meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
ldap:openldap [2018/07/31 09:36] niziakldap:openldap [2018/08/01 12:05] (current) niziak
Line 1: Line 1:
 +====== Utils ======
 +  * OpenLDAP + phpLDAPAdmin Docker
 +    * Tags: [[https://hub.docker.com/r/osixia/openldap/tags/|osixia/openldap:1.2.1]]
 +    * Latest release: 1.2.1 - OpenLDAP 2.4.44 
 +    * Readme:[[https://github.com/osixia/docker-openldap|github]]
 +    * [[https://github.com/osixia/docker-openldap/blob/stable/example/docker-compose.yml|docker-compose.yml]]
 +  * OpenLDAP Backup [[https://github.com/osixia/docker-openldap-backup]]
 +  * [[http://directory.apache.org/studio/download/download-linux.html|Apache Directory Studio]]
   * LDAP Account Manager    * LDAP Account Manager 
-    *Docker: https://hub.docker.com/r/mwaeckerlin/lam/+    * Docker: https://hub.docker.com/r/mwaeckerlin/lam/ 
 +    * <code bash>docker run -d -p 8123:80 --name lam mwaeckerlin/lam</code> 
 +      * goto **LAM configuration** / **Edit general settings**, login with default password **lam** and Change master password. Then go back and still with password lam go to Edit server profiles to setup your OpenLDAP  
 +      * user: Manager, password: lam
  
 ====== cn=config ====== ====== cn=config ======
Line 13: Line 24:
     * access by "cn=admin,cn=config"     * access by "cn=admin,cn=config"
     * default password "config"     * default password "config"
 +    * **BaseDN: 'cn=config'** - use [[http://directory.apache.org/studio/|Apache Directory Studio]] to connect
 +
 +===== ACL =====
 +
 +[[https://www.openldap.org/doc/admin24/access-control.html]]
 +
 +Order matters in ACL rules. LDAP will stop looking on the first match. So new acl entries should be inserted before default ones.
 +
 +Default entries:
 +<code>
 +olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,dc=example,dc=org" write by anonymous auth by * none
 +olcAccess: {1}to * by self read by dn="cn=admin,dc=example,dc=org" write by * none
 +</code>
 +  * olcAccess: {0}to attrs=userPassword,shadowLastChange
 +    * by self write 
 +    * by dn="cn=admin,dc=example,dc=org" write 
 +    * by anonymous auth 
 +    * by * none
 +  * olcAccess: {1}to * 
 +    * by self read 
 +    * by dn="cn=admin,dc=example,dc=org" write 
 +    * by * none
 +
 +
 +
 +Giving user: **uid=nextcloudsystemuser,ou=it,dc=grinn-global,dc=com** rights:
 +  * Entry to edit: **olcDatabase={1}mdb,cn=config**
 +  * Attribute to add: **olcAccess**
 +  * to by dn.exact="uid=nextcloudsystemuser,ou=it,dc=grinn-global,dc=com" read
 +
 +
 +==== Examples ====
 +
 +
 +<code>olcAccess: {1}to dn.base="" by * read</code>
 +
 +  * Give user access to modify photo: <code>olcAccess: to attrs=jpegPhoto by self write by * read</codE>