Actions
The ungleich LDAP guide¶
- Table of contents
- The ungleich LDAP guide
Status¶
This article is IN PROGRESS.
Servers¶
The ldap servers are ldap1.ungleich.ch and ldap2.ungleich.ch.
- All LDAP servers are running in pairs and are using LDAP replication.
- Servers can only be contacted using ldap:// with TLS
- Version 1 servers also support ldaps://
Search all elements¶
ldapsearch -H ldap://ldap1.ungleich.ch -Z -x -D <BINDDN> -b dc=ungleich,dc=ch -w PASSWORD
Setting up new servers¶
The cdist type "__ungleich_ldap" can be used to setup new pairs of LDAP servers. After configuring the host,
LDAP Trees & application permissions¶
- dc=ungleich,dc=ch - root
- ou=customers,dc=ungleich,dc=ch
- Everyone can create an account in here => maybe it should be named publicusers?
- Have access to
- code.ungleich.ch
- redmine.ungleich.ch
- ssh jumphost(s)
- ou=users,dc=ungleich,dc=ch
- Internal users
- Employees
- Additional access to ...
- ou=customers,dc=ungleich,dc=ch
Adding users to ldap¶
There is a webgui at: https://lam.ungleich.ch/lam/
The managager's credentials in pass.
To be clarified¶
Before this document goes into production, we need to clarify:
- Can we base permissions on groups for our applications?
- yes -> we should have all users under the same tree
- no -> need to different trees
- Can we handle ssh keys for our users in LDAP?
- Where do we implement recover password methods
- do we implement this for all users or do we exclude staff?
Updated by ll nu over 5 years ago · 5 revisions