|
|
| Line 138: |
Line 138: |
| Software: OpenLDAP | | Software: OpenLDAP |
|
| |
|
| The LDAP service contains the central database of FeministWiki members. The structure looks like this: | | The LDAP service contains the central database of FeministWiki members. For details on the LDAP schema, see [[FeministWiki:LDAP Schema]]. |
| | |
| * dc=feministwiki,dc=org
| |
| ** ou=members
| |
| *** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org
| |
| *** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org
| |
| *** ...
| |
| ** ou=groups
| |
| *** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...
| |
| | |
| Notes:
| |
| * The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username. This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.
| |
| * The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.
| |
| * The <code>manager</code> field is optional and we use it to record the member who added the member in question.
| |
| | |
| To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html
| |
| | |
| In short, the steps go as follows (these commands ''should'' work verbatim):
| |
| | |
| # Add the ppolicy schema
| |
| ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif
| |
|
| |
| # Enable the ppolicy dynamic module
| |
| ldapmodify -Y external -H ldapi:/// <<EOF
| |
| dn: cn=module{0},cn=config
| |
| changetype: modify
| |
| add: olcModuleLoad
| |
| olcModuleLoad: ppolicy
| |
| EOF
| |
|
| |
| # Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE
| |
| ldapadd -Y external -H ldapi:/// <<EOF
| |
| dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config
| |
| objectClass: olcPPolicyConfig
| |
| olcOverlay: ppolicy
| |
| olcPPolicyHashCleartext: TRUE
| |
| EOF
| |
|
| |
|
| === Wiki === | | === Wiki === |