ldap
This is an old revision of the document!
Table of Contents
LDAP
LDAP ist ein Format zum Speichern von Daten in Verzeichnissen (!= Ordner. Verzeichnis wie z.B. Telefonverzeichnis, Katalog)
Hier eine tolle Einleitung:
- Partitions - unter Root hängt eine Partition. z.B. dc=otm,dc=intra
- AttributeType - beschreibt den Type eines Wertes
- ObjectClass - definiert einen Satz von attributen. z.B. Class person hat name, surname, .. als attribute
- Creating a Partition - http://directory.apache.org/apacheds/basic-ug/1.4.3-adding-partition.html
LDAP Server
Implementierung : http://directory.apache.org/apacheds/
LDAP Client
Nice implementation: http://directory.apache.org/studio/
Standard structure
Standard structure. May look as follwing. <br> Achtung: The POSIX groups must be created first. Otherwise the GID during the user creation will be empty.
Example configuration with Jenkins
- Exported partitition otm.intra.
- The groups are managed in a separate ou.
- The passwords (userPassword attributeType) are not mandatory, but have to be added as a separate attribute. Their values may be stored as saulted hashes.
version: 1 dn: ou=JenkinsAdmins,ou=groups,dc=otm,dc=intra objectclass: groupOfNames objectclass: top cn: JenkinsAdmins member: cn=admin,ou=users,dc=otm,dc=intra member: cn=alexander.friesen,ou=users,dc=otm,dc=intra member: cn=boris.jelzin,ou=users,dc=otm,dc=intra ou: JenkinsAdmins dn: cn=alexander.friesen,ou=users,dc=otm,dc=intra objectClass: person objectClass: top cn: alexander.friesen sn: alexander.friesen userPassword:: e1NIQX13dVFVZXE0NjJuODJnbWJRYzZ6VXFSV01XZlU9 dn: ou=users,dc=otm,dc=intra objectclass: organizationalUnit objectclass: top ou: users dn: cn=stas.archontov,ou=users,dc=otm,dc=intra objectclass: person objectclass: top cn: stas.archotov cn: stas.archontov sn: stas.archontov userPassword:: e1NIQX13dVFVZXE0NjJuODJnbWJRYzZ6VXFSV01XZlU9 dn: cn=boris.jelzin,ou=users,dc=otm,dc=intra objectclass: person objectclass: top cn: boris.jelzin sn: boris.jelzin userPassword:: e1NIQX13dVFVZXE0NjJuODJnbWJRYzZ6VXFSV01XZlU9 dn: ou=JenkinsHotSyncer,ou=groups,dc=otm,dc=intra objectclass: groupOfNames objectclass: top cn: JenkinsHotSyncer member: cn=admin,ou=users,dc=otm,dc=intra member: cn=stas.archontov,ou=users,dc=otm,dc=intra ou: JenkinsHotSyncer dn: ou=JenkinsSyncer,ou=groups,dc=otm,dc=intra objectclass: groupOfNames objectclass: top cn: JenkinsSyncer member: cn=admin,ou=users,dc=otm,dc=intra member: cn=stas.archontov,ou=users,dc=otm,dc=intra ou: JenkinsSyncer dn: cn=admin,ou=users,dc=otm,dc=intra objectClass: person objectClass: top cn: admin sn: admin userPassword:: e1NIQX13dVFVZXE0NjJuODJnbWJRYzZ6VXFSV01XZlU9 dn: dc=otm,dc=intra objectclass: top objectclass: domain dc: otm dn: ou=groups,dc=otm,dc=intra objectclass: organizationalUnit objectclass: top ou: groups
Configure Jenkins to use your LDAP server
Beispiel
Attributes
uid User id cn Common Name sn Surname l Location ou Organisational Unit o Organisation dc Domain Component st State c Country
Search Scope
3 types of scope:
base limits to just the base object onelevel limits to just the immediate children sub search the entire subtree from base down
Filling LDAP manually without file from script
ldapadd -H "ldap://localhost" -c -x -D "cn=admin,dc=ldap,dc=example,dc=com" -w "Jpk66g63ZifGYIcShSGM" << EOF dn: cn=sadique5,ou=people,dc=ldap,dc=example,dc=com cn: sadique5 sn: sadique uid: sadique displayName: Sadique Puthen Peedikayil givenName: Sadique mail: sadique@vanillanetworks.com mobile: 9895643639 homePhone: 0466-2254274 objectClass: inetOrgPerson userPassword: Jpk66g63ZifGYIcShSGM EOF
ldap.1507549088.txt.gz · Last modified: (external edit)