LDAP

From RevSpace
Revision as of 22:53, 22 March 2024 by Shiz (talk | contribs) (Rename sudoers group)
Jump to navigation Jump to search

The Lightweight Directory Access Protocol (LDAP) is used in RevSpace in most places where authentication is required.

Backend

Under migration to below new install - not all services might be configured yet.

  • Server: ldap2.space.revspace.nl
    • IP: 10.42.42.9
    • Port: 636 (TLS)
  • Software: slapd (openldap)
    • Config: /etc/ldap/slapd.conf
  • Database: LDIF (for easy recovery/editing)
    • Location: /var/lib/ldap/data
  • ACL: yes

Access

  • From ldap2 itself: # shelldap
  • From anywhere in the space network: ldap2:636 (TLS)

Layout

dc=space,dc=revspace,dc=nl
`-+- ou=groups         # groepen van entiteiten (optioneel posixGroup)
  |  `-+- cn=board        # groep van bestuursleden
  |    `- cn=sudo         # groep van sysadmins
  +- ou=people         # natuurlijke personen
  |  `- uid=...
  +- ou=services       # niet-natuurlijke personen
  |  `- cn=...
  `- cn=admin          # fallback admin account (emergency, console access, hardcoded in slapd.conf)

Services