worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity
LemonLDAP::NG Web SSO
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11155 Commits
107 Branches
123 Tags
109 MiB
 
 
 
 
 
Tag: Branch: Tree: dccb633531
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'dccb633531'
${ noResults }
lemonldap-ng/doc/sources/admin/ldapconfbackend.rst

103 lines
3.2 KiB
Raw Blame History

LDAP configuration backend
==========================
Presentation
------------
You can choose to store LemonLDAP::NG configuration in an LDAP
directory.
|image0|
Advantages:
- Easy to share between servers with remote LDAP access
- Easy to duplicate with LDAP synchronization services (like SyncRepl
in OpenLDAP)
- Security with SSL/TLS
- Access control possible by creating one user for Manager (write) and
another for portal and handlers (read)
- Easy import/export through LDIF files
The configuration will be store under a specific branch, for example
``ou=conf,ou=applications,dc=example,dc=com``.
Each configuration will be represented as an entry, which structural
objectClass is by default ``applicationProcess``. The configuration name
is the same that files, so lmConf-1, lmConf-2, etc. This name is used in
entry DN, for example
``cn=lmConf-1,ou=conf,ou=applications,dc=example,dc=com``.
Then each parameter is one value of the attribute ``description``,
prefixed by its key. For example ``{ldapPort}389``.
The LDIF view of such entry can be:
::
dn: cn=lmConf-1,ou=conf,ou=applications,dc=example,dc=com
objectClass: top
objectClass: applicationProcess
cn: lmConf-1
description: {globalStorage}'Apache::Session::File'
description: {cookieName}'lemonldap'
description: {whatToTrace}'$uid'
...
Configuration
-------------
LDAP server
~~~~~~~~~~~
Configuration objects use standard object class: ``applicationProcess``.
This objectClass allow attributes ``cn`` and ``description``. If your
LDAP server do not manage this objectClass, configure other objectclass
and attributes (see below).
We advice to create a specific LDAP account with write access on
configuration branch.
Next create the configuration branch where you want. Just remember its
DN for LemonLDAP::NG configuration.
LemonLDAP::NG
~~~~~~~~~~~~~
Configure LDAP configuration backend in ``lemonldap-ng.ini``, section
``[configuration]``:
.. code-block:: ini
type = LDAP
ldapServer = ldap://localhost
ldapConfBase = ou=conf,ou=applications,dc=example,dc=com
ldapBindDN = cn=manager,dc=example,dc=com
ldapBindPassword = secret
ldapObjectClass = applicationProcess
ldapAttributeId = cn
ldapAttributeContent = description
Parameters:
- **ldapServer**: LDAP URI of the server
- **ldapConfBase**: DN of configuration branch
- **ldapBindDN**: DN used to bind LDAP
- **ldapBindPassword**: password used to bind LDAP
- **ldapObjectClass**: structural objectclass of configuration entry
(optional)
- **ldapAttributeId**: RDN attribute of configuration entry (optional)
- **ldapAttributeContent**: attribute used to store configuration
values, must be multivalued (optional)
- **ldapVerify**: When using a LDAPS or TLS server, whether or not to validate the server certificate. Possible values: ``require``, ``optional`` or ``none``.
- **ldapCAFile**: This allows you to override the default system-wide
certificate authorities by giving a single file containing the CA used by the
LDAP server.
- **ldapCAPath**: This allows you to override the default system-wide
certificate authorities by giving the path of a directory containing your
trusted certificates.
.. |image0| image:: /documentation/configuration-ldap.png
:class: align-center