 |
|
You are here: GSI Wiki>ITInfo Web>LDAP (2021-01-13, MatthiasPausch)Edit Attach
LDAP-configuration for clients
Weblogin
The basic parameters for using GSI-weblogin as authentication-backend are as follows| parameter | value | comment |
|---|---|---|
| hostname | ldap.hpc.gsi.de | |
| port | 389 | |
| encryption | starttls | if your client does not support starttls, use ldaps on port 636 |
| basedn (users) | ou=users,ou=weblogin,ou=identities,dc=gsi,dc=de | |
| basedn (groups) | ou=groups,ou=weblogin,ou=identities,dc=gsi,dc=de | a service-account is necessary for using groups, see Service-Account |
Service-Account
It is strongly recommended to use a service-account, when operating a webservice or similiar with weblogin as authentication backend. To request a service-account, open up a ticket on linux-service. A service-account is necessary for using the ldap-group-information.Examples
apache2
See the documentation in the Linux-wiki.bash (anonymous)
ldapsearch -x -LLLZZ -H ldap://ldap.hpc.gsi.de -b ou=users,ou=posix,ou=identities,dc=gsi,dc=de '(sn=musterm*)' givenname
bash (authenticated)
ldapsearch -LLLZZ -H ldap://ldap.hpc.gsi.de -W -D cn=m.mustermann,ou=users,ou=weblogin,ou=identities,dc=gsi,dc=de -b ou=users,ou=weblogin,ou=identities,dc=gsi,dc=de '(sn=musterm*)' givenname
mutt (via lbdb)
See the documentation in the Linux-wiki.php (with group membership)
php (without group membership)
ruby (anonymous search)
#!/usr/bin/env ruby
require 'net/ldap'
ldap = Net::LDAP.new(
host: 'ldap.hpc.gsi.de',
base: 'ou=users,ou=weblogin,ou=identities,dc=gsi,dc=de',
encryption: { method: :start_tls },
force_no_page: true,
auth: {
method: :anonymous
}
)
ldap.search(attributes: ['sn'],
filter: Net::LDAP::Filter.eq('sn', uid)) do |entry|
puts "#{entry.dn}: #{entry.sn}"
end
puts ldap.get_operation_result
-- MatthiasPausch - 2021-01-12 Edit | Attach | Print version | History: r3 < r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r3 - 2021-01-13, MatthiasPausch
- This page was cached on 2024-12-29 - 03:42.
<!-- With LdapContrib WikiUsers becomes irrelevant -->
%IF{"'%WIKINAME%'!='WikiGuest'" then="$n * [[$percentUSERSWEB$percent.$percentWIKIUSERSTOPIC$percent][ $percentICON{\"person\"}$percent $percentMAKETEXT{\"Users\"}$percent]]"}% \
Create New Topic
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
Groups
Aikido
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding GSI Wiki? Send feedback | Legal notice | Privacy Policy (german)