FeministWiki:LDAP Schema: Difference between revisions

← Older edit

FeministWiki:LDAP Schema (view source)

Revision as of 00:49, 12 January 2024

710 bytes added , 12 January

no edit summary

Technician

Bureaucrats, Interface administrators, Administrators

1,086

edits

@@ Line 38: / Line 38: @@
 * The <code>fwRecoveryMail</code> field may hold a mail address that will be used for password reset requests.  It's different from the primary mail address because that one may be the member's FeministWiki address, which they can't access if they've lost their password.
 * The <code>manager</code> contains the DN (distinguished name) of the member who added the member.  It may be empty for special member accounts like "Administrator" or the "Deleted" pseudo-account.
+=== Tips on the usage of ldap commands ===
+Commands such as ldapsearch, ldapmodify, etc. require authentication.  The correct method depends on whether you want to interact with the configuration database found in {{C|/etc/ldap/slapd.d}}, or the actual data database found in {{C|/var/lib/ldap}}.
+For configuration, use {{C|-Y external -H ldapi://}} to connect directly with root permissions, so no actual LDAP domain login is needed.
+For data, use {{C|-xy ~/pwd/ldap}} to use the LDAP domain admin password.  The file {{C|~/.ldaprc}} should contain {{C|BINDDN cn=admin,dc=feministwiki,dc=org}} so you don't have to specify the domain admin explicitly every time.
 === Read-only user ===
@@ Line 103: / Line 111: @@
 In short, the steps go as follows (these commands ''should'' work verbatim):
-  # Add the ppolicy schema
+  # Only needed on old versions of slapd, to add the ppolicy schema
-  ldapadd -Y external -H ldapi:// < /etc/ldap/schema/ppolicy.ldif
+  #ldapadd -Y external -H ldapi:// < /etc/ldap/schema/ppolicy.ldif
   # Enable the ppolicy dynamic module