ldap
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| ldap [2013-11-20 20:44] – created tim | ldap [2017-06-23 16:01] (current) – [Quick Server Details] tim | ||
|---|---|---|---|
| Line 2: | Line 2: | ||
| This page is a reference for Hacklab' | This page is a reference for Hacklab' | ||
| + | |||
| + | ===== Quick Server Details ===== | ||
| + | |||
| + | * Base: dc=edinburghhacklab, | ||
| + | * Servers: pool.ldap.ehlab.uk, | ||
| + | * Port: 389/ | ||
| ===== Client Configuration ===== | ===== Client Configuration ===== | ||
| Line 12: | Line 18: | ||
| < | < | ||
| BASE dc=edinburghhacklab, | BASE dc=edinburghhacklab, | ||
| - | URI ldap://ldap.lab.edinburghhacklab.com | + | URI ldaps://pool.ldap.ehlab.uk |
| - | TLS_CACERT | + | TLS_CACERT |
| - | </ | + | TLS_REQCERT |
| - | + | ||
| - | * edit /etc/ldap/ca.crt | + | |
| - | + | ||
| - | < | + | |
| - | -----BEGIN CERTIFICATE----- | + | |
| - | MIIDXjCCAkagAwIBAgIJALdurhaAKeuzMA0GCSqGSIb3DQEBBQUAMCgxJjAkBgNV | + | |
| - | BAMTHWxkYXAubGFiLmVkaW5idXJnaGhhY2tsYWIuY29tMB4XDTEzMDIyNzExMDYz | + | |
| - | N1oXDTIzMDIyNTExMDYzN1owKDEmMCQGA1UEAxMdbGRhcC5sYWIuZWRpbmJ1cmdo | + | |
| - | aGFja2xhYi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOgdlS | + | |
| - | 4AOWmCVkdZbzWc62T+TkMar8fxEEeoBtP3h9M1jDJg8gEY3DmZz3SDq/ | + | |
| - | MqrZ+xhmJHBSJcgwuAN1r83ZcOqxwRZKNl2JZf6PBIl29m8TbdsDRnY2GHvk8XOH | + | |
| - | qtzL7hwKHwF64xmIW0djmLwogiYwHc4DWGtV6NvgL987/ | + | |
| - | Lkst2+9pZc1XCt1/ | + | |
| - | UXyL180YvttX9m12/ | + | |
| - | FcY5VFyCLBEwjlGPAgMBAAGjgYowgYcwHQYDVR0OBBYEFKslPV+kk13UzL2+8pPq | + | |
| - | FGBrLbdTMFgGA1UdIwRRME+AFKslPV+kk13UzL2+8pPqFGBrLbdToSykKjAoMSYw | + | |
| - | JAYDVQQDEx1sZGFwLmxhYi5lZGluYnVyZ2hoYWNrbGFiLmNvbYIJALdurhaAKeuz | + | |
| - | MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAIcN/ | + | |
| - | jCMeG7H6xw4F8r4Nh2IyRsjSe/ | + | |
| - | 1FtYoxiCB5oBVblc5fAoeOBNEiMSZ21tq3crYk+hahyiWZZwXk50XVw529TjPw+C | + | |
| - | Nq/ | + | |
| - | 7p5BsVvY9V3xL0NylUh1+bMUIkw8dGU57vysfozehJTQoV8wcMfe0Gxfy7bab/ | + | |
| - | r3ffgGsbpVQ9fix7KnKhQo2GXpO+hzm6dZh8o7Jq+QkY78kvfU6wyMsYShBufiTl | + | |
| - | uuE= | + | |
| - | -----END CERTIFICATE----- | + | |
| </ | </ | ||
| Line 61: | Line 42: | ||
| [domain/ | [domain/ | ||
| - | ; Using enumerate = true leads to high load and slow response | ||
| - | enumerate = false | ||
| - | cache_credentials = true | ||
| - | |||
| id_provider = ldap | id_provider = ldap | ||
| auth_provider = ldap | auth_provider = ldap | ||
| - | chpass_provider | + | ldap_schema |
| - | + | ldap_uri = ldaps://a.ldap.ehlab.uk, | |
| - | ldap_uri = ldap:// | + | |
| ldap_search_base = dc=edinburghhacklab, | ldap_search_base = dc=edinburghhacklab, | ||
| + | ldap_id_use_start_tls = true | ||
| + | cache_credentials = true | ||
| ldap_tls_reqcert = demand | ldap_tls_reqcert = demand | ||
| - | ldap_tls_cacert = /etc/ldap/ca.crt | + | ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt |
| </ | </ | ||
| Line 110: | Line 88: | ||
| netgroup: | netgroup: | ||
| </ | </ | ||
| - | |||
| - | ===== Administration ===== | ||
| - | |||
| - | The LDAP server (slapd) is hosted on bedivere, with a hostname alias of ldap.lab.edinburghhacklab.com in the local DNS. | ||
| - | |||
| - | Add a user with: / | ||
| - | |||
| - | Search the directory with: ldapsearch -H ldapi:/// -Y EXTERNAL uid=tom | ||
| - | |||
| - | Reset a password with: ldappasswd -H ldapi:/// -Y EXTERNAL ' | ||
| - | |||
| - | An interactive LDAP editor is also available: " | ||
ldap.1384980244.txt.gz · Last modified: 2015-10-05 15:55 (external edit)