134 lines
5.1 KiB
HTML
134 lines
5.1 KiB
HTML
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
|
|
lang="en" dir="ltr">
|
|
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<title></title>
|
|
<!-- metadata -->
|
|
<meta name="generator" content="Offline" />
|
|
<meta name="version" content="Offline 0.1" />
|
|
<!-- style sheet links -->
|
|
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
|
|
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
|
|
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
|
|
|
|
</head>
|
|
<body>
|
|
<div class="dokuwiki export">
|
|
|
|
|
|
<h1 class="sectionedit1" id="ldap_configuration_backend">LDAP configuration backend</h1>
|
|
<div class="level1">
|
|
|
|
</div>
|
|
<!-- EDIT1 SECTION "LDAP configuration backend" [1-42] -->
|
|
<h2 class="sectionedit2" id="presentation">Presentation</h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
You can choose to store LemonLDAP::NG configuration in an LDAP directory.
|
|
</p>
|
|
|
|
<p>
|
|
<a href="/_detail/documentation/configuration-ldap.png?id=documentation%3A1.9%3Aldapconfbackend" class="media" title="documentation:configuration-ldap.png"><img src="../../../media/documentation/configuration-ldap.png" class="mediacenter" alt="" /></a>
|
|
</p>
|
|
|
|
<p>
|
|
Advantages:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> Easy to share between servers with remote LDAP access</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Easy to duplicate with LDAP synchronization services (like SyncRepl in OpenLDAP)</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Security with SSL/TLS</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Access control possible by creating one user for Manager (write) and another for portal and handlers (read)</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Easy import/export through LDIF files</div>
|
|
</li>
|
|
</ul>
|
|
|
|
<p>
|
|
The configuration will be store under a specific branch, for example <code>ou=conf,ou=applications,dc=example,dc=com</code>.
|
|
</p>
|
|
|
|
<p>
|
|
Each configuration will be represented as an entry, which structural objectClass is <code>applicationProcess</code>. This objectClass is included in every core schemas.
|
|
</p>
|
|
|
|
<p>
|
|
The configuration name is the same that files, so lmConf-1, lmConf-2, etc. This name is used in entry <abbr title="Distinguished Name">DN</abbr>, for example <code>cn=lmConf-1,ou=conf,ou=applications,dc=example,dc=com</code>.
|
|
</p>
|
|
|
|
<p>
|
|
Then each parameter is one value of the attribute <code>description</code>, prefixed by its key. For example <code>{ldapPort}389</code>.
|
|
</p>
|
|
|
|
<p>
|
|
The LDIF view of such entry can be:
|
|
</p>
|
|
<pre class="file">dn: cn=lmConf-1,ou=conf,ou=applications,dc=example,dc=com
|
|
objectClass: top
|
|
objectClass: applicationProcess
|
|
cn: lmConf-1
|
|
description: {globalStorage}'Apache::Session::File'
|
|
description: {cookieName}'lemonldap'
|
|
description: {whatToTrace}'$uid'
|
|
...</pre>
|
|
|
|
</div>
|
|
<!-- EDIT2 SECTION "Presentation" [43-1400] -->
|
|
<h2 class="sectionedit3" id="configuration">Configuration</h2>
|
|
<div class="level2">
|
|
|
|
</div>
|
|
<!-- EDIT3 SECTION "Configuration" [1401-1427] -->
|
|
<h3 class="sectionedit4" id="ldap_server">LDAP server</h3>
|
|
<div class="level3">
|
|
|
|
<p>
|
|
Configuration objects use standard object class: <code>applicationProcess</code>. This objectClass allow attributes <code>cn</code> and <code>description</code>. If your LDAP server do not manage this objectClass, you have to extend your schema.
|
|
</p>
|
|
|
|
<p>
|
|
We advice to create a specific LDAP account with write access on configuration branch.
|
|
</p>
|
|
|
|
<p>
|
|
Next create the configuration branch where you want. Just remember its <abbr title="Distinguished Name">DN</abbr> for LemonLDAP::NG configuration.
|
|
</p>
|
|
|
|
</div>
|
|
<!-- EDIT4 SECTION "LDAP server" [1428-1867] -->
|
|
<h3 class="sectionedit5" id="lemonldapng">LemonLDAP::NG</h3>
|
|
<div class="level3">
|
|
|
|
<p>
|
|
Configure LDAP configuration backend in <code>lemonldap-ng.ini</code>, section <code>[configuration]</code>:
|
|
</p>
|
|
<pre class="code file ini"><span class="re1">type</span> <span class="sy0">=</span><span class="re2"> LDAP</span>
|
|
<span class="re1">ldapServer</span> <span class="sy0">=</span><span class="re2"> ldap://localhost</span>
|
|
<span class="re1">ldapConfBase</span> <span class="sy0">=</span><span class="re2"> ou=conf,ou=applications,dc=example,dc=com</span>
|
|
<span class="re1">ldapBindDN</span> <span class="sy0">=</span><span class="re2"> cn=manager,dc=example,dc=com</span>
|
|
<span class="re1">ldapBindPassword</span> <span class="sy0">=</span><span class="re2"> secret</span></pre>
|
|
|
|
<p>
|
|
Parameters:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> <strong>ldapServer</strong>: LDAP <abbr title="Uniform Resource Identifier">URI</abbr> of the server</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <strong>ldapConfBase</strong>: <abbr title="Distinguished Name">DN</abbr> of configuration branch</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <strong>ldapBindDN</strong>: <abbr title="Distinguished Name">DN</abbr> used to bind LDAP</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <strong>ldapBindPassword</strong>: password used to bind LDAP</div>
|
|
</li>
|
|
</ul>
|
|
|
|
</div>
|
|
</div><!-- closes <div class="dokuwiki export">--> |