LDAP notes

From Noah.org
Jump to navigationJump to search


Name Service Switch (NSSwitch)

On Linux machines review getent and /etc/nsswitch.conf as the NSS facility often delegates name lookups to LDAP sources. For example, /etc/nsswitch.conf is often configured as show below. When the GNU C Library (glibc) is asked for lookups in system databases (such as users and groups) it will use the NSS facility to decide where to look up names. The configuration below tells glibc to first look in a local file followed by LDAP. 

# /etc/nsswitch.conf
passwd:         files ldap
group:          files ldap
shadow:         files ldap

Ubuntu install

aptitude install slapd python-ldap ldap-utils ldapscripts ldaptor-utils ldaptor-doc libldap2-dev

use LDAP for login

aptitude install libpam-ldap

misc notes

https://help.ubuntu.com/community/OpenLDAPServer 

ldapsearch -x -LLL "cn=noah"

dpkg-reconfigure slapd

Simple authentication without SASL: 

ldapsearch -x -LLL "cn=admin"

/etc/ldap/ldap.conf

BASE        dc=digg,dc=internal
URI         ldaps://admin.digg.internal
TLS_REQCERT never

Python LDAP

import sys, os, ldap
options = [(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)]
bind_password = 'XXX'
ldap.set_option(*options[0]) # same as ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
conn=ldap.initialize('ldaps://admin.digg.internal/',trace_level=2, trace_file=sys.stdout)
conn.simple_bind_s("uid=noah,ou=Users,dc=digg,dc=internal", bind_password)
conn.search_s('dc=digg,dc=internal',ldap.SCOPE_SUBTREE,'(uid=noah)') # Dump just Noah's account info
conn.search_s('dc=digg,dc=internal',ldap.SCOPE_SUBTREE,'(uid=*)')    # Dump info on all accounts
Retrieved from "https://www.noah.org/mediawiki-1.34.2/index.php?title=LDAP_notes&oldid=9127"