LDAP - Light Directory Accessing Protocol - Reading Notes
来源:互联网 发布:低头族数据 编辑:程序博客网 时间:2024/06/04 22:02
Definition and Resources
- Description: [wiki,baidubaike, RFC4511]
- LDAP Server: openldap
- Use Ruby gem 'ActiveLdap' as LDAP client: ActiveLDAP
Introduction
All the following example are based on "Practical Ruby for System Administration", Section 7.2.1
Start Ldap Server on Local Host
Install OpenLdap
use step1 - step 7 from quick start to install OpenLdap.
Start Ldap Server
Use the following to slapd.conf start Open Ldap.
#slapd.conf
include /usr/local/etc/openldap/schema/core.schemainclude /usr/local/etc/openldap/schema/cosine.schemainclude /usr/local/etc/openldap/schema/nis.schemadatabase bdbsuffix "dc=imaginarycorp,dc=com"rootdn "cn=Manager,dc=imaginarycorp,dc=com"rootpw secretdirectory /usr/local/var/openldap-data
use -d option to display debug information while starting the server:
sudo /usr/local/libexec/slapd -d255
Add Entries by LDIF
Here only display the results from 'ldapsearch' command:
[10:52 luckyvan@luckyvan-VirtualBox openldap-2.4.35] > ldapsearch -x -b 'dc=imaginarycorp,dc=com' '(objectclass=*)'
# extended LDIF## LDAPv3# base <dc=imaginarycorp,dc=com> with scope subtree# filter: (objectclass=*)# requesting: ALL## imaginarycorp.comdn: dc=imaginarycorp,dc=comobjectClass: domainobjectClass: topdc: imaginarycorp# Users, imaginarycorp.comdn: ou=Users,dc=imaginarycorp,dc=comobjectClass: organizationalUnitobjectClass: topou: Users# Groups, imaginarycorp.comdn: ou=Groups,dc=imaginarycorp,dc=comobjectClass: organizationalUnitobjectClass: topou: Groups# billy, Users, imaginarycorp.comdn: uid=billy,ou=Users,dc=imaginarycorp,dc=comobjectClass: topobjectClass: accountobjectClass: posixAccountuid: billycn: billyuserPassword:: e2NyeXB0fWR1VHg5MWc3UG9OekU=uidNumber: 199995gidNumber: 20homeDirectory: /home/billy# jonny, Users, imaginarycorp.comdn: uid=jonny,ou=Users,dc=imaginarycorp,dc=comobjectClass: topobjectClass: accountobjectClass: posixAccountuid: jonnycn: jonnyuserPassword:: e2NyeXB0fWR1VHg5MWc3UG9OekU=uidNumber: 199996gidNumber: 20homeDirectory: /home/jonny# admin, Groups, imaginarycorp.comdn: cn=admin,ou=Groups,dc=imaginarycorp,dc=comobjectClass: topobjectClass: posixGroupcn: admingidNumber: 20userPassword:: e2NyeXB0fWR1VHg5MWc3UG9OekU=# gopher, Groups, imaginarycorp.comdn: cn=gopher,ou=Groups,dc=imaginarycorp,dc=comobjectClass: topobjectClass: posixGroupcn: gophergidNumber: 21userPassword:: e2NyeXB0fWR1VHg5MWc3UG9OekU=# search resultsearch: 2result: 0 Success# numResponses: 8# numEntries: 7
Common LDAP Schema
Common Errors
Use Ruby 'ActiveLdap' to access a LDAP Server
Gem Install
# gem install activeldap
# gem install net-ldap
Access Example through irb
2.0.0-p0 :001 > require 'active_ldap' => true 2.0.0-p0 :002 > require 'net/ldap' => true 2.0.0-p0 :003 > ActiveLdap::Base.setup_connection :host => 'localhost', :base => "dc=imaginarycorp,dc=com" => nil 2.0.0-p0 :004 > class User < ActiveLdap::Base2.0.0-p0 :005?> ldap_mapping :dn_attribute => "uid", :prefix => "ou=Users", #!! prefix is case sensitive2.0.0-p0 :006 > :classes => ["top", "posixAccount"],2.0.0-p0 :007 > :scope => :one2.0.0-p0 :008?> belongs_to :groups, :class => "Group", :many => "memberUID" #!! fail to establish the relationship between 'User' and 'Group'2.0.0-p0 :009?> end => nil 2.0.0-p0 :010 > User.find(:all, "*") # find all users => [#<User objectClass:<top, account, posixAccount>, must:<cn, gidNumber, homeDirectory, objectClass, uid, uidNumber>, may:<description, gecos, host, l, loginShell, o, ou, seeAlso, userPassword>, cn: ["billy"], commonName: ["billy"], description: [], gecos: [], gidNumber: [20], homeDirectory: ["/home/billy"], host: [], l: [], localityName: [], loginShell: [], o: [], objectClass: ["top", "account", "posixAccount"], organizationName: [], organizationalUnitName: [], ou: [], seeAlso: [], uid: ["billy"], uidNumber: [199995], userPassword: ["{crypt}duTx91g7PoNzE"], userid: ["billy"]>, #<User objectClass:<top, account, posixAccount>, must:<cn, gidNumber, homeDirectory, objectClass, uid, uidNumber>, may:<description, gecos, host, l, loginShell, o, ou, seeAlso, userPassword>, cn: ["jonny"], commonName: ["jonny"], description: [], gecos: [], gidNumber: [20], homeDirectory: ["/home/jonny"], host: [], l: [], localityName: [], loginShell: [], o: [], objectClass: ["top", "account", "posixAccount"], organizationName: [], organizationalUnitName: [], ou: [], seeAlso: [], uid: ["jonny"], uidNumber: [199996], userPassword: ["{crypt}duTx91g7PoNzE"], userid: ["jonny"]>] 2.0.0-p0 :011 > class Group < ActiveLdap::Base2.0.0-p0 :012?> ldap_mapping :dn_attribute => "cn", :prefix => "ou=Groups",2.0.0-p0 :013 > :classes => ["top", "posixGroup"],2.0.0-p0 :014 > :scope => :one2.0.0-p0 :015?> has_many :users, :class => "User", :wrap => "memberUID"2.0.0-p0 :016?> end => nil 2.0.0-p0 :017 > Group.find(:all, "*") # find all groups => [#<Group objectClass:<top, posixGroup>, must:<cn, gidNumber, objectClass>, may:<description, memberUid, userPassword>, cn: ["admin"], commonName: ["admin"], description: [], gidNumber: [20], memberUid: [], objectClass: ["top", "posixGroup"], userPassword: ["{crypt}duTx91g7PoNzE"]>, #<Group objectClass:<top, posixGroup>, must:<cn, gidNumber, objectClass>, may:<description, memberUid, userPassword>, cn: ["gopher"], commonName: ["gopher"], description: [], gidNumber: [21], memberUid: [], objectClass: ["top", "posixGroup"], userPassword: ["{crypt}duTx91g7PoNzE"]>] 2.0.0-p0 :018 > billy = User.find "billy" => #<User objectClass:<top, account, posixAccount>, must:<cn, gidNumber, homeDirectory, objectClass, uid, uidNumber>, may:<description, gecos, host, l, loginShell, o, ou, seeAlso, userPassword>, cn: ["billy"], commonName: ["billy"], description: [], gecos: [], gidNumber: [20], homeDirectory: ["/home/billy"], host: [], l: [], localityName: [], loginShell: [], o: [], objectClass: ["top", "account", "posixAccount"], organizationName: [], organizationalUnitName: [], ou: [], seeAlso: [], uid: ["billy"], uidNumber: [199995], userPassword: ["{crypt}duTx91g7PoNzE"], userid: ["billy"]> 2.0.0-p0 :019 > billy.groups.each{ |g| p g.cn} => [] 2.0.0-p0 :020 > admin = Group.find "admin" => #<Group objectClass:<top, posixGroup>, must:<cn, gidNumber, objectClass>, may:<description, memberUid, userPassword>, cn: ["admin"], commonName: ["admin"], description: [], gidNumber: [20], memberUid: [], objectClass: ["top", "posixGroup"], userPassword: ["{crypt}duTx91g7PoNzE"]> 2.0.0-p0 :021 > admin.users.size # fail to establish relationship exmaple => 0 2.0.0-p0 :022 > class User < ActiveLdap::Base2.0.0-p0 :023?> has_many :users, :class => "User", :wrap => "uid"2.0.0-p0 :024?> ^C2.0.0-p0 :024 > endSyntaxError: (irb):24: syntax error, unexpected keyword_endfrom /home/luckyvan/.rvm/rubies/ruby-2.0.0-p0/bin/irb:16:in `<main>'2.0.0-p0 :025 > class User < ActiveLdap::Base2.0.0-p0 :026?> belongs_to :groups, :class => "Group", :many => "uid"2.0.0-p0 :027?> end => nil 2.0.0-p0 :028 > class Group < ActiveLdap::Base2.0.0-p0 :029?> has_many :users, :class => "User", :wrap => "uid"2.0.0-p0 :030?> end => nil 2.0.0-p0 :031 > billy = User.find("billy") => #<User objectClass:<top, account, posixAccount>, must:<cn, gidNumber, homeDirectory, objectClass, uid, uidNumber>, may:<description, gecos, host, l, loginShell, o, ou, seeAlso, userPassword>, cn: ["billy"], commonName: ["billy"], description: [], gecos: [], gidNumber: [20], homeDirectory: ["/home/billy"], host: [], l: [], localityName: [], loginShell: [], o: [], objectClass: ["top", "account", "posixAccount"], organizationName: [], organizationalUnitName: [], ou: [], seeAlso: [], uid: ["billy"], uidNumber: [199995], userPassword: ["{crypt}duTx91g7PoNzE"], userid: ["billy"]> 2.0.0-p0 :032 > billy.groups.size => 0 2.0.0-p0 :033 > fred = User.new "fred" # new a user named fred => #<User objectClass:<top, posixAccount>, must:<cn, gidNumber, homeDirectory, objectClass, uid, uidNumber>, may:<description, gecos, loginShell, userPassword>, cn: [], commonName: [], description: [], gecos: [], gidNumber: [], homeDirectory: [], loginShell: [], objectClass: ["top", "posixAccount"], uid: ["fred"], uidNumber: [], userPassword: [], userid: ["fred"]> 2.0.0-p0 :034 > fre.uid_number = 1014NameError: undefined local variable or method `fre' for main:Objectfrom (irb):34from /home/luckyvan/.rvm/rubies/ruby-2.0.0-p0/bin/irb:16:in `<main>'2.0.0-p0 :035 > fred.uid_number = 1014 => 1014 2.0.0-p0 :036 > fred.gid_number = 21 => 21 2.0.0-p0 :037 > fred.home_directory = "/home/fred" => "/home/fred" 2.0.0-p0 :038 > raise fred.errors.full_messages.join(", ") unless fred.save # fail to add fred due to lack of 'cn' attributesRuntimeError: Cn is required attribute by objectClass 'posixAccount': aliases: commonNamefrom (irb):38from /home/luckyvan/.rvm/rubies/ruby-2.0.0-p0/bin/irb:16:in `<main>'2.0.0-p0 :039 > fred.cn = "fred" => "fred" 2.0.0-p0 :040 > raise fred.errors.full_messages.join(", ") unless fred.save # fail to add fred due to authenticationActiveLdap::StrongAuthenticationRequired: unknown result (8): uid=fred,ou=Users,dc=imaginarycorp,dc=com
- LDAP - Light Directory Accessing Protocol - Reading Notes
- LDAP(Light Directory Access Protocol,轻量级目录访问协议
- LDAP Injection (Lightweight Directory Access Protocol Injection)
- Reading Notes
- Reading Notes
- LDAP Notes
- [reading notes] css W3school reading notes
- PBRT reading notes 1
- PBRT reading notes 2
- PBRT reading notes 3
- sdk reading notes
- book reading notes
- Reading Notes of SICP_01
- qualcomm mdp4 reading notes
- qualcomm mdp4 reading notes
- Reading Notes: 《拖延心理学》
- http cache reading notes
- Unity Reading Notes
- FAQ of oracle8
- 9个offer,12家公司,35场面试,从微软到谷歌
- JQuery的hover函数
- FAQ of oracle 9
- 四 应用层(二)www和http协议
- LDAP - Light Directory Accessing Protocol - Reading Notes
- 使JfreeChart横坐标数据换行显示
- Android数据存储——2.文件存储_A_文本文件
- Android Task概念以及相关
- QT学习(六)----360界面实现(修改)
- STM32F10x 之GPIO
- CAS分析
- JaveWeb+SSM入门学习资料整理
- 【玩味】警察抓逃犯