Version 3 - History - The ungleich LDAP guide - Open Infrastructure - ungleich redmine

The ungleich LDAP guide » History » Version 3

Nico Schottelius, 02/09/2019 06:38 PM

-Nico Schottelius
+h1. The ungleich LDAP guide
-Nico Schottelius
+{{toc}}
-Nico Schottelius
+h2. Status
 This article is *IN PROGRESS*.
 h2. Servers
 * All LDAP servers are running in pairs and are using LDAP replication.
 * Servers can only be contacted using ldap:// with TLS
 ** Version 1 servers also support ldaps://
 h2. Search all elements
 <pre>
 ldapsearch  -H ldap://ldap1.ungleich.ch -Z -x -D <BINDDN> -b dc=ungleich,dc=ch -w PASSWORD
 </pre>
 h2. Setting up new servers
-Nico Schottelius
+The cdist type "__ungleich_ldap" can be used to setup new pairs of LDAP servers. After configuring the host,
 Nico Schottelius
 h2. LDAP Trees & application permissions
 * dc=ungleich,dc=ch - root
 ** ou=customers,dc=ungleich,dc=ch
 *** Everyone can create an account in here => maybe it should be named publicusers?
 *** Have access to
 **** code.ungleich.ch
 **** redmine.ungleich.ch
 **** ssh jumphost(s)
 ** ou=users,dc=ungleich,dc=ch
 *** Internal users
 *** Employees
-Nico Schottelius
+*** Additional access to ...
 Nico Schottelius
 h3. To be clarified
 Before this document goes into production, we need to clarify:
 * Can we base permissions on groups for our applications?
 ** yes -> we should have all users under the same tree
 ** no -> need to different trees
 * Can we handle ssh keys for our users in LDAP?
 * Where do we implement recover password methods
 ** do we implement this for all users or do we exclude staff?