Outils d'utilisateurs

Outils du Site


projets:openbsdldap

Centralised LDAP-based Authentication on OpenBSD

FIXME This is a very incomplete work in progress.

:!: Since 4.8, OpenBSD comes with a simple ldapd(8) with just what's needed for user authentication (currently working with ownCloud and Wordpress).

LDAP Subsystem

Server

Installation

$ sudo pkg_add openldap-server

Configuration

# /etc/openldap/slapd.conf
...
pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args
...
suffix          "dc=narf,dc=net"
rootdn          "cn=Manager,dc=narf,dc=net"
rootpw          {SSHA}SEE_BELOW

The root password is generated using slappasswd.

$ /usr/local/sbin/slappasswd
New password:
Re-enter new password:
{SSHA}SEE_BELOW

The files in /var/run have to be created beforehand

$ sudo touch /var/run/slapd.{pid,args}
$ sudo chown _openldap:_openldap /var/run/slapd.{pid,args}

Startup

# /etc/rc.local
...
if [ "$slapd_flags" != "NO" -a -x /usr/local/libexec/slapd ]; then
    install -d -o _openldap /var/run/openldap
    /usr/local/libexec/slapd $slapd_flags
    echo -n ' slapd'
fi
# /etc/rc.conf.local 
...
slapd_flags="-u _openldap" # -h ldap:// ldaps://

Clients

$ sudo pkg_add openldap-client
# /etc/openldap/ldap.conf 
...
BASE   dc=narf, dc=net
URI    ldap://ldap.narf.ssji.net # I'd like to *really* have narf.net...

Testing the Setup

$ ldapsearch -x -b 'dc=narf,dc=net' '(objectclass=*)'

Monitoring Changes on System Files

# /etc/changelist
...
+/etc/openldap/sldap.conf
/etc/openldap/ldap.conf

System Integration

User Logins

:!: Last time this solution was tried, on the LDAP-server running machine, it resulted in lockups at boot as the system hung trying to get users entry from the not-started-yet LDAP server.

Apache

Others?

  • Trac
  • SMTPd

References

projets/openbsdldap.txt · Dernière modification: 2014/04/09 01:50 par oliviermehani