![]() Types: attr_group: #cn #gidNumber #memberUID #description Types: suffix_group: ou =Groups,dc =batcave,dc =gotham Types: modules_user: inetOrgPerson,posixAccount,shadowAccount Types: attr_user: #uid #givenName #sn #uidNumber #gidNumber Types: suffix_user: ou =People,dc =batcave,dc =gotham Modules: posixAccount_host_maxMachine: 60000 Modules: posixAccount_host_minMachine: 50000 ScriptRights: 750 # Number of minutes LAM caches LDAP searches. ![]() # default language (a line from config/language) Password: h39N9+gg/Qf1K/986VkKrjWlkcI = S/IAUQ = # suffix of tree view # e.g. # password to add/delete/rename configuration profiles (default: lam) What you'll end up with is a directory structure which will allow integration with popular tools ( NextCloud, Kanboard, Gitlab, etc), as well as with Keycloak ( an upcoming recipe), for true SSO. This recipe combines the raw power of OpenLDAP with the flexibility and featureset of LDAP Account Manager. There are many tools which will let you interact with your LDAP database via a(n ugly) UI. ![]() The nice thing about OpenLDAP is, like MySQL, once you've setup the server, you probably never have to interact directly with it. As soon as you start sharing tools with collaborators ( think 10 staff using NextCloud), you suddenly feel the pain of managing a growing collection of local user accounts per-service.Įnter OpenLDAP - the most crusty, PITA, fiddly platform to setup ( yes, I'm a little bitter, dynamic configuration backend!), but hugely useful for one job - a Lightweight Protocol for managing a Directory used for Access ( see what I did there?) ![]() If you're the only user of your tools, it probably doesn't bother you too much to setup new user accounts for every tool. Many of the recipes featured in the cookbook ( NextCloud, Kanboard, Gitlab, etc) offer LDAP integration. LDAP is probably the most ubiquitous authentication backend, before the current era of " stupid social sign-ons". ![]()
0 Comments
Leave a Reply. |