docs:tips_n_tricks:ldap.html
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
docs:tips_n_tricks:ldap.html [10.07.2018 17:16 CEST] – [Self Service Password on Ubuntu 14.10] peter | docs:tips_n_tricks:ldap.html [10.07.2018 17:47 CEST] – peter | ||
---|---|---|---|
Line 5: | Line 5: | ||
ldapsearch [-h hostname] -D " | ldapsearch [-h hostname] -D " | ||
- | * '' | + | * '' |
* '' | * '' | ||
* '' | * '' | ||
Line 31: | Line 31: | ||
=== Configure OpenLDAP Logging === | === Configure OpenLDAP Logging === | ||
- | It should be done by // | + | It should be done by // |
olcLogLevel: | olcLogLevel: | ||
- | to confirm that // | + | to confirm that // |
=== Enable ldapi access with apparmor === | === Enable ldapi access with apparmor === | ||
Line 60: | Line 60: | ||
=== Set password for cn=config === | === Set password for cn=config === | ||
- | To configure OpenLDAP you need to access it by // | + | To configure OpenLDAP you need to access it by // |
- | | + | <code ldif> |
- | changetype: modify | + | dn: olcDatabase={0}config, |
- | replace: olcRootPW | + | changetype: modify |
- | olcRootPW: <PW in Clear> | + | replace: olcRootPW |
+ | olcRootPW: <PW in Clear> | ||
+ | </code> | ||
and load it as //root// with((In case of errors, see above)) | and load it as //root// with((In case of errors, see above)) | ||
Line 71: | Line 73: | ||
ldapmodify -Y EXTERNAL -H ldapi:/// -f < | ldapmodify -Y EXTERNAL -H ldapi:/// -f < | ||
- | __NOTE__: :!: This will propably | + | __NOTE__: :!: This will leave the password in cleartext in the config files. To avoid this, use the cli-tool // |
~ $ slappasswd | ~ $ slappasswd | ||
Line 81: | Line 83: | ||
and paste it into the ldif file: | and paste it into the ldif file: | ||
- | | + | <code ldif> |
- | changetype: modify | + | dn: olcDatabase={0}config, |
- | replace: olcRootPW | + | changetype: modify |
- | olcRootPW: {SSHA}Dine679cmHIezcn< | + | replace: olcRootPW |
+ | olcRootPW: {SSHA}Dine679cmHIezcn< | ||
+ | </ | ||
Afterwards you cann access the config by | Afterwards you cann access the config by | ||
Line 92: | Line 96: | ||
(Finally found [[https:// | (Finally found [[https:// | ||
- | Of course you can skip setting the password and using external SASL authorization for '' | + | Of course you can skip setting the password and using external SASL authorization for '' |
ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config ' | ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config ' | ||
Line 104: | Line 108: | ||
'' | '' | ||
- | + | <code ldif enableMemberOf.ldif> | |
- | dn: cn=module, | + | dn: cn=module, |
- | objectClass: | + | objectClass: |
- | cn: module | + | cn: module |
- | olcModuleLoad: | + | olcModuleLoad: |
+ | </ | ||
2) | 2) | ||
su - | su - | ||
Line 115: | Line 119: | ||
'' | '' | ||
- | | + | <code ldif configureMemberOf.ldif> |
- | objectClass: | + | dn: olcOverlay={0}memberof, |
- | objectClass: | + | objectClass: |
- | objectClass: | + | objectClass: |
- | objectClass: | + | objectClass: |
- | olcOverlay: memberof | + | objectClass: |
- | olcMemberOfDangling: | + | olcOverlay: memberof |
- | olcMemberOfRefInt: | + | olcMemberOfDangling: |
- | olcMemberOfGroupOC: | + | olcMemberOfRefInt: |
- | olcMemberOfMemberAD: | + | olcMemberOfGroupOC: |
- | olcMemberOfMemberOfAD: | + | olcMemberOfMemberAD: |
+ | olcMemberOfMemberOfAD: | ||
+ | </ | ||
:!: I assume this depends on where your LDAP tree data is stored - this example assumes it to be in // | :!: I assume this depends on where your LDAP tree data is stored - this example assumes it to be in // | ||
Line 175: | Line 181: | ||
* Edit //Apache// configuration: | * Edit //Apache// configuration: | ||
- | Alias /passwd / | + | |
* Edit / | * Edit / | ||
Line 214: | Line 220: | ||
- | ==== References & Credits ==== | + | ===== References & Credits |
* http:// | * http:// | ||
+ | * https:// | ||
+ | * https:// | ||
====== | ====== |
docs/tips_n_tricks/ldap.html.txt · Last modified: 27.02.2024 23:32 CET by peter