LDAP Dokumentace

Z HKfree wiki
Verze z 31. 1. 2009, 23:30, kterou vytvořil Pavkriz (diskuse | příspěvky) (pridan priklad v Jave)
Skočit na navigaci Skočit na vyhledávání

Pouziti HKFree LDAPu pro autentizaci je vcelku jednoduche.

  • Uzivatele maji login ve formatu uXXX, kde XXX je jejich uid
  • Heslo je heslo v userdb
  • Synchronizace probiha jednou za den z userdb (vse mimo hesla)
  • base je dc=hkfree,dc=org

BASH

Je treba nainstalovat (aspon v debianu) ldap-utils. Dalsi potrebna vec je pridat do /etc/ldap/ldap.conf toto: 

BASE    dc=hkfree,dc=org
URI     ldap://ldap.hkfree.org

TLS_CACERT      /etc/ssl/certs/hkfree.cer
TLS_REQCERT     try

Nyni si stahnete z https://igw.hkfree.org/download/CA/hkfree.crt do adresare /etc/ssl/certs/ a doinstalujte (v pripade potreby) balik openssl a libsasl2-modules

Jednoduchy test, jestli vse chodi je napriklad: 

ldapsearch -U uMOJE_ID -ZZ -h ldap.hkfree.org

update 12.8.2008: 

ldapwhoami -Uu13 -w $heslo -ZZ
SASL/DIGEST-MD5 authentication started
SASL username: u13
SASL SSF: 128
SASL data security layer installed.
dn:uid=u13,ou=people,dc=hkfree,dc=org

ldapwhoami -x -D"uid=u13,ou=People,dc=hkfree,dc=org" -w $heslo -ZZ
dn:uid=u13,ou=People,dc=hkfree,dc=org


Zmena hesla se da provest pomoci: 

ldappasswd -U uMOJE_ID -ZZ -h ldap.hkfree.org -S

atd.

PERL

viz http://ldap.perl.org 

use Net::LDAP; 
use Authen::SASL;

my $ldapserver = "ldap://ldap.hkfree.org";
my $password = "heslo";
my $user = "uzivatel";
my $dn = "dc=hkfree,dc=org";

my $ldap = Net::LDAP->new($ldapserver, onerror => 'die' );

$ldap->start_tls(
        $verify => 'require'
        );

my $sasl = Authen::SASL->new(
  mechanism => 'CRAM-MD5 PLAIN ANONYMOUS',
  callback => {
    pass => $password,
    user => $user,
  }
);

my $mesg = $ldap->bind( $dn, sasl => $sasl, version => 3 );

Java

public class Main {

    public static boolean authenticate(int uid, String password) {
        Hashtable env = new Hashtable();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://ldap.hkfree.org");
        try {
            LdapContext ctx = new InitialLdapContext(env, null);
            StartTlsResponse tls = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
            tls.negotiate();
            ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");
            ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, "uid=u" + uid + ",ou=People,dc=hkfree,dc=org");
            ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
            Attributes dummyOperationData = ctx.getAttributes("uid=u" + uid + ",ou=People,dc=hkfree,dc=org");
            //System.out.println(dummyOperationData);
            tls.close();
            ctx.close();
            return true;
        } catch (Exception ex) {
            Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
            return false;
        }
    }

    public static void main(String[] args) {
        int uid = 1980;
        String password = "xxx";
        boolean ok = authenticate(uid, password);
        System.out.println(ok);
    }
}


PHP

viz http://www.php.net

Dokumentace

http://linuxwiki.riverworth.com/index.php?title=LDAP_Authentication

Citováno z „http://wiki.hkfree.org/index.php?title=LDAP_Dokumentace&oldid=9397