Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
tutorial:ldap:installopenldap [2016-04-03 22:58] weichbr [Enabling TLS] |
tutorial:ldap:installopenldap [2019-08-14 19:43] (current) weichbr |
||
---|---|---|---|
Line 16: | Line 16: | ||
* '' | * '' | ||
* '' | * '' | ||
+ | * '' | ||
---- | ---- | ||
Line 65: | Line 65: | ||
* Create '' | * Create '' | ||
* < | * < | ||
- | dn: ou=people, | + | dn: ou=people, |
objectClass: | objectClass: | ||
ou: people | ou: people | ||
- | dn: ou=groups, | + | dn: ou=groups, |
objectClass: | objectClass: | ||
ou: groups | ou: groups | ||
Line 77: | Line 77: | ||
---- | ---- | ||
+ | |||
===== Enforce Authorization ===== | ===== Enforce Authorization ===== | ||
* We do not want our directory to be world readable, so we need to setup some ACLs | * We do not want our directory to be world readable, so we need to setup some ACLs | ||
Line 137: | Line 138: | ||
* < | * < | ||
* Users now need to authenticate to read the directory, like this: | * Users now need to authenticate to read the directory, like this: | ||
- | * < | + | * < |
---- | ---- | ||
+ | |||
===== Enabling TLS ===== | ===== Enabling TLS ===== | ||
* Make sure you have the following files: | * Make sure you have the following files: | ||
Line 189: | Line 191: | ||
* Users now need to use STARTTLS (e.g. with '' | * Users now need to use STARTTLS (e.g. with '' | ||
* < | * < | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== Add an admin group ==== | ||
+ | * We do not want to give every admin the admin account credentials | ||
+ | * We need an admin group which all admins are a member of | ||
+ | * We can give this group manage permissions | ||
+ | * I assume you already have created a '' | ||
+ | * Take a look at the ldif to enforce authorization and change it to this: | ||
+ | * < | ||
+ | dn: olcDatabase={1}mdb, | ||
+ | changetype: modify | ||
+ | delete: olcAccess | ||
+ | olcAccess: {3} | ||
+ | - | ||
+ | add: olcAccess | ||
+ | olcAccess: {3}to * | ||
+ | by dn=" | ||
+ | by set=" | ||
+ | by self write | ||
+ | by anonymous auth | ||
+ | by users read | ||
+ | - | ||
+ | </ | ||
+ | * Apply it like above |