LDAPServerConfiguration

Created by: Lester Caine, Last modification: 19 Apr 2009 (11:17 UTC)
This is just a holding page for the moment for links to useful articles about LDAP configuration.


I the SUSE package manager has been quite helpful in ensuring the right packages are loaded, but different distributions are obviously going to require different setup information.

The starting point is to build a user database which can be accessed to look up user names and passwords. The starting point for this is an information tree starting with your top level identifier. This is normally the domain name for the site, for instance 'dc=bitweaver,dc=org' This page provides a nice summary on deciding on a base setting

phpLDAPAdmin is displaying the default set-up that SUSE has provided and this is making things easier to understand. The key to much of the information are the schema outlines which can be accessed from the main menu. And the inetOrgPerson, all of the fields for a 'person' record are listed, and this has been used as the basis for the login lookup.

SUSE has created three 'organisational units' (ou) records under the main tree, group ( which is empty ), ldapconfig - which has information for suse account settings, and is obviously needed to allow ldap login to suse, and people, below which I have created a 'group' called users. This proved necessary in order to create people entries in this branch. There is a restriction applied which requires that a unix like group id is available for each user record.

So we have a BaseDN of 'dc=bitweaver,dc=org'
and a UserDN of 'cn=users,ou=people'
Although I suspect that the 'cn=users' section may need to be handled by the Group settings in the LDAP authentication.

The three fields that should be provided via the inetOrgPerson record are cn, mail, and displayName, but these can be overriden in the settup page for the LDAP plugin.