Jump to content

FeministWiki:Technical documentation: Difference between revisions

Line 138: Line 138:
Software: OpenLDAP
Software: OpenLDAP


The LDAP service contains the central database of FeministWiki members.  The structure looks like this:
The LDAP service contains the central database of FeministWiki members.  For details on the LDAP schema, see [[FeministWiki:LDAP Schema]].
 
* dc=feministwiki,dc=org
** ou=members
*** cn=''username'' <br/> objectClass: inetOrgPerson <br/> cn: ''username'' <br/> uid: ''username'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash'' <br/> mail: ''username''@feministwiki.org
*** cn=''username2'' <br/> objectClass: inetOrgPerson <br/> cn: ''username2'' <br/> uid: ''username2'' <br/> sn: - <br/> userPassword: {SSHA}''saltedhash2'' <br/> mail: ''username2''@feministwiki.org <br/> manager: cn=''username'',ou=members,dc=feministwiki,dc=org
*** ...
** ou=groups
*** cn=members <br/> objectClass: groupOfNames <br/> cn: members <br/> member: ''username'' <br/> member: ''username2'' <br/> member: ...
 
Notes:
* The <code>cn</code> (common name) and <code>uid</code> (user ID) fields both contain the username.  This is because some software is preconfigured to look at <code>uid</code>, while most look at <code>cn</code>.
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field.
* The <code>manager</code> field is optional and we use it to record the member who added the member in question.
 
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used.  ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html
 
In short, the steps go as follows (these commands ''should'' work verbatim):
 
# Add the ppolicy schema
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif
# Enable the ppolicy dynamic module
ldapmodify -Y external -H ldapi:/// <<EOF
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: ppolicy
EOF
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE
ldapadd -Y external -H ldapi:/// <<EOF
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config
objectClass: olcPPolicyConfig
olcOverlay: ppolicy
olcPPolicyHashCleartext: TRUE
EOF


=== Wiki ===
=== Wiki ===