ldap
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
ldap [2013-11-20 20:47] – tim | ldap [2016-06-22 21:32] – tim | ||
---|---|---|---|
Line 12: | Line 12: | ||
< | < | ||
BASE dc=edinburghhacklab, | BASE dc=edinburghhacklab, | ||
- | URI | + | URI |
- | TLS_CACERT | + | TLS_CACERT |
- | </ | + | TLS_REQCERT |
- | + | ||
- | * edit /etc/ldap/ca.crt | + | |
- | + | ||
- | < | + | |
- | -----BEGIN CERTIFICATE----- | + | |
- | MIIDXjCCAkagAwIBAgIJALdurhaAKeuzMA0GCSqGSIb3DQEBBQUAMCgxJjAkBgNV | + | |
- | BAMTHWxkYXAubGFiLmVkaW5idXJnaGhhY2tsYWIuY29tMB4XDTEzMDIyNzExMDYz | + | |
- | N1oXDTIzMDIyNTExMDYzN1owKDEmMCQGA1UEAxMdbGRhcC5sYWIuZWRpbmJ1cmdo | + | |
- | aGFja2xhYi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOgdlS | + | |
- | 4AOWmCVkdZbzWc62T+TkMar8fxEEeoBtP3h9M1jDJg8gEY3DmZz3SDq/ | + | |
- | MqrZ+xhmJHBSJcgwuAN1r83ZcOqxwRZKNl2JZf6PBIl29m8TbdsDRnY2GHvk8XOH | + | |
- | qtzL7hwKHwF64xmIW0djmLwogiYwHc4DWGtV6NvgL987/ | + | |
- | Lkst2+9pZc1XCt1/ | + | |
- | UXyL180YvttX9m12/ | + | |
- | FcY5VFyCLBEwjlGPAgMBAAGjgYowgYcwHQYDVR0OBBYEFKslPV+kk13UzL2+8pPq | + | |
- | FGBrLbdTMFgGA1UdIwRRME+AFKslPV+kk13UzL2+8pPqFGBrLbdToSykKjAoMSYw | + | |
- | JAYDVQQDEx1sZGFwLmxhYi5lZGluYnVyZ2hoYWNrbGFiLmNvbYIJALdurhaAKeuz | + | |
- | MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAIcN/ | + | |
- | jCMeG7H6xw4F8r4Nh2IyRsjSe/ | + | |
- | 1FtYoxiCB5oBVblc5fAoeOBNEiMSZ21tq3crYk+hahyiWZZwXk50XVw529TjPw+C | + | |
- | Nq/ | + | |
- | 7p5BsVvY9V3xL0NylUh1+bMUIkw8dGU57vysfozehJTQoV8wcMfe0Gxfy7bab/ | + | |
- | r3ffgGsbpVQ9fix7KnKhQo2GXpO+hzm6dZh8o7Jq+QkY78kvfU6wyMsYShBufiTl | + | |
- | uuE= | + | |
- | -----END CERTIFICATE----- | + | |
</ | </ | ||
Line 61: | Line 36: | ||
[domain/ | [domain/ | ||
- | ; Using enumerate = true leads to high load and slow response | ||
- | enumerate = false | ||
- | cache_credentials = true | ||
- | |||
id_provider = ldap | id_provider = ldap | ||
auth_provider = ldap | auth_provider = ldap | ||
- | chpass_provider | + | ldap_schema |
- | + | ldap_uri = ldap://lab.edinburghhacklab.com, | |
- | ldap_uri = ldap://ldap.lab.edinburghhacklab.com | + | |
ldap_search_base = dc=edinburghhacklab, | ldap_search_base = dc=edinburghhacklab, | ||
+ | ldap_id_use_start_tls = true | ||
+ | cache_credentials = true | ||
ldap_tls_reqcert = demand | ldap_tls_reqcert = demand | ||
- | ldap_tls_cacert = /etc/ldap/ca.crt | + | ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt |
</ | </ | ||
Line 110: | Line 82: | ||
netgroup: | netgroup: | ||
</ | </ | ||
- | |||
- | ===== Administration ===== | ||
- | |||
- | The LDAP server (slapd) is hosted on bedivere, with a hostname alias of ldap.lab.edinburghhacklab.com in the local DNS. | ||
- | |||
- | Add a user with: | ||
- | |||
- | < | ||
- | / | ||
- | </ | ||
- | |||
- | Search the directory with: | ||
- | |||
- | < | ||
- | ldapsearch -H ldapi:/// -Y EXTERNAL uid=tom | ||
- | </ | ||
- | |||
- | Reset a password with: | ||
- | |||
- | < | ||
- | ldappasswd -H ldapi:/// -Y EXTERNAL ' | ||
- | </ | ||
- | |||
- | An interactive LDAP editor is also available: | ||
- | |||
- | < | ||
- | ldapvi -h ldapi:/// -Y EXTERNAL | ||
- | ldapvi -h ldapi:/// -Y EXTERNAL uid=tom | ||
- | </ | ||
- | |||
ldap.txt · Last modified: 2017-06-23 16:01 by tim