logo
down
shadow

Using openLDAP groups to authenticate users for different services


Using openLDAP groups to authenticate users for different services

By : maxigimenez
Date : November 19 2020, 03:59 PM
wish helps you I am currently setting up a small server with several applications. Since no Active Directory etc is planned, but I do need a centralized user administration, I decided for LDAP since all applications are capable of authenticating against it. , So here is, how I did it:
I created the following structure.
code :
+dc=example,dc=com
 +ou=groups
 | +employees (PosixGroup)
 | +service1  (GroupOfNames)
 | +service2  (GroupOfNames)
 +ou=users
 | +user1     (User Account)
 | +user2     (User Account)  
"(&(objectClass=inetOrgPerson)(memberof=cn=ejabberd,ou=groups,dc=example,dc=com))"


Share : facebook icon twitter icon
How do I seamlessly authenticate users to use services associated with a Google Apps account?

How do I seamlessly authenticate users to use services associated with a Google Apps account?


By : user1970730
Date : March 29 2020, 07:55 AM
I hope this helps . Have you seen the Zend Frameworks' Zend_Gdata? It's a PHP 5 interface for accessing Google Data, at first glance it seems to do all the things you want.
http://framework.zend.com/manual/en/zend.gdata.introduction.html
LDIF for creating Active Directory users and groups in OpenLDAP?

LDIF for creating Active Directory users and groups in OpenLDAP?


By : Milds3v3n
Date : March 29 2020, 07:55 AM
this will help It's almost impossible to convert the entire ActiveDirectory schema to OpenLDAP, it's huge. However, we can add only the needed attributes and classes:
code :
attributetype ( 1.2.840.113556.1.4.750 NAME 'groupType' 
   SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE 
)

attributetype ( 1.3.114.7.4.2.0.33 NAME 'memberOf' 
    SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' 
)

objectclass ( 1.2.840.113556.1.5.9 NAME 'user'
        DESC 'a user'
        SUP organizationalPerson STRUCTURAL
        MUST ( cn )
        MAY ( userPassword $ memberOf ) )

objectclass ( 1.2.840.113556.1.5.8 NAME 'group'
        DESC 'a group of users'
        SUP top STRUCTURAL
        MUST ( groupType $ cn )
        MAY ( member ) )
dn: dc=myCompany
objectClass: top
objectClass: dcObject
objectClass: organization
dc: myCompany
o: LocalBranch

dn: ou=People,dc=myCompany
objectClass: top
objectClass: organizationalUnit
ou: People
description: Test database

dn: cn=Users,dc=myCompany
objectClass: groupOfNames
objectClass: top
cn: Users
member: cn=Manager,cn=Users,dc=myCompany

dn: cn=Manager,cn=Users,dc=myCompany
objectClass: person
objectClass: top
cn: Manager
sn: Manager
userPassword:: e1NIQX1tc0lKSXJCVU1XdmlPRUtsdktmV255bjJuWGM9

dn: cn=ReadWrite,ou=People,dc=myCompany
objectClass: group
objectClass: top
cn: ReadWrite
groupType: 2147483650
member: cn=sysconf,ou=People,dc=myCompany

dn: cn=sysopr,ou=People,dc=myCompany
objectClass: user
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: sysopr
sn: team
memberOf: cn=ReadOnly,ou=People,dc=myCompany
userPassword:: e1NIQX1jUkR0cE5DZUJpcWw1S09Rc0tWeXJBMHNBaUE9
What configuration required to create a special user in OpenLdap for redmine server to authenticate other users

What configuration required to create a special user in OpenLdap for redmine server to authenticate other users


By : coderCat
Date : March 29 2020, 07:55 AM
this will help I'm not the one initially who configured our LDAP auth for redmine, and I'm not well-versed in LDAP terminology, but I compared our settings to yours.
You might try the following settings in Redmine:
code :
Account: cn=admin,dc=ldap,dc=trickytechnos,dc=in
Password: the LDAP admin's password
Base DN: ou=people,dc=ldap,dc=trickytechnos,dc=in
Can we use Windows Active Directory to authenticate Linux/Unix servers and manage users/groups from AD itself

Can we use Windows Active Directory to authenticate Linux/Unix servers and manage users/groups from AD itself


By : user3569679
Date : March 29 2020, 07:55 AM
I hope this helps . No, there is no such way. FreeIPA is not a tool, it is full functioning identity management system, similar to Active Directory but for POSIX environments. You aren't deploying it on a single machine as a separate application.
There are plenty other tools that utilise existing Active Directory deployment to store own information and handle Linux machines but most of them are commercially available.
OpenLDAP : ACL : Allow users to manager their own groups

OpenLDAP : ACL : Allow users to manager their own groups


By : josh_fi
Date : March 29 2020, 07:55 AM
I hope this helps . My contribution is one option to solve this situation. I know it's been a while, but i hope this helps to someone out there. - Change to groupofnames or organizationalrole (the last one support empty groups) both require a dn as member. - Enable memberof overlay, to enable the memberof operational attribute on the user (this will add the list of groups where the user is a member of, to an attribute in the user entry) olcMemberOfGroupOC: organizationalRole olcMemberOfMemberAD: roleOccupant olcMemberOfMemberOfAD: groups ("groups" is the operational attribute added to the user)
Once both actions where performed and you're sure the users has values on the groups operational attribute, according to the original question, here are 2 scenarios: 1st scenario - user1 is allowed to write user3,ou=users as they belongs to cn=Manager,ou=Roles,ou=Groups 2nd scenario - user1 is allowed to write user2,ou=users as they belongs to cn=Structure1,ou=Structures,ou=Groups by set="this/groups & user/groups" write
shadow
Privacy Policy - Terms - Contact Us © ourworld-yourmove.org