Difference between revisions of "LDAP"
m (adding server) |
|||
(2 intermediate revisions by the same user not shown) | |||
Line 9: | Line 9: | ||
|location = | |location = | ||
|git = dockerfiles/ldap | |git = dockerfiles/ldap | ||
+ | |server = ravenholm | ||
}} | }} | ||
'''LDAP''' is our centralized authentication solution. You'll receive credentials when becoming a member. You can use them to authenticate in most of our services. As of February 2020 the only possibility to change your password is logging into the [[userbox]] and changing your password using <code>passwd</code>. | '''LDAP''' is our centralized authentication solution. You'll receive credentials when becoming a member. You can use them to authenticate in most of our services. As of February 2020 the only possibility to change your password is logging into the [[userbox]] and changing your password using <code>passwd</code>. | ||
+ | |||
+ | == Enabling LDAP authentication == | ||
+ | To enable a service for LDAP authentication, you need to create a Service Account first. This can be done on [[ravenholm]], using shelldap. within <code>ou=Services,ou=People</code> you can create a service account using <code>touch</code> and modify it using <code>edit</code>. Within the authentication configuration of your service you need to specify the full hierarchy as the account name, e.g. <code>uid=example,ou=Services,ou=People,o=zombi</code>. The base DN for authentication is <code>ou=People,o=zombi</code>. The login attribute is the <code>uid</code>. | ||
{{authentication}} | {{authentication}} |
Latest revision as of 04:43, 16 October 2020
LDAP status: stable | |
---|---|
Description | central authentication service |
Maintainer | User:paul |
Gitlab | dockerfiles/ldap |
Running on | ravenholm |
LDAP is our centralized authentication solution. You'll receive credentials when becoming a member. You can use them to authenticate in most of our services. As of February 2020 the only possibility to change your password is logging into the userbox and changing your password using passwd
.
Enabling LDAP authentication
To enable a service for LDAP authentication, you need to create a Service Account first. This can be done on ravenholm, using shelldap. within ou=Services,ou=People
you can create a service account using touch
and modify it using edit
. Within the authentication configuration of your service you need to specify the full hierarchy as the account name, e.g. uid=example,ou=Services,ou=People,o=zombi
. The base DN for authentication is ou=People,o=zombi
. The login attribute is the uid
.
Usage
This Authentication method is used by the following Services:
URL"URL" is a type and predefined property provided by Semantic MediaWiki to represent URI/URL values. | |
---|---|
Git/Gitea | https://gitea.zom.bi |
Git/Gitlab | https://git.zom.bi |
https://mail.zom.bi | |
Matrix | https://riot.zom.bi |
Nextcloud | https://cloud.zom.bi |
OpenVPN Certificates | https://ovpn.zom.bi |
Organizer | https://org.zom.bi |
Portainer | http://10.0.0.1:9000 |
Redmine | https://tickets.zom.bi |
Userbox | [ssh:zom.bi:2233 ssh:zom.bi:2233] |
Wiki | https://w.zom.bi |
XMPP | xmpp:zom.bi |
ZNC | https://irc.zom.bi |