Line 1: |
Line 1: |
| + | {{mbox |type=warning |text=This information is out of date. [[IT Infrastructure|Up-to-date IT information can be found here]] }} |
| + | |
| External services that authenticate users often use Ldap for authentication. | | External services that authenticate users often use Ldap for authentication. |
| | | |
Line 74: |
Line 76: |
| | | |
| ldapsearch is a handy tool that is part of open ldap. You can query some handy information out of our ldap servers as follows if you have an account to bind with: | | ldapsearch is a handy tool that is part of open ldap. You can query some handy information out of our ldap servers as follows if you have an account to bind with: |
| + | |
| + | You may need to set LDAPTLS_REQCERT=allow before those commands. |
| | | |
| #list laser cutter certified: | | #list laser cutter certified: |
− | ldapsearch -ZZ -v -x -H ldap://bob.ad.pumpingstationone.org -b "DC=ad,DC=pumpingstationone,DC=org" -D "PS1\myuser" -W "CN=Laser Engraver Certified" | + | ldapsearch -v -x -H ldaps://bob.ad.pumpingstationone.org -b "DC=ad,DC=pumpingstationone,DC=org" -D "PS1\myuser" -W "CN=Laser Engraver Certified" |
| #list domain Admins | | #list domain Admins |
− | ldapsearch -ZZ -v -x -H ldap://bob.ad.pumpingstationone.org -b "CN=Users,DC=ad,DC=pumpingstationone,DC=org" -D "PS1\myuser" -W "CN=Domain Admins" | + | ldapsearch -v -x -H ldaps://bob.ad.pumpingstationone.org -b "CN=Users,DC=ad,DC=pumpingstationone,DC=org" -D "PS1\myuser" -W "CN=Domain Admins" |
| + | |
| + | |
| + | Remember you can use space.pumpingstationone.org if it is outside PS1 network. |
| | | |
| == Apache mod_authnz_ldap == | | == Apache mod_authnz_ldap == |
Line 165: |
Line 172: |
| auth_ldap "AD authentication"; | | auth_ldap "AD authentication"; |
| auth_ldap_servers BOB; | | auth_ldap_servers BOB; |
| + | |
| + | [[Category: Systems Group]] |