Difference between revisions of "LDAP"
Tags: Mobile web edit Mobile edit |
|||
| Line 11: | Line 11: | ||
}} | }} | ||
'''LDAP''' is our centralized authentication solution. You'll receive credentials when becoming a member. You can use them to authenticate in most of our services. As of February 2020 the only possibility to change your password is logging into the [[userbox]] and changing your password using <code>passwd</code>. | '''LDAP''' is our centralized authentication solution. You'll receive credentials when becoming a member. You can use them to authenticate in most of our services. As of February 2020 the only possibility to change your password is logging into the [[userbox]] and changing your password using <code>passwd</code>. | ||
| + | |||
| + | == Enabling LDAP authentication == | ||
| + | To enable a service for LDAP authentication, you need to create a Service Account first. This can be done on [[ravenholm]], using shelldap. within <code>ou=Services,ou=People</code> you can create a service account using <code>touch</code> and modify it using <code>edit</code>. Within the authentication configuration of your service you need to specify the full hierarchy as the account name, e.g. <code>uid=example,ou=Services,ou=People,o=zombi</code>. The base DN for authentication is <code>ou=People,o=zombi</code>. The login attribute is the<code>uid</code>. | ||
{{authentication}} | {{authentication}} | ||
Revision as of 13:55, 13 May 2020
| LDAP status: stable | |
|---|---|
| Description | central authentication service |
| Maintainer | User:paul |
| Gitlab | dockerfiles/ldap |
LDAP is our centralized authentication solution. You'll receive credentials when becoming a member. You can use them to authenticate in most of our services. As of February 2020 the only possibility to change your password is logging into the userbox and changing your password using passwd.
Enabling LDAP authentication
To enable a service for LDAP authentication, you need to create a Service Account first. This can be done on ravenholm, using shelldap. within ou=Services,ou=People you can create a service account using touch and modify it using edit. Within the authentication configuration of your service you need to specify the full hierarchy as the account name, e.g. uid=example,ou=Services,ou=People,o=zombi. The base DN for authentication is ou=People,o=zombi. The login attribute is theuid.
Usage
This Authentication method is used by the following Services:
| URL"URL" is a type and predefined property provided by Semantic MediaWiki to represent URI/URL values. | |
|---|---|
| Git/Gitea | https://gitea.zom.bi |
| Git/Gitlab | https://git.zom.bi |
| https://mail.zom.bi | |
| Matrix | https://riot.zom.bi |
| Nextcloud | https://cloud.zom.bi |
| OpenVPN Certificates | https://ovpn.zom.bi |
| Organizer | https://org.zom.bi |
| Portainer | http://10.0.0.1:9000 |
| Redmine | https://tickets.zom.bi |
| Userbox | [ssh:zom.bi:2233 ssh:zom.bi:2233] |
| Wiki | https://w.zom.bi |
| XMPP | xmpp:zom.bi |
| ZNC | https://irc.zom.bi |
