The ungleich LDAP guide¶

• Table of contents
• The ungleich LDAP guide
  • Status
  • Servers
  • Search all elements
  • Setting up new servers
  • LDAP Trees & application permissions

Status¶

This article is IN PROGRESS.

Servers¶

• All LDAP servers are running in pairs and are using LDAP replication.
• Servers can only be contacted using ldap:// with TLS
  • Version 1 servers also support ldaps://

Search all elements¶

ldapsearch  -H ldap://ldap1.ungleich.ch -Z -x -D <BINDDN> -b dc=ungleich,dc=ch -w PASSWORD

Setting up new servers¶

The cdist type "__ungleich_ldap" can be used to setup new pairs of LDAP servers. After configuring the host,

LDAP Trees & application permissions¶

• dc=ungleich,dc=ch - root
  • ou=customers,dc=ungleich,dc=ch
    • Everyone can create an account in here => maybe it should be named publicusers?
    • Have access to
      • code.ungleich.ch
      • redmine.ungleich.ch
      • ssh jumphost(s)
  • ou=users,dc=ungleich,dc=ch
    • Internal users
    • Employees
    • Additional access to ...
      • ?