LDAP Configuration¶
OpenLDAP¶
In order to setup an OpenLDAP server correctly, you can follow the article at https://wiki.debian.org/LDAP/OpenLDAPSetup which describes the steps to configure a fully operational server under a Debian like distribution.
In OpenLDAP, to the use the group membership feature you need to add an ‘overlay’ called ‘membeof’. It’s a module that adds an internal attribute to those users which belongs to a group.
These are the steps to configure that module:
Create the file ‘ldap_memberof_add.ldif’ with this content:
dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulePath: /usr/lib/ldap olcModuleLoad: memberof
Create the file ‘ldap_memberof_config.ldif’ with this content:
dn: olcOverlay=memberof,olcDatabase={1}hdb,cn=config objectClass: olcMemberOf objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top olcOverlay: memberof olcMemberOfDangling: ignore olcMemberOfRefInt: TRUE olcMemberOfGroupOC: groupOfNames olcMemberOfMemberAD: member olcMemberOfMemberOfAD: memberOf
Modify the LDAP configuration by running these commands:
ldapadd -D cn=admin,cn=config -w "password" -H ldapi:/// -f memberof_add.ldif ldapadd -D cn=admin,cn=config -w "password" -H ldapi:/// -f memberof_config.ldif
Tips¶
- Check whether the sysPass ‘admin’ user is the same in OpenLDAP, you need to add this user to the LDAP group that have access permissions to sysPass.
- The username and email ofthe LDAP users are populated from ‘displayname’,’fullname’ and ‘mail’ attributes.
- You could use ldaps by setting a connection URI like ‘ldaps:/ /my_ldap_server’.
- You could install phpLDAPadmin to create and manage the LDAP objects.
Links¶
- LDAP Debian Wiki: https://wiki.debian.org/LDAP/OpenLDAPSetup
- ‘memberof’ overlay config: http://www.cbjck.de/2012/05/enabling-the-memberof-overlay-for-openldap/