meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
ldap:openldap [2018/07/31 09:57] niziakldap:openldap [2018/08/01 12:05] (current) niziak
Line 5: Line 5:
     * Readme:[[https://github.com/osixia/docker-openldap|github]]     * Readme:[[https://github.com/osixia/docker-openldap|github]]
     * [[https://github.com/osixia/docker-openldap/blob/stable/example/docker-compose.yml|docker-compose.yml]]     * [[https://github.com/osixia/docker-openldap/blob/stable/example/docker-compose.yml|docker-compose.yml]]
 +  * OpenLDAP Backup [[https://github.com/osixia/docker-openldap-backup]]
   * [[http://directory.apache.org/studio/download/download-linux.html|Apache Directory Studio]]   * [[http://directory.apache.org/studio/download/download-linux.html|Apache Directory Studio]]
   * LDAP Account Manager    * LDAP Account Manager 
Line 23: Line 24:
     * access by "cn=admin,cn=config"     * access by "cn=admin,cn=config"
     * default password "config"     * default password "config"
 +    * **BaseDN: 'cn=config'** - use [[http://directory.apache.org/studio/|Apache Directory Studio]] to connect
 +
 +===== ACL =====
 +
 +[[https://www.openldap.org/doc/admin24/access-control.html]]
 +
 +Order matters in ACL rules. LDAP will stop looking on the first match. So new acl entries should be inserted before default ones.
 +
 +Default entries:
 +<code>
 +olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,dc=example,dc=org" write by anonymous auth by * none
 +olcAccess: {1}to * by self read by dn="cn=admin,dc=example,dc=org" write by * none
 +</code>
 +  * olcAccess: {0}to attrs=userPassword,shadowLastChange
 +    * by self write 
 +    * by dn="cn=admin,dc=example,dc=org" write 
 +    * by anonymous auth 
 +    * by * none
 +  * olcAccess: {1}to * 
 +    * by self read 
 +    * by dn="cn=admin,dc=example,dc=org" write 
 +    * by * none
 +
 +
 +
 +Giving user: **uid=nextcloudsystemuser,ou=it,dc=grinn-global,dc=com** rights:
 +  * Entry to edit: **olcDatabase={1}mdb,cn=config**
 +  * Attribute to add: **olcAccess**
 +  * to by dn.exact="uid=nextcloudsystemuser,ou=it,dc=grinn-global,dc=com" read
 +
 +
 +==== Examples ====
 +
 +
 +<code>olcAccess: {1}to dn.base="" by * read</code>
 +
 +  * Give user access to modify photo: <code>olcAccess: to attrs=jpegPhoto by self write by * read</codE>