Openldap
From wikinotes
LDAP is a read-optimized, scalable(distributed) way of storing data with 2x goals:
- sharing information with unrelated services
- fine-grained, filter-rule based authorization to every stored attribute
It does this by:
- Storing information using pre-defined, standardized Attributes (posixPassword, username, employeeNumber, mail, ipaddress, port, ...)
- Create/ReUse groups of attributes called ObjectClasses (Person, Organization, Account, ...)
- Entries are instances of these ObjectClasses.
- Entries are stored in a hierarchy, which can be anything you'd like.
Using this stored information, LDAP can be used to integrate several entirely unrelated services.
- It can be used to handle multiple authentication methods for single-sign-in (SSO)
- It can be used to share user images, descriptions etc with various programs
- It can use to determine what resources (websites, services, machines) a user should have permission to use.
Example of an LDAP integration
Let's say you are configuring confluence to authenticate using LDAP.
You tell it where in your LDAP's hierarchy it should look for your users. It uses
the pre-defined attributes like fullname,photo,displayname,phone-number for the password
to be used, and for user-data stored within Confluence. The actual user-authentication is
handed off the LDAP server,
Components |
---|
openldap concepts |
openldap components |
openldap configuration |
openldap usage |
openldap urls |
See Also |
phpldapadmin |
Overview
https://www.openldap.org/doc/admin24/
/var/lib/ldaplocation of ldap data (generally in bdb files) /etc/ldap/slapd.dlocation of ldap configuration
When and Why to use LDAP
Install
sudo apt install \ slapd \ ldap-utilsCreating a new Database:
Resources
https://hynek.me/articles/ldap-a-gentle-introduction/ ldap intro http://www.allgoodbits.org/articles/view/29 nginx ldap authentication https://wiki.archlinux.org/index.php/OpenLDAP arch wiki page for openldap https://help.ubuntu.com/lts/serverguide/openldap-server.html ubuntu wiki page for openldap Videos
https://www.youtube.com/watch?v=GSP2Xzl6ncc intro video