LDAP: Difference between revisions

From RevSpace
Jump to navigation Jump to search
m (Rename sudoers group)
m (Migrated!)
Line 2: Line 2:


=Backend=
=Backend=
Under migration to below new install - not all services might be configured yet.


* Server: ldap2.space.revspace.nl
* Server: ldap2.space.revspace.nl

Revision as of 22:53, 22 March 2024

The Lightweight Directory Access Protocol (LDAP) is used in RevSpace in most places where authentication is required.

Backend

  • Server: ldap2.space.revspace.nl
    • IP: 10.42.42.9
    • Port: 636 (TLS)
  • Software: slapd (openldap)
    • Config: /etc/ldap/slapd.conf
  • Database: LDIF (for easy recovery/editing)
    • Location: /var/lib/ldap/data
  • ACL: yes

Access

  • From ldap2 itself: # shelldap
  • From anywhere in the space network: ldap2:636 (TLS)

Layout

dc=space,dc=revspace,dc=nl
`-+- ou=groups         # groepen van entiteiten (optioneel posixGroup)
  |  `-+- cn=board        # groep van bestuursleden
  |    `- cn=sudo         # groep van sysadmins
  +- ou=people         # natuurlijke personen
  |  `- uid=...
  +- ou=services       # niet-natuurlijke personen
  |  `- cn=...
  `- cn=admin          # fallback admin account (emergency, console access, hardcoded in slapd.conf)

Services

Retrieved from ‘https://revspace.nl/wiki/index.php?title=LDAP&oldid=32195