LDAP notes
From Noah.org
Jump to navigationJump to search
Contents
Name Service Switch (NSSwitch)
On Linux machines review getent and /etc/nsswitch.conf as the NSS facility often delegates name lookups to LDAP sources. For example, /etc/nsswitch.conf is often configured as show below. When the GNU C Library (glibc) is asked for lookups in system databases (such as users and groups) it will use the NSS facility to decide where to look up names. The configuration below tells glibc to first look in a local file followed by LDAP.
# /etc/nsswitch.conf passwd: files ldap group: files ldap shadow: files ldap
Ubuntu install
aptitude install slapd python-ldap ldap-utils ldapscripts ldaptor-utils ldaptor-doc libldap2-dev
use LDAP for login
aptitude install libpam-ldap
misc notes
https://help.ubuntu.com/community/OpenLDAPServer
ldapsearch -x -LLL "cn=noah"
dpkg-reconfigure slapd
Simple authentication without SASL:
ldapsearch -x -LLL "cn=admin"
/etc/ldap/ldap.conf
BASE dc=digg,dc=internal URI ldaps://admin.digg.internal TLS_REQCERT never
Python LDAP
import sys, os, ldap options = [(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)] bind_password = 'XXX' ldap.set_option(*options[0]) # same as ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) conn=ldap.initialize('ldaps://admin.digg.internal/',trace_level=2, trace_file=sys.stdout) conn.simple_bind_s("uid=noah,ou=Users,dc=digg,dc=internal", bind_password) conn.search_s('dc=digg,dc=internal',ldap.SCOPE_SUBTREE,'(uid=noah)') # Dump just Noah's account info conn.search_s('dc=digg,dc=internal',ldap.SCOPE_SUBTREE,'(uid=*)') # Dump info on all accounts