LDAP configuration backend

Presentation

You can choose to store LemonLDAP::NG configuration in an LDAP directory.

image0

Advantages:

  • Easy to share between servers with remote LDAP access
  • Easy to duplicate with LDAP synchronization services (like SyncRepl in OpenLDAP)
  • Security with SSL/TLS
  • Access control possible by creating one user for Manager (write) and another for portal and handlers (read)
  • Easy import/export through LDIF files

The configuration will be store under a specific branch, for example ou=conf,ou=applications,dc=example,dc=com.

Each configuration will be represented as an entry, which structural objectClass is by default applicationProcess. The configuration name is the same that files, so lmConf-1, lmConf-2, etc. This name is used in entry DN, for example cn=lmConf-1,ou=conf,ou=applications,dc=example,dc=com.

Then each parameter is one value of the attribute description, prefixed by its key. For example {ldapPort}389.

The LDIF view of such entry can be:

dn: cn=lmConf-1,ou=conf,ou=applications,dc=example,dc=com
objectClass: top
objectClass: applicationProcess
cn: lmConf-1
description: {globalStorage}'Apache::Session::File'
description: {cookieName}'lemonldap'
description: {whatToTrace}'$uid'
...

Configuration

LDAP server

Configuration objects use standard object class: applicationProcess. This objectClass allow attributes cn and description. If your LDAP server do not manage this objectClass, configure other objectclass and attributes (see below).

We advice to create a specific LDAP account with write access on configuration branch.

Next create the configuration branch where you want. Just remember its DN for LemonLDAP::NG configuration.

LemonLDAP::NG

Configure LDAP configuration backend in lemonldap-ng.ini, section [configuration]:

type = LDAP
ldapServer = ldap://localhost
ldapConfBase = ou=conf,ou=applications,dc=example,dc=com
ldapBindDN = cn=manager,dc=example,dc=com
ldapBindPassword = secret
ldapObjectClass = applicationProcess
ldapAttributeId = cn
ldapAttributeContent = description

Parameters:

  • ldapServer: LDAP URI of the server
  • ldapConfBase: DN of configuration branch
  • ldapBindDN: DN used to bind LDAP
  • ldapBindPassword: password used to bind LDAP
  • ldapObjectClass: structural objectclass of configuration entry (optional)
  • ldapAttributeId: RDN attribute of configuration entry (optional)
  • ldapAttributeContent: attribute used to store configuration values, must be multivalued (optional)