Openldap

From wikinotes
Revision as of 23:37, 28 November 2017 by Will (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

LDAP is a read-optimized, scalable(distributed) way of storing data with 2x goals:

  • sharing information with unrelated services
  • fine-grained, filter-rule based authorization to every stored attribute


It does this by:

  • Storing information using pre-defined, standardized Attributes (posixPassword, username, employeeNumber, mail, ipaddress, port, ...)
  • Create/ReUse groups of attributes called ObjectClasses (Person, Organization, Account, ...)
  • Entries are instances of these ObjectClasses.
  • Entries are stored in a hierarchy, which can be anything you'd like.


Using this stored information, LDAP can be used to integrate several entirely unrelated services.

  • It can be used to handle multiple authentication methods for single-sign-in (SSO)
  • It can be used to share user images, descriptions etc with various programs
  • It can use to determine what resources (websites, services, machines) a user should have permission to use.


Example of an LDAP integration
Let's say you are configuring confluence to authenticate using LDAP. You tell it where in your LDAP's hierarchy it should look for your users. It uses the pre-defined attributes like fullname,photo,displayname,phone-number for the password to be used, and for user-data stored within Confluence. The actual user-authentication is handed off the LDAP server,




Components
openldap concepts
openldap components
openldap configuration
openldap usage
openldap urls
See Also
phpldapadmin




Overview

https://www.openldap.org/doc/admin24/ 

/var/lib/ldap
 location of ldap data (generally in bdb files) 
/etc/ldap/slapd.d
 location of ldap configuration



When and Why to use LDAP



Install

sudo apt install \
    slapd \
    ldap-utils

Creating a new Database:



Resources

https://hynek.me/articles/ldap-a-gentle-introduction/ ldap intro
http://www.allgoodbits.org/articles/view/29 nginx ldap authentication
https://wiki.archlinux.org/index.php/OpenLDAP arch wiki page for openldap
https://help.ubuntu.com/lts/serverguide/openldap-server.html ubuntu wiki page for openldap

Videos

https://www.youtube.com/watch?v=GSP2Xzl6ncc intro video


Retrieved from "http://willpittman.net:8080/index.php?title=Openldap&oldid=8897"