<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"> <head> <meta name="generator" content= "HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org" /> <title>Lemonldap::NG documentation: 4.3-LDAP-configuration-backend.html</title> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" /> <style type="text/css"> /*<![CDATA[*/ body{ background: #ddd; font-family: sans-serif; font-size: 11pt; padding: 0 50px; } div.main-content{ padding: 10px; background: #fff; border: 2px #ccc solid; } a{ text-decoration: none; } p.footer{ text-align: center; margin: 5px 0 0 0; } .heading-1{ text-align: center; color: orange; font-variant: small-caps; font-size: 20pt; } .heading-1-1{ color: orange; font-size: 14pt; border-bottom: 2px #ccc solid; } pre{ background: #eee; border: 2px #ccc solid; padding: 5px; border-left: 10px #ccc solid; } ul.star li{ list-style-type: square; } /*]]>*/ </style> </head> <body> <div class="main-content"> <h2 class="heading-1"><span id="HLDAPconfigurationbackend">LDAP configuration backend</span></h2> <p class="paragraph"></p> <ul> <li><a href="#HPresentation">Presentation</a></li> <li><a href="#HLDAPconfiguration">LDAP configuration</a></li> <li><a href="#HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG configuration</a></li> <li><a href="#HImport">Import</a></li> </ul><strong class="strong">Available for LemonLDAP::NG >= 0.9.4</strong> <h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3> <p class="paragraph"></p>You can choose to store LemonLDAP::NG configuration in an LDAP directory. <p class="paragraph"></p><strong class="strong">Advantages:</strong> <ul class="star"> <li>Easy to share between servers with remote LDAP access</li> <li>Easy to duplicate with LDAP synchronization services (like SyncRepl in OpenLDAP)</li> <li>Security with SSL/TLS</li> <li>Access control possible by creating one user for Manager (write) and another for portal and handlers (read)</li> <li>Easy import/export through LDIF files</li> </ul>The configuration will be store under a specific branch, for example <strong class="strong">ou=conf,ou=applications,dc=example,dc=com</strong>. <p class="paragraph"></p>Each configuration will be represented as an entry, which strucutral objectClass is <strong class= "strong">applicationProcess</strong>. This objectClass is included in every core schemas. <p class="paragraph"></p>The configuration name is the same that files, so lmConf-1, lmConf-2, etc. This name is used in entry DN, for example <strong class= "strong">cn=lmConf-1,ou=conf,ou=applications,dc=example,dc=com</strong>. <p class="paragraph"></p>Then each parameter is one value of the attribute <strong class="strong">description</strong>, prefixed by its key. For example <strong class="strong">{ldapPort}389</strong>. <p class="paragraph"></p>The LDIF view of such entry can be: <p class="paragraph"></p> <div class="code"> <pre> dn: cn=lmConf-1,ou=conf,ou=applications,dc=example,dc=com objectClass: top objectClass: applicationProcess cn: lmConf-1 description: {globalStorage}'Apache::Session::File' description: {cookieName}'lemonldap' description: {whatToTrace}'$uid' description: {exportedVars}'$data1 = {'uid' => 'uid','cn' => 'cn','mail' => 'mail'};' description: {ldapPort}389 description: {authentication}'ldap' description: {locationRules}'$data1 = {'test2.example.com' => {'<span class="java-keyword">default</span>' => 'accept','^/logout' => 'logout_sso <span class="nobr"><a href="http://auth.example.com'&#125;,'test1.example.com'">http://auth.example.com'},'test1.example.com'</a></span> => {'<span class="java-keyword">default</span>' => 'accept','^/logout' => 'logout_sso <span class="nobr"><a href="http://auth.example.com'&#125;&#125;;'">http://auth.example.com'}};'</a></span> description: {domain}'example.com' description: {timeout}7200 description: {groups}'$data1 = {};' description: {portal}'http://auth.example.com/' description: {ldapServer}'localhost' description: {exportedHeaders}'$data1 = {'test2.example.com' => {'Auth-User' => '$uid'},'test1.example.com' => {'Auth-User' => '$uid'}};' description: {ldapBase}'dc=example,dc=net' description: {macros}'$data1 = {};' description: {globalStorageOptions}'$data1 = {'Directory' => '/usr/local/lemonldap-ng/data/sessions','LockDirectory' => '/usr/local/lemonldap-ng/data/sessions/lock'};' description: {managerPassword}'' description: {cfgNum}1 description: {securedCookie}0 description: {managerDn}'' </pre> </div> <h3 class="heading-1-1"><span id="HLDAPconfiguration">LDAP configuration</span></h3> <p class="paragraph"></p>We advice to create a specific LDAP account with write access on configuration branch. Next create the configuration branch where you want. Just remember its DN for LemonLDAP::NG configuration. <h3 class="heading-1-1"><span id= "HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG configuration</span></h3> <p class="paragraph"></p>You can set this directly in <strong class= "strong">storage.conf</strong>: <p class="paragraph"></p> <div class="code"> <pre> type = LDAP ldapServer = ldap://localhost ldapConfBase = ou=conf,ou=applications,dc=example,dc=com ldapBindDN = cn=manager,dc=example,dc=com ldapBindPassword = secret </pre> </div> <h3 class="heading-1-1"><span id="HImport">Import</span></h3><br /> <br /> Use script named <strong class="strong">lmConfig_File2LDIF</strong> shipped with LemonLDAP::NG:<br /> <br /> <div class="code"> <pre> $ lmConfig_File2LDIF -b <span class= "java-quote">"ou=conf,ou=applications,dc=example,dc=com"</span> /usr/local/lemonldap-ng/data/conf/lmConf-1 </pre> </div><br /> <br /> You can use <strong class="strong">-c</strong> to print the branch above configuration entry in LDIF file. In this case, the branch <strong class= "strong">must</strong> use <strong class="strong">ou</strong> as RDN attribute.<br /> <br /> You can import LDIF directly in your directory:<br /> <br /> <div class="code"> <pre> $ lmConfig_File2LDIF -c -b <span class= "java-quote">"ou=conf,ou=applications,dc=example,dc=com"</span> /usr/local/lemonldap-ng/data/conf/lmConf-1 | ldapadd -x -D "cn=manager,dc=example,dc=com -w secret </pre> </div> </div> <p class="footer"><a href="index.html">Index</a></p> </body> </html>