Admin ldap

From TUTOS

Revision as of 18:12, 21 September 2009 by DomdoMdoma (Talk | contribs)

fiber optic stars make up artist movie methamphetamines tennis upskirt gallery image movie outsider to calculate percent yield blonde mom ah my goddess the movie download ewave sampras pics qantas domestic flights in new zealand merck disaster recovery planning retinal necrosis duke of hazzard ringtone verizon alcohol effects side wellbutrin oscar mayer site need for speed underground 2 nocd crack by reloaded video editor ji seong korean alt.sex.stories objective experimentation audiovox cdm8910 ringtone modify movie hill king ringtone sylvia panda pockettunes deluxe hawaiian bracelets sweet valley high macroscale and microscale organic experiments solutions salt lake tribune movie database url mouse cartoon movie activation code larry leisure suit uncut young breast paul dominick movie rocket team scream the movie images playboy free video preview ls1 camaro videos paint shop pro crack code promise and peril of international trade rock salt page mp3 sound cutter 1.41 crack drusilla movie in lincoln ne page amc movie.com los angeles zip code bus tours to nascar race one way car rentals in acapulco mexico adware personal se hawaii vacation home rentals hawaii honeymoon romantic dollar rent car discounted vacation packages to bahamas car cheap company heathrow rental cheap bus travel florida hospital tampa veteran arkansas jonesboro junk yard northern european cruise links arkansas chamber commerce rogers floridas discount hotel deals holiday travel of america aaa car discount rental outer banks vacation home rentals club quarters midtown cheapest europe tour vacation package one way airline ticket california image self arkansas dept of health locals advice travel san diego colorado landlord tenant act map asia travel agent california tunnels blue collar comedy tour tickets hawaii big island tour michigan direct student loans map kansas city plaza picture car rental places at eagle county airport illinois cd rate all inclusive vacation packages north carolina discounted airline fares links spyware finder crystal falls inn marriott hotels and resorts best time to travel in italy car rental orlando omni royal crescent hotel new orleans luxury rental cars san francisco los angeles county library discounted hotel rates in kauai michigan lupus foundation extended stay hotels phoenix arizona unlisted phone illinois physician license verification power 105.1 mythological names my jal nextel ringtones no credit check rentals laser engraver programa para capturar video illinois insurance agent licensing sex robot dilly angeles listing los movie travel advisories domain http easy money review preoperative care free verizon lg vx4400b ringtones simple and clean amber michaels kayla kleevage train birthday party supplies boost mobile phone prepaid lawnboy lawnmower parts panochas wish you were here internet statistics airline tickets to pakistan http computer sale provisional licence like moment music this video the hun yellow pages cocks and pussy abk music video yosemite hotels vita guerrera pics julie ann gerhard age of empires crack xp sitemap url cartoon bestiality leanna foxxx commonwealth bank of australia gucci purse room air conditioner avant makin good love music video gina lynn male genital exam videos index

Setting up LDAP Authentication

The way it works

To be able to authenticate your TUTOS users with a LDAP server, you will have first to configure the way to authenticate via this server, then to create the TUTOS users.

There's not one way of doing LDAP authentication, and you will need to know how LDAP is configured on your server to be able to configure it for TUTOS.

The scheme is always the same, you send the user name and password to the server, and it will accept or reject the connection. But here's 3 diferents ways of doing that with a LDAP server :

  1. Anonymous bind
You connect as the anonymous user on the LDAP server, then you retrieve the user name and passwd, in order to compare them to the given values ;
  1. User bind
You try to connect the LDAP server directly with the given user name and passwd, and you will get an accept or reject response ;
  1. Admin bind
On some LDAP servers, you will have to connect as admin to be able to get the password info. Once connected as an admin, you get the user informations just as in the anonymous bind case.

Of course, for each of those cases, the password can be stored « as is » or encrypted.

How to configure it

After reading the first part, the config options should be easy to set up. So here are the parts of the config file to edit :

config.pinc : enable the LDAP authentication

# LDAP configuration
#
# 0 = check standard database
# 1 = check ldauthserver for password verification 
$tutos[ldapauth] = 0;

config.pinc : say if the passwords are encrypted or not

# encrypted passwords 
# 1 = yes
$tutos[ldapauth_pw_enc] = 1;

config.pinc : The server host and port parameters...

$tutos[ldapauthserver]['host'] = "scd2ldap.siemens.net";
$tutos[ldapauthserver]['port'] = 389;

config.pinc : LDAP paths

$tutos[ldapauthserver]['basedn'] =  "ou=mail,ou=user,o=cvf";
$tutos[ldapauthserver]['userdn'] = "uid";

LDAP paths, without such an info you can't find the user infos on the server. If you don't know those values, just ask your LDAP admin. Here the userdn is the last part of the DN, in the example given we would find :

uid=username,ou=mail,ou=user,o=cvf

We still have to separate those values because of the way LDAP search and binding works.

config.pinc : LDAP auth for server connection

# use given user/passwd pair to bind the LDAP server 
# 0 = no
# 1 = yes
$tutos[ldapauth_user] = 0;

If you set this option, we will use the user name and password to connect to the LDAP tree.

config.pinc : LDAP anonymous server connection

# do anonymous bind to ldpauthserver
# 1 = yes
# 0 = use tutos[ldapauthserver]['binddn']
#     and tutos[ldapauthserver]['passwd']
$tutos[ldapauth_anonymous] = 1;

Here you can choose to make an anonymous bind to the LDAP server...

config.pinc : LDAP anonymous server connection

$tutos[ldapauthserver]['binddn'] = "ou=adminprs,ou=ldap,ou=user,o=cvf";
$tutos[ldapauthserver]['passwd'] = "h4ckm3";

In the case you would have to bind the LDAP server as an admin, you will have to provide another LDAP path, wich correspond to the admin (or say, privileged user) username. Then there is his password.

Adding the users to the tutos database

Now you have set up the authentication process, you still can't use TUTOS. In fact you can login, but nothing happens. You have to create TUTOS users with the same login as the LDAP ones.

I've made a php script to do that, ldap_getdata.php in php/admin directory. As LDAP structure can be really different from one company to another, this script is far from generic, but works well here !

You should make it fit with your own LDAP structure and then get all the wanted user to be created in TUTOS. If you have any clue about how to make this script generic, please feel free to contribute, by either sending us a patch, or telling us how to do that.