LDAP Dokumentace
Skočit na navigaci
Skočit na vyhledávání
Pouziti HKFree LDAPu pro autentizaci je vcelku jednoduche.
- Uzivatele maji login ve formatu uXXX, kde XXX je jejich uid
- Heslo je heslo v userdb
- Synchronizace probiha jednou za den z userdb (vse mimo hesla)
- base je dc=hkfree,dc=org
Obsah
BASH
Je treba nainstalovat (aspon v debianu) ldap-utils. Dalsi potrebna vec je pridat do /etc/ldap/ldap.conf toto:
BASE dc=hkfree,dc=org URI ldap://ldap.hkfree.org TLS_CACERT /etc/ssl/certs/hkfree.cer TLS_REQCERT try
Nyni si stahnete z https://igw.hkfree.org/download/CA/hkfree.crt do adresare /etc/ssl/certs/ a doinstalujte (v pripade potreby) balik openssl a libsasl2-modules
Jednoduchy test, jestli vse chodi je napriklad:
ldapsearch -U uMOJE_ID -ZZ -h ldap.hkfree.org
update 12.8.2008:
ldapwhoami -Uu13 -w $heslo -ZZ SASL/DIGEST-MD5 authentication started SASL username: u13 SASL SSF: 128 SASL data security layer installed. dn:uid=u13,ou=people,dc=hkfree,dc=org ldapwhoami -x -D"uid=u13,ou=People,dc=hkfree,dc=org" -w $heslo -ZZ dn:uid=u13,ou=People,dc=hkfree,dc=org
Zmena hesla se da provest pomoci:
ldappasswd -U uMOJE_ID -ZZ -h ldap.hkfree.org -S
atd.
PERL
use Net::LDAP; use Authen::SASL; my $ldapserver = "ldap://ldap.hkfree.org"; my $password = "heslo"; my $user = "uzivatel"; my $dn = "dc=hkfree,dc=org"; my $ldap = Net::LDAP->new($ldapserver, onerror => 'die' ); $ldap->start_tls( $verify => 'require' ); my $sasl = Authen::SASL->new( mechanism => 'CRAM-MD5 PLAIN ANONYMOUS', callback => { pass => $password, user => $user, } ); my $mesg = $ldap->bind( $dn, sasl => $sasl, version => 3 );
PHP
Dokumentace
http://linuxwiki.riverworth.com/index.php?title=LDAP_Authentication