auth:ldap_openldap
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |||
auth:ldap_openldap [2016-03-14 02:12] – old revision restored (2013-09-17 23:58) ach | auth:ldap_openldap [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== LDAP Auth Backend: OpenLDAP Examples ====== | ||
- | | Since the release 2013-05-10 “Weatherwax”\\ see [[plugin: | ||
- | |||
- | Below are example configurations for use with the [[auth: | ||
- | |||
- | ===== With anonymous bind ===== | ||
- | |||
- | <code php> | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | </ | ||
- | |||
- | ===== With anonymous bind and filters ===== | ||
- | |||
- | <code php> | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | </ | ||
- | |||
- | ===== With superuser bind ===== | ||
- | |||
- | <file php> | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | </ | ||
- | |||
- | ===== With Kolab2 schema ===== | ||
- | |||
- | For use with [[http:// | ||
- | |||
- | <code php> | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | </ | ||
- | ===== Fedora Directory Server With Group ===== | ||
- | |||
- | <code php> | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | </ | ||
- | |||
- | Note that you need to use %{dn} for the uniquemember. | ||
- | |||
- | Note: you may need to change line 4:\\ | ||
- | if users in LDAP directory are " | ||
- | < | ||
- | $conf[' | ||
- | </ | ||
- | if users in LDAP directory are only " | ||
- | <code php> | ||
- | $conf[' | ||
- | </ | ||
- | |||
- | ===== OpenLDAP on SuSE Linux Enterprise Server ===== | ||
- | |||
- | This worked for me with a default SLES 10 configuration: | ||
- | |||
- | <code php> | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | </ | ||
- | |||
- | The '' | ||
- | |||
- | ===== Enterprise IPA on Red Hat Enterprise Linux ===== | ||
- | |||
- | [[auth: | ||
- | |||
- | ===== Zimbra 7 with Posix and Samba extension ===== | ||
- | <code php> | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | </ | ||
- | |||
- | ====== Two ldap servers for redundancy | ||
- | ===== slapd proxy ===== | ||
- | As far i know dokuwiki do not suppport multiple servers in ldap configuration. My workoround is to create a local slapd proxy. slapd.conf: | ||
- | |||
- | < | ||
- | # Proxy slapd must contain all schema and objectClass definitions | ||
- | include | ||
- | include | ||
- | include | ||
- | include | ||
- | include | ||
- | |||
- | # Where the pid file is put. The init.d script | ||
- | # will not stop the server if you change this. | ||
- | pidfile | ||
- | |||
- | |||
- | |||
- | # List of arguments that were passed to the server | ||
- | argsfile | ||
- | |||
- | # Read slapd.conf(5) for possible values | ||
- | loglevel | ||
- | |||
- | # The maximum number of entries that is returned for a search operation | ||
- | sizelimit 5000 | ||
- | |||
- | # The tool-threads parameter sets the actual amount of cpu's that is used | ||
- | # for indexing. | ||
- | tool-threads 1 | ||
- | |||
- | # Ensure read access to the base for things like | ||
- | # supportedSASLMechanisms. | ||
- | # have problems with SASL not knowing what | ||
- | # mechanisms are available and the like. | ||
- | # Note that this is covered by the ' | ||
- | # ACL below too but if you change that as people | ||
- | # are wont to do you'll still need this if you | ||
- | # want SASL (and possible other things) to work | ||
- | # happily. | ||
- | |||
- | access to dn.base="" | ||
- | |||
- | |||
- | |||
- | # by default we proxy all request | ||
- | access to * by * read | ||
- | |||
- | # from slapd-ldap(5) | ||
- | backend | ||
- | database | ||
- | suffix | ||
- | rootdn | ||
- | uri " | ||
- | tls ldaps | ||
- | |||
- | |||
- | # timeouts in seconds | ||
- | network-timeout 2 | ||
- | timeout 2 | ||
- | conn-ttl 2 | ||
- | rebind-as-user yes | ||
- | |||
- | # in case of debug problems | ||
- | # session-tracking-request yes | ||
- | |||
- | </ | ||
- | |||
- | It's recomended to restrict slapd to loopback interface and socket by demon argument options: | ||
- | < | ||
- | -h ldap:// | ||
- | </ | ||
- | If everything is right, u can change url in dokuwiki config | ||
- | |||
- | |||
- | |||
- | < | ||
- | $conf[' | ||
- | </ | ||
- | |||
- | and now downtime one of ldap servers is not critical. | ||
- | |||
auth/ldap_openldap.1457917978.txt.gz · Last modified: 2016-03-14 02:12 (external edit)