Commit 342c3e5e authored by pedrolab's avatar pedrolab

ldap: refactor toc

parent 85576b09
# openLDAP
http://www.zytrax.com/books/ldap/ \
http://www.openldap.org/doc/admin24/ \
https://oav.net/mirrors/LDAP-ObjectClasses.html \
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
**Table of Contents**
- [openLDAP](#openldap)
- [Install and configure](#install-and-configure)
- [Install openLDAP server](#install-openldap-server)
- [Basic config](#basic-config)
- [Post install config](#post-install-config)
- [unique uid and mail attributes](#unique-uid-and-mail-attributes)
- [Group membership and integrity](#group-membership-and-integrity)
- [add user and service group](#add-user-and-service-group)
- [password policy](#password-policy)
- [Load the module](#load-the-module)
- [Configure the overlay](#configure-the-overlay)
- [Define password policies](#define-password-policies)
- [Unique uid and mail attributes](#unique-uid-and-mail-attributes)
- [Group membership and integrity](#group-membership-and-integrity)
- [Add user and service group](#add-user-and-service-group)
- [Password policy](#password-policy)
- [Load the module](#load-the-module)
- [Configure the overlay](#configure-the-overlay)
- [Define password policies](#define-password-policies)
- [Warning](#warning)
- [olcPasswordHash: {SSHA512}](#olcpasswordhash-ssha512)
- [LDAPS and Let's encrypt certs](#ldaps-and-lets-encrypt-certs)
- [Force TLS](#force-tls)
- [LDAPS and Let's encrypt certs](#ldaps-and-lets-encrypt-certs)
- [Force TLS](#force-tls)
- [nobody user for ldap bind](#nobody-user-for-ldap-bind)
- [usage](#usage)
- [Usage](#usage)
- [Show config](#show-config)
- [Change ldap admin config password](#change-ldap-admin-config-password)
- [Delete members from a group using ldif](#delete-members-from-a-group-using-ldif)
- [apache directory](#apache-directory)
- [useful connections to create with apache directory](#useful-connections-to-create-with-apache-directory)
- [Apache Directory](#apache-directory)
- [Useful connections to create with apache directory](#useful-connections-to-create-with-apache-directory)
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
# openLDAP
http://www.zytrax.com/books/ldap/ \
http://www.openldap.org/doc/admin24/ \
https://oav.net/mirrors/LDAP-ObjectClasses.html \
# Install and configure
## Install openLDAP server
......@@ -69,7 +71,7 @@ We import configuration directly into the DIT (Directory Information Tree) using
mkdir /etc/ldap/ldif
# unique uid and mail attributes
# Unique uid and mail attributes
We want to avoid duplicate user ids. LDAP will accept uid=david,ou=group1 and uid=david,ou=group2 because they represent two different entries in the DIT. However, this may lead to uid confusion. We also wish the mail attribute to be unique for similar reasons.
......@@ -100,9 +102,9 @@ And now we import the config
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/ldif/unique.ldif
## Group membership and integrity
We want to use groups of users to make permission assignment easier.
# Group membership and integrity
We want to use groups of users to make permission assignment easier.
Edit `/etc/ldap/ldif/memberof.ldif`
......@@ -167,7 +169,7 @@ And import the configuration
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/ldif/refint-2.ldif
## add user and service group
# Add user and service group
Edit `/etc/ldap/ldif/add-user-group.ldif`
......@@ -195,7 +197,7 @@ And import the configuration
ldapadd -x -D 'cn=admin,dc=example,dc=com' -W -H ldapi:/// -f /etc/ldap/ldif/add-service-group.ldif
## password policy
# Password policy
http://www.zytrax.com/books/ldap/ch6/ppolicy.html \
We can define many password policies.
......@@ -203,7 +205,7 @@ Password policy schema is not part of the default schema. We need to import it.
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif
### Load the module
## Load the module
Edit `/etc/ldap/ldif/pwdpolicy-1.ldif`
......@@ -218,7 +220,7 @@ And import the config
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/ldif/pwdpolicy-1.ldif
### Configure the overlay
## Configure the overlay
Edit `/etc/ldap/ldif/pwdpolicy-2.ldif`
......@@ -239,7 +241,7 @@ And import the config
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/ldif/pwdpolicy-2.ldif
### Define password policies
## Define password policies
Edit `/etc/ldap/ldif/pwdpolicy-3.ldif`
......@@ -326,7 +328,7 @@ olcPasswordHash: {SSHA512}
`ldapadd -Y EXTERNAL -H ldapi:/// -f ./default_hash.ldif`
## LDAPS and Let's encrypt certs
# LDAPS and Let's encrypt certs
*Use a guide to install letsencrypt certificates before continuing this guide*
......@@ -390,7 +392,7 @@ Import modification
ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ldap/ldif/tls.ldif
```
### Force TLS
## Force TLS
Important:
......@@ -452,7 +454,7 @@ And import the configuration
ldapadd -x -D 'cn=admin,dc=example,dc=com' -W -H ldapi:/// -f /etc/ldap/ldif/add-user-group.ldif
# usage
# Usage
## Show config
......@@ -491,11 +493,11 @@ Import configuration
ldapmodify -x -W -D "uid=my-user,dc=commonscloud,dc=coop" -f /tmp/member_test.ldif
# apache directory
# Apache Directory
To edit LDAP entries with a [GUI](https://en.wikipedia.org/wiki/Graphical_user_interface) use [Apache Directory](https://directory.apache.org/)
## useful connections to create with apache directory
## Useful connections to create with apache directory
- tree view
- config view. Check that Base DN points change to cn=config. If you already configured the new connection go to `Properties -> Browser -> Options -> Base DN: cn=config`
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment