meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
ldap [2018/07/30 13:14] niziakldap [2020/04/14 12:55] (current) niziak
Line 1: Line 1:
 +====== LDAP ======
 +
 [[http://www.zytrax.com/books/ldap/|LDAP for Rocket Scientists]] [[http://www.zytrax.com/books/ldap/|LDAP for Rocket Scientists]]
  
Line 30: Line 32:
   * //0.9.2342.19200300.100.1.25=Example,0.9.2342.19200300.100.1.25=Com//   * //0.9.2342.19200300.100.1.25=Example,0.9.2342.19200300.100.1.25=Com//
  
-====== Components ======+====== DN Components ======
  
   * **dc** - domain component dc=company,dc=org (domain is **company.org**)   * **dc** - domain component dc=company,dc=org (domain is **company.org**)
Line 37: Line 39:
   * **displayName** - one line summary (for people can be the same as **cn**)   * **displayName** - one line summary (for people can be the same as **cn**)
  
 +====== objectClassess ======
 +
 +Are predefined containers for **attributes**. For example OpenLDAP's "Generic: User Account" assigns **"inetOrgPerson"** class.
 +  * inetOrgPerson
 +    * **cn**, **sn** - as required attributes
 +    * lots of optional attributes like: "photo", "displayName", "uid", "postalCode", "telephoneNumber"
 +
 +====== common attributes ======
 +And container classes:
 +  * cn,sn (inetOrgPerson)
 +  * mail=rfc822Mailbox (inetOrgPerson)
 +  * uid=userid (inetOrgPerson)
 +  * userPassword (person, posixAccount, simpleSecurityObject)
 +    * hash: SSHA
 +  * displayName (inetOrgPerson)
  
 ====== Structure design ====== ====== Structure design ======
  
-  * **cn** collisions. Two people may have the same first and last name. Grouping under different parent is necessary (**ou**). +  * Unique name for each entry 
-  * user can belong only to one **ou**.  +      * **cn** collisions. Two people may have the same first and last name. Grouping under different parent is necessary (**ou**). 
-  * People can change: +      * user can belong only to one **ou**.  
-      * names - Do not rename entries, use some unique id like serial number+  * Stability of structure, but **people can change**
 +      * names - Do not rename entries, use some unique id like serial number. I.e. //"uid=00003,ou=People, dc=example, dc=com"//.
       * position - departments - do not put users under specific departments (deep tree), better is to put it into one group and then use a attribute       * position - departments - do not put users under specific departments (deep tree), better is to put it into one group and then use a attribute
         to structurize and group users.         to structurize and group users.
-  * security - seprate some information by grouping it under another **ou**                +  * security - separate some information by grouping it under another **ou**      
 [[http://www.ldapman.org/articles/tree_design.html]] [[http://www.ldapman.org/articles/tree_design.html]]
  
Line 53: Line 72:
   * dc=company,dc=org   * dc=company,dc=org
       * ou=people       * ou=people
-        * cn=John Doe +        * uid=jdoe 
-        * cn=Joe Black+            * cn=John Doe 
 +            * cn=Johny 
 +            * sn=Doe 
 +            * mail=john.doe@company.org 
 +            * mail=j.doe@company.org 
 +        * uid=jblack 
 +            * cn=Joe Black 
 +            * sn=Black 
 +            * ou=software 
 +      * ou=software
       * ou=customers       * ou=customers
         * cn=Google         * cn=Google
Line 60: Line 88:
       * ou=devices       * ou=devices
       * ou=it       * ou=it
 +          * uid=nextcloudsystemuser,cn=nextcloudsystemuser,userPassword=...
           * root,www ,etc           * root,www ,etc
       * ou=location       * ou=location