Edinburgh Hacklab

User Tools

Site Tools

Trace:
ldap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
ldap [2015-10-05 15:55] – external edit 127.0.0.1ldap [2017-06-23 16:01] (current) – [Quick Server Details] tim
Line 2: Line 2:
  
 This page is a reference for Hacklab's server admins. This page is a reference for Hacklab's server admins.
 +
 +===== Quick Server Details =====
 +
 +  * Base: dc=edinburghhacklab,dc=com
 +  * Servers: pool.ldap.ehlab.uk, or a.ldap.ehlab.uk + b.ldap.ehlab.uk + c.ldap.ehlab.uk
 +  * Port: 389/STARTTLS or 636/TLS
  
 ===== Client Configuration ===== ===== Client Configuration =====
Line 12: Line 18:
 <file> <file>
 BASE    dc=edinburghhacklab,dc=com BASE    dc=edinburghhacklab,dc=com
-URI     ldap://ldap.lab.edinburghhacklab.com +URI     ldaps://pool.ldap.ehlab.uk 
-TLS_CACERT      /etc/ldap/ca.crt +TLS_CACERT      /etc/ssl/certs/ca-certificates.crt 
-</file> +TLS_REQCERT     demand
- +
-  * edit /etc/ldap/ca.crt +
- +
-<file> +
------BEGIN CERTIFICATE----- +
-MIIDXjCCAkagAwIBAgIJALdurhaAKeuzMA0GCSqGSIb3DQEBBQUAMCgxJjAkBgNV +
-BAMTHWxkYXAubGFiLmVkaW5idXJnaGhhY2tsYWIuY29tMB4XDTEzMDIyNzExMDYz +
-N1oXDTIzMDIyNTExMDYzN1owKDEmMCQGA1UEAxMdbGRhcC5sYWIuZWRpbmJ1cmdo +
-aGFja2xhYi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOgdlS +
-4AOWmCVkdZbzWc62T+TkMar8fxEEeoBtP3h9M1jDJg8gEY3DmZz3SDq/Kv1OLHNw +
-MqrZ+xhmJHBSJcgwuAN1r83ZcOqxwRZKNl2JZf6PBIl29m8TbdsDRnY2GHvk8XOH +
-qtzL7hwKHwF64xmIW0djmLwogiYwHc4DWGtV6NvgL987/Iro/k/+vQlP8QudZotZ +
-Lkst2+9pZc1XCt1/MYeWYR6waAKQWaqdA1jSeYPWbaQM43IZfzQ+AAFUtUGupECU +
-UXyL180YvttX9m12/y+U6hF2HqhxBhyzlhf8riTkcNCUgtbXUMJMgL8sXVK27c4W +
-FcY5VFyCLBEwjlGPAgMBAAGjgYowgYcwHQYDVR0OBBYEFKslPV+kk13UzL2+8pPq +
-FGBrLbdTMFgGA1UdIwRRME+AFKslPV+kk13UzL2+8pPqFGBrLbdToSykKjAoMSYw +
-JAYDVQQDEx1sZGFwLmxhYi5lZGluYnVyZ2hoYWNrbGFiLmNvbYIJALdurhaAKeuz +
-MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAIcN/MUUTPg3DYyAtKoI +
-jCMeG7H6xw4F8r4Nh2IyRsjSe/0CnA2kiP+CwaE/QCstItWuujhbFOu2Pg0ORIUN +
-1FtYoxiCB5oBVblc5fAoeOBNEiMSZ21tq3crYk+hahyiWZZwXk50XVw529TjPw+C +
-Nq/2ihYLw7feICDC4ik5abHKMKfiCEPrz0vcToAPO2FjbAunojjwQQWaru/YK9eG +
-7p5BsVvY9V3xL0NylUh1+bMUIkw8dGU57vysfozehJTQoV8wcMfe0Gxfy7bab/DE +
-r3ffgGsbpVQ9fix7KnKhQo2GXpO+hzm6dZh8o7Jq+QkY78kvfU6wyMsYShBufiTl +
-uuE= +
------END CERTIFICATE-----+
 </file> </file>
  
Line 61: Line 42:
  
 [domain/hacklab] [domain/hacklab]
-; Using enumerate = true leads to high load and slow response 
-enumerate = false 
-cache_credentials = true 
- 
 id_provider = ldap id_provider = ldap
 auth_provider = ldap auth_provider = ldap
-chpass_provider ldap +ldap_schema rfc2307 
- +ldap_uri = ldaps://a.ldap.ehlab.uk,ldaps://b.ldap.ehlab.uk,ldaps://c.ldap.ehlab.uk
-ldap_uri = ldap://ldap.lab.edinburghhacklab.com+
 ldap_search_base = dc=edinburghhacklab,dc=com ldap_search_base = dc=edinburghhacklab,dc=com
 +ldap_id_use_start_tls = true
 +cache_credentials = true
 ldap_tls_reqcert = demand ldap_tls_reqcert = demand
-ldap_tls_cacert = /etc/ldap/ca.crt+ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt
 </file> </file>
  
Line 110: Line 88:
 netgroup:       nis sss netgroup:       nis sss
 </file> </file>
- 
-===== Administration ===== 
- 
-The LDAP server (slapd) is hosted on bedivere, with a hostname alias of ldap.lab.edinburghhacklab.com in the local DNS. 
- 
-Add a user with: 
- 
-<code> 
-/root/addldapuser 
-</code> 
- 
-Search the directory with: 
- 
-<code> 
-ldapsearch -H ldapi:/// -Y EXTERNAL uid=tom 
-</code> 
- 
-Reset a password with: 
- 
-<code> 
-ldappasswd -H ldapi:/// -Y EXTERNAL 'uid=tom,ou=People,dc=edinburghhacklab,dc=com' -S 
-</code> 
- 
-An interactive LDAP editor is also available: 
- 
-<code> 
-ldapvi -h ldapi:/// -Y EXTERNAL 
-ldapvi -h ldapi:/// -Y EXTERNAL uid=tom 
-</code> 
- 
  
ldap.1444060556.txt.gz · Last modified: 2016-06-22 21:32 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki