1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181
|
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:1.9:ldapconfbackend</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,1.9,ldapconfbackend"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="ldapconfbackend.html"/>
<link rel="contents" href="ldapconfbackend.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:1.9';var JSINFO = {"id":"documentation:1.9:ldapconfbackend","namespace":"documentation:1.9"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#ldap_server">LDAP server</a></div></li>
<li class="level2"><div class="li"><a href="#lemonldapng">LemonLDAP::NG</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="ldap_configuration_backend">LDAP configuration backend</h1>
<div class="level1">
</div>
<!-- EDIT1 SECTION "LDAP configuration backend" [1-42] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
You can choose to store LemonLDAP::NG configuration in an LDAP directory.
</p>
<p>
<a href="documentation/configuration-ldap.png_documentation_1.9_ldapconfbackend.html" class="media" title="documentation:configuration-ldap.png"><img src="documentation/configuration-ldap.png" class="mediacenter" alt="" /></a>
</p>
<p>
Advantages:
</p>
<ul>
<li class="level1"><div class="li"> Easy to share between servers with remote LDAP access</div>
</li>
<li class="level1"><div class="li"> Easy to duplicate with LDAP synchronization services (like SyncRepl in OpenLDAP)</div>
</li>
<li class="level1"><div class="li"> Security with SSL/TLS</div>
</li>
<li class="level1"><div class="li"> Access control possible by creating one user for Manager (write) and another for portal and handlers (read)</div>
</li>
<li class="level1"><div class="li"> Easy import/export through LDIF files</div>
</li>
</ul>
<p>
The configuration will be store under a specific branch, for example <code>ou=conf,ou=applications,dc=example,dc=com</code>.
</p>
<p>
Each configuration will be represented as an entry, which structural objectClass is by default <code>applicationProcess</code>. The configuration name is the same that files, so lmConf-1, lmConf-2, etc. This name is used in entry <abbr title="Distinguished Name">DN</abbr>, for example <code>cn=lmConf-1,ou=conf,ou=applications,dc=example,dc=com</code>.
</p>
<p>
Then each parameter is one value of the attribute <code>description</code>, prefixed by its key. For example <code>{ldapPort}389</code>.
</p>
<p>
The LDIF view of such entry can be:
</p>
<pre class="file">dn: cn=lmConf-1,ou=conf,ou=applications,dc=example,dc=com
objectClass: top
objectClass: applicationProcess
cn: lmConf-1
description: {globalStorage}'Apache::Session::File'
description: {cookieName}'lemonldap'
description: {whatToTrace}'$uid'
...</pre>
</div>
<!-- EDIT2 SECTION "Presentation" [43-1359] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT3 SECTION "Configuration" [1360-1386] -->
<h3 class="sectionedit4" id="ldap_server">LDAP server</h3>
<div class="level3">
<p>
Configuration objects use standard object class: <code>applicationProcess</code>. This objectClass allow attributes <code>cn</code> and <code>description</code>. If your LDAP server do not manage this objectClass, configure other objectclass and attributes (see below).
</p>
<p>
We advice to create a specific LDAP account with write access on configuration branch.
</p>
<p>
Next create the configuration branch where you want. Just remember its <abbr title="Distinguished Name">DN</abbr> for LemonLDAP::NG configuration.
</p>
</div>
<!-- EDIT4 SECTION "LDAP server" [1387-1850] -->
<h3 class="sectionedit5" id="lemonldapng">LemonLDAP::NG</h3>
<div class="level3">
<p>
Configure LDAP configuration backend in <code>lemonldap-ng.ini</code>, section <code>[configuration]</code>:
</p>
<pre class="code file ini"><span class="re1">type</span> <span class="sy0">=</span><span class="re2"> LDAP</span>
<span class="re1">ldapServer</span> <span class="sy0">=</span><span class="re2"> ldap://localhost</span>
<span class="re1">ldapConfBase</span> <span class="sy0">=</span><span class="re2"> ou=conf,ou=applications,dc=example,dc=com</span>
<span class="re1">ldapBindDN</span> <span class="sy0">=</span><span class="re2"> cn=manager,dc=example,dc=com</span>
<span class="re1">ldapBindPassword</span> <span class="sy0">=</span><span class="re2"> secret</span>
<span class="re1">ldapObjectClass</span> <span class="sy0">=</span><span class="re2"> applicationProcess</span>
<span class="re1">ldapAttributeId</span> <span class="sy0">=</span><span class="re2"> cn</span>
<span class="re1">ldapAttributeContent</span> <span class="sy0">=</span><span class="re2"> description</span></pre>
<p>
Parameters:
</p>
<ul>
<li class="level1"><div class="li"> <strong>ldapServer</strong>: LDAP <abbr title="Uniform Resource Identifier">URI</abbr> of the server</div>
</li>
<li class="level1"><div class="li"> <strong>ldapConfBase</strong>: <abbr title="Distinguished Name">DN</abbr> of configuration branch</div>
</li>
<li class="level1"><div class="li"> <strong>ldapBindDN</strong>: <abbr title="Distinguished Name">DN</abbr> used to bind LDAP</div>
</li>
<li class="level1"><div class="li"> <strong>ldapBindPassword</strong>: password used to bind LDAP</div>
</li>
<li class="level1"><div class="li"> <strong>ldapObjectClass</strong>: structural objectclass of configuration entry (optional)</div>
</li>
<li class="level1"><div class="li"> <strong>ldapAttributeId</strong>: RDN attribute of configuration entry (optional)</div>
</li>
<li class="level1"><div class="li"> <strong>ldapAttributeContent</strong>: attribute used to store configuration values, must be multivalued (optional)</div>
</li>
</ul>
</div>
<!-- EDIT5 SECTION "LemonLDAP::NG" [1851-] --></div>
</body>
</html>
|