Tohuwabohu excorcism

LDAP ist ein Format zum Speichern von Daten in Verzeichnissen (!= Ordner. Verzeichnis wie z.B. Telefonverzeichnis, Katalog)

Hier eine tolle Einleitung:

1. http://www.effinger.org/blog/wp-content/uploads/2008/12/ldap-grundlagen.pdf
2. http://archive.oreilly.com/pub/a/perl/excerpts/system-admin-with-perl/ten-minute-ldap-utorial.html

• Partitions - unter Root hängt eine Partition. z.B. dc=otm,dc=intra
• AttributeType - beschreibt den Type eines Wertes
• ObjectClass - definiert einen Satz von attributen. z.B. Class person hat name, surname, .. als attribute

• Creating a Partition - http://directory.apache.org/apacheds/basic-ug/1.4.3-adding-partition.html

Implementierung : http://directory.apache.org/apacheds/

Nice implementation: http://directory.apache.org/studio/

Standard structure. May look as following.

Under Organisational Units “groups” and “users” put the Posix-Groups and Posix-Users

Achtung: The default POSIX group “users” must be created first.
Because at least one Group's GID (group id) must be referenced during user creation.
After that you can create

• Exported partitition otm.intra.
• The groups are managed in a separate ou.
• The passwords (userPassword attributeType) are not mandatory, but have to be added as a separate attribute. Their values may be stored as saulted hashes.

version: 1

dn: ou=JenkinsAdmins,ou=groups,dc=otm,dc=intra
objectclass: groupOfNames
objectclass: top
cn: JenkinsAdmins
member: cn=admin,ou=users,dc=otm,dc=intra
member: cn=alexander.friesen,ou=users,dc=otm,dc=intra
member: cn=boris.jelzin,ou=users,dc=otm,dc=intra
ou: JenkinsAdmins

dn: cn=alexander.friesen,ou=users,dc=otm,dc=intra
objectClass: person
objectClass: top
cn: alexander.friesen
sn: alexander.friesen
userPassword:: e1NIQX13dVFVZXE0NjJuODJnbWJRYzZ6VXFSV01XZlU9

dn: ou=users,dc=otm,dc=intra
objectclass: organizationalUnit
objectclass: top
ou: users

dn: cn=stas.archontov,ou=users,dc=otm,dc=intra
objectclass: person
objectclass: top
cn: stas.archotov
cn: stas.archontov
sn: stas.archontov
userPassword:: e1NIQX13dVFVZXE0NjJuODJnbWJRYzZ6VXFSV01XZlU9

dn: cn=boris.jelzin,ou=users,dc=otm,dc=intra
objectclass: person
objectclass: top
cn: boris.jelzin
sn: boris.jelzin
userPassword:: e1NIQX13dVFVZXE0NjJuODJnbWJRYzZ6VXFSV01XZlU9

dn: ou=JenkinsHotSyncer,ou=groups,dc=otm,dc=intra
objectclass: groupOfNames
objectclass: top
cn: JenkinsHotSyncer
member: cn=admin,ou=users,dc=otm,dc=intra
member: cn=stas.archontov,ou=users,dc=otm,dc=intra
ou: JenkinsHotSyncer

dn: ou=JenkinsSyncer,ou=groups,dc=otm,dc=intra
objectclass: groupOfNames
objectclass: top
cn: JenkinsSyncer
member: cn=admin,ou=users,dc=otm,dc=intra
member: cn=stas.archontov,ou=users,dc=otm,dc=intra
ou: JenkinsSyncer

dn: cn=admin,ou=users,dc=otm,dc=intra
objectClass: person
objectClass: top
cn: admin
sn: admin
userPassword:: e1NIQX13dVFVZXE0NjJuODJnbWJRYzZ6VXFSV01XZlU9

dn: dc=otm,dc=intra
objectclass: top
objectclass: domain
dc: otm

dn: ou=groups,dc=otm,dc=intra
objectclass: organizationalUnit
objectclass: top
ou: groups

Configure Jenkins to use your LDAP server

https://youtu.be/gNc3NcHOGC8?t=6m56s

uid User id
cn Common Name
sn Surname
l Location
ou Organisational Unit
o Organisation
dc Domain Component
st State
c Country
dn distinguished name, like cn=sadique5,ou=people,dc=ldap,dc=example,dc=com

3 types of scope:

base limits to just the base object
onelevel limits to just the immediate children
sub search the entire subtree from base down

ldapadd -H "ldap://localhost" -c -x -D "cn=admin,dc=ldap,dc=example,dc=com" -w "Jpk66g63ZifGYIcShSGM" << EOF

dn: cn=sadique5,ou=people,dc=ldap,dc=example,dc=com
cn: sadique5
sn: sadique
uid: sadique
displayName: Sadique Puthen Peedikayil
givenName: Sadique
mail: sadique@vanillanetworks.com
mobile: 9895643639
homePhone: 0466-2254274
objectClass: inetOrgPerson
userPassword: Jpk66g63ZifGYIcShSGM

EOF

Starting both in docker:

docker network create ldapnetwork

sudo docker run --restart=always  -td --net ldapnetwork -h "opendj" --env ROOT_USER_DN="cn=Directory Manager" --env OPENDJ_USER="opendj" --env BASE_DN="dc=project,dc=intra" --env ROOT_PASSWORD="123abc" -p 1389:1389 -p 1636:1636 -p 3000:4444 --name opendj openidentityplatform/opendj

sudo docker run --restart=always  --env PHPLDAPADMIN_LDAP_HOSTS="#PYTHON2BASH:[{'opendj': [{'server': [{'tls': False}, {'port': 1389}]}, {'login': [{'bind_id': 'cn=Directory Manager'}, {'bind_pass': '123abc'}]}]}]"  --net ldapnetwork -p 4200:80 --env PHPLDAPADMIN_HTTPS=false  --detach --name php osixia/phpldapadmin:0.7.2 --loglevel debug

Navigate to http://localhost:4200

Login with

Login DN:
cn=Directory Manager

Pass:
123abc

slapcat -b cn=config

Or within contianer

docker exec ldap slapcat -b cn=config

Spring LDAP reference: https://docs.spring.io/autorepo/docs/spring-ldap/current/reference/#dns-as-attribute-values

Examples:

• https://github.com/jopek/spring-boot-ldap-useradmin
• https://github.com/ivangfr/springboot-ldap