The ungleich LDAP guide » History » Version 2
Nico Schottelius, 02/09/2019 06:34 PM
| 1 | 1 | Nico Schottelius | h1. The ungleich LDAP guide |
|---|---|---|---|
| 2 | |||
| 3 | 2 | Nico Schottelius | {{toc}} |
| 4 | |||
| 5 | 1 | Nico Schottelius | h2. Status |
| 6 | |||
| 7 | This article is *IN PROGRESS*. |
||
| 8 | |||
| 9 | h2. Servers |
||
| 10 | |||
| 11 | * All LDAP servers are running in pairs and are using LDAP replication. |
||
| 12 | * Servers can only be contacted using ldap:// with TLS |
||
| 13 | ** Version 1 servers also support ldaps:// |
||
| 14 | |||
| 15 | |||
| 16 | h2. Search all elements |
||
| 17 | |||
| 18 | <pre> |
||
| 19 | ldapsearch -H ldap://ldap1.ungleich.ch -Z -x -D <BINDDN> -b dc=ungleich,dc=ch -w PASSWORD |
||
| 20 | </pre> |
||
| 21 | |||
| 22 | h2. Setting up new servers |
||
| 23 | |||
| 24 | The cdist type "__ungleich_ldap" can be used to setup new pairs of LDAP servers. After configuring the host, |
||
| 25 | 2 | Nico Schottelius | |
| 26 | h2. LDAP Trees & application permissions |
||
| 27 | |||
| 28 | * dc=ungleich,dc=ch - root |
||
| 29 | ** ou=customers,dc=ungleich,dc=ch |
||
| 30 | *** Everyone can create an account in here => maybe it should be named publicusers? |
||
| 31 | *** Have access to |
||
| 32 | **** code.ungleich.ch |
||
| 33 | **** redmine.ungleich.ch |
||
| 34 | **** ssh jumphost(s) |
||
| 35 | ** ou=users,dc=ungleich,dc=ch |
||
| 36 | *** Internal users |
||
| 37 | *** Employees |
||
| 38 | *** Additional access to ... |
||
| 39 | **** ? |