LDAP-configuration for clients

Weblogin

The basic parameters for using GSI-weblogin as authentication-backend are as follows

parameterSorted ascending value comment
basedn (groups) ou=groups,ou=weblogin,ou=identities,dc=gsi,dc=de a service-account is necessary for using groups, see Service-Account
basedn (users) ou=users,ou=weblogin,ou=identities,dc=gsi,dc=de
encryption starttls if your client does not support starttls, use ldaps on port 636
hostname ldap.hpc.gsi.de
port 389

Service-Account

It is strongly recommended to use a service-account, when operating a webservice or similiar with weblogin as authentication backend. To request a service-account, open up a ticket on linux-service. A service-account is necessary for using the ldap-group-information.

Examples

apache2

See the documentation in the Linux-wiki.

bash (anonymous)

ldapsearch -x -LLLZZ -H ldap://ldap.hpc.gsi.de -b ou=users,ou=posix,ou=identities,dc=gsi,dc=de '(sn=musterm*)' givenname

bash (authenticated)

ldapsearch -LLLZZ -H ldap://ldap.hpc.gsi.de -W -D cn=m.mustermann,ou=users,ou=weblogin,ou=identities,dc=gsi,dc=de -b ou=users,ou=weblogin,ou=identities,dc=gsi,dc=de '(sn=musterm*)' givenname

mutt (via lbdb)

See the documentation in the Linux-wiki.

php (with group membership)

php (without group membership)

ruby (anonymous search)

#!/usr/bin/env ruby
require 'net/ldap'

ldap = Net::LDAP.new(
  host: 'ldap.hpc.gsi.de',
  base: 'ou=users,ou=weblogin,ou=identities,dc=gsi,dc=de',
  encryption: { method: :start_tls },
  force_no_page: true,
  auth: {
    method: :anonymous
  }
)

ldap.search(attributes: ['sn'],
            filter: Net::LDAP::Filter.eq('sn', uid)) do |entry|
  puts "#{entry.dn}: #{entry.sn}"
end

puts ldap.get_operation_result

-- MatthiasPausch - 2021-01-12
Topic revision: r3 - 2021-01-13, MatthiasPausch
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding GSI Wiki? Send feedback | Legal notice | Privacy Policy (german)