Tohuwabohu excorcism

LDAP ist ein Format zum Speichern von Daten in Verzeichnissen (!= Ordner. Verzeichnis wie z.B. Telefonverzeichnis, Katalog)

Hier eine tolle Einleitung:

1. http://www.effinger.org/blog/wp-content/uploads/2008/12/ldap-grundlagen.pdf
2. http://archive.oreilly.com/pub/a/perl/excerpts/system-admin-with-perl/ten-minute-ldap-utorial.html

• Partitions - unter Root hängt eine Partition. z.B. dc=otm,dc=intra
• AttributeType - beschreibt den Type eines Wertes
• ObjectClass - definiert einen Satz von attributen. z.B. Class person hat name, surname, .. als attribute

• Creating a Partition - http://directory.apache.org/apacheds/basic-ug/1.4.3-adding-partition.html

Implementierung : http://directory.apache.org/apacheds/

Nice implementation: http://directory.apache.org/studio/

• Exported partitition otm.intra.
• The groups are managed in a separate ou.
• The passwords (userPassword attributeType) are not mandatory, but have to be added as a separate attribute. Their values may be stored as saulted hashes.

version: 1

dn: ou=JenkinsAdmins,ou=groups,dc=otm,dc=intra
objectclass: groupOfNames
objectclass: top
cn: JenkinsAdmins
member: cn=admin,ou=users,dc=otm,dc=intra
member: cn=alexander.friesen,ou=users,dc=otm,dc=intra
member: cn=boris.jelzin,ou=users,dc=otm,dc=intra
ou: JenkinsAdmins

dn: cn=alexander.friesen,ou=users,dc=otm,dc=intra
objectClass: person
objectClass: top
cn: alexander.friesen
sn: alexander.friesen
userPassword:: e1NIQX13dVFVZXE0NjJuODJnbWJRYzZ6VXFSV01XZlU9

dn: ou=users,dc=otm,dc=intra
objectclass: organizationalUnit
objectclass: top
ou: users

dn: cn=stas.archontov,ou=users,dc=otm,dc=intra
objectclass: person
objectclass: top
cn: stas.archotov
cn: stas.archontov
sn: stas.archontov
userPassword:: e1NIQX13dVFVZXE0NjJuODJnbWJRYzZ6VXFSV01XZlU9

dn: cn=boris.jelzin,ou=users,dc=otm,dc=intra
objectclass: person
objectclass: top
cn: boris.jelzin
sn: boris.jelzin
userPassword:: e1NIQX13dVFVZXE0NjJuODJnbWJRYzZ6VXFSV01XZlU9

dn: ou=JenkinsHotSyncer,ou=groups,dc=otm,dc=intra
objectclass: groupOfNames
objectclass: top
cn: JenkinsHotSyncer
member: cn=admin,ou=users,dc=otm,dc=intra
member: cn=stas.archontov,ou=users,dc=otm,dc=intra
ou: JenkinsHotSyncer

dn: ou=JenkinsSyncer,ou=groups,dc=otm,dc=intra
objectclass: groupOfNames
objectclass: top
cn: JenkinsSyncer
member: cn=admin,ou=users,dc=otm,dc=intra
member: cn=stas.archontov,ou=users,dc=otm,dc=intra
ou: JenkinsSyncer

dn: cn=admin,ou=users,dc=otm,dc=intra
objectClass: person
objectClass: top
cn: admin
sn: admin
userPassword:: e1NIQX13dVFVZXE0NjJuODJnbWJRYzZ6VXFSV01XZlU9

dn: dc=otm,dc=intra
objectclass: top
objectclass: domain
dc: otm

dn: ou=groups,dc=otm,dc=intra
objectclass: organizationalUnit
objectclass: top
ou: groups

Standard structure. May look as follwing. <br> Achtung: The POSIX groups must be created first. Otherwise the GID during the user creation will be empty.

Configure Jenkins to use your LDAP server

uid User id
cn Common Name
sn Surname
l Location
ou Organisational Unit
o Organisation
dc Domain Component
st State
c Country

3 types of scope:

base limits to just the base object
onelevel limits to just the immediate children
sub search the entire subtree from base down

ldapadd -H "ldap://localhost" -c -x -D "cn=admin,dc=ldap,dc=example,dc=com" -w "Jpk66g63ZifGYIcShSGM" << EOF

dn: cn=sadique5,ou=people,dc=ldap,dc=example,dc=com
cn: sadique5
sn: sadique
uid: sadique
displayName: Sadique Puthen Peedikayil
givenName: Sadique
mail: sadique@vanillanetworks.com
mobile: 9895643639
homePhone: 0466-2254274
objectClass: inetOrgPerson
userPassword: Jpk66g63ZifGYIcShSGM

EOF