visionwiki

User Tools

Site Tools

Trace: sto3_openldap
sto3_openldap

Table of Contents

openLDAP

We use openLDAP for central user/group authentication.

configuration

the base configuration of LDAP is as follows : 

dn: dc=visielab,dc=be
objectClass: top
objectClass: dcObject
objectClass: organization
o: uantwerpen
dc: visielab
structuralObjectClass: organization

dn: cn=admin,dc=visielab,dc=be
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9emdJcVpQUW1RUmYrNVRvZmp1K2o4SEZrWnk5NFovQjI=
structuralObjectClass: organizationalRole

dn: ou=People,dc=visielab,dc=be
objectClass: organizationalUnit
ou: People
structuralObjectClass: organizationalUnit
entryUUID: 2c2dcb08-ba3b-1037-8cb5-05243b87b858

dn: ou=Groups,dc=visielab,dc=be
objectClass: organizationalUnit
ou: Groups
structuralObjectClass: organizationalUnit

The password for the LDAP administrator is •••••••••• The backend used for openLDAP is mdb. The database is in the directory /var/lib/ldap/.
The configuration of the ldap server can be found here → /etc/ldap . Extra schema's have been added, for autofs and samba. I followed this excellent howtoo → https://help.ubuntu.com/lts/serverguide/samba-ldap.html
Don't forget to install the smbldap-tools ! These will be used to add users, groups, modify passwords, shells, etc. They act on the samba accounts as well as the unix accounts at the same time.

autofs

We will use autofs to automount the users homedir, when a user logs in. The next entries are needed to get autofs to work with openldap: 

root@sto3:~# cat automounttree.ldif 
dn: ou=adminm,dc=visielab,dc=be
ou: adminm
objectClass: top
objectClass: organizationalUnit

dn: ou=automount,ou=adminm,dc=visielab,dc=be
ou: automount
objectClass: top
objectClass: organizationalUnit

dn: ou=auto.master,ou=automount,ou=adminm,dc=visielab,dc=be
ou: auto.master
objectClass: top
objectClass: automountMap


dn: cn=/data/home,ou=auto.master,ou=automount,ou=adminm,dc=visielab,dc=be
cn: /data/home
objectClass: top
objectClass: automount
automountInformation: ldap:ou=auto.home,ou=automount,ou=adminm,dc=visielab,dc=be --timeout=60 --ghost


dn: ou=auto.home,ou=automount,ou=adminm,dc=visielab,dc=be
ou: auto.home
objectClass: top
objectClass: automountMap

For a user to be able to automount his homedir, the next entry is also needed , in this case for a user named testuser2 

dn: cn=testuser2,ou=auto.home,ou=automount,ou=adminm,dc=visielab,dc=be
cn: testuser2
objectClass: top
objectClass: automount
automountInformation: -intr sto3-visiesrv-fast:/data/home/testuser2

sto3-visiesrv-fast is the ip address of the storage server but via the fast 10GB interface, in this case 10.0.0.10. Best to define this in the host file of the server where you want to work on.

sto3_openldap.txt · Last modified: 2018/04/13 08:18 by 143.169.49.101

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki