data with 2x goals:

  • sharing information with unrelated services
  • fine-grained, filter-rule based authorization to every stored attribute

It does this by:

  • Storing information using pre-defined, standardized Attributes (posixPassword, username, employeeNumber, mail, ipaddress, port, ...)
  • Create/ReUse groups of attributes called ObjectClasses (Person, Organization, Account, ...)
  • Entries are instances of these ObjectClasses.
  • Entries are stored in a hierarchy, which can be anything you'd like.

Using this stored information, LDAP can be used to integrate several entirely unrelated services.

  • It can be used to handle multiple authentication methods for single-sign-in (SSO)
  • It can be used to share user images, descriptions etc with various programs
  • It can use to determine what resources (websites, services, machines) a user should have permission to use.

Documentation

official docs https://www.openldap.org/doc/admin24/

Locations

/var/lib/ldap location of ldap data (generally in bdb files)
/etc/ldap/slapd.d location of ldap configuration

Notes

openldap install
openldap tutorials
openldap concepts
openldap components
openldap configuration
openldap usage
openldap urls

Integrations

phpldapadmin
Retrieved from "http://willpittman.net:8080/index.php?title=Openldap&oldid=30881"