LDAP configuration backend

Available for LemonLDAP::NG >= 0.9.4

Presentation

You can choose to store LemonLDAP::NG configuration in an LDAP directory.

Advantages: The configuration will be store under a specific branch, for example ou=conf,ou=applications,dc=example,dc=com.

Each configuration will be represented as an entry, which strucutral objectClass is applicationProcess. This objectClass is included in every core schemas.

The configuration name is the same that files, so lmConf-1, lmConf-2, etc. This name is used in entry DN, for example cn=lmConf-1,ou=conf,ou=applications,dc=example,dc=com.

Then each parameter is one value of the attribute description, prefixed by its key. For example {ldapPort}389.

The LDIF view of such entry can be:

dn: cn=lmConf-1,ou=conf,ou=applications,dc=example,dc=com
objectClass: top
objectClass: applicationProcess
cn: lmConf-1
description: {globalStorage}'Apache::Session::File'
description: {cookieName}'lemonldap'
description: {whatToTrace}'$uid'
description: {exportedVars}'$data1 = {'uid' => 'uid','cn' => 'cn','mail' => 'mail'};'
description: {ldapPort}389
description: {authentication}'ldap'
description: {locationRules}'$data1 = {'test2.example.com' => {'default' => 'accept','^/logout' => 'logout_sso http://auth.example.com'},'test1.example.com' => {'default' => 'accept','^/logout' => 'logout_sso http://auth.example.com'}};'
description: {domain}'example.com'
description: {timeout}7200
description: {groups}'$data1 = {};'
description: {portal}'http://auth.example.com/'
description: {ldapServer}'localhost'
description: {exportedHeaders}'$data1 = {'test2.example.com' => {'Auth-User' => '$uid'},'test1.example.com' => {'Auth-User' => '$uid'}};'
description: {ldapBase}'dc=example,dc=net'
description: {macros}'$data1 = {};'
description: {globalStorageOptions}'$data1 = {'Directory' => '/usr/local/lemonldap-ng/data/sessions','LockDirectory' => '/usr/local/lemonldap-ng/data/sessions/lock'};'
description: {managerPassword}''
description: {cfgNum}1
description: {securedCookie}0
description: {managerDn}''

LDAP configuration

We advice to create a specific LDAP account with write access on configuration branch. Next create the configuration branch where you want. Just remember its DN for LemonLDAP::NG configuration.

LemonLDAP::NG configuration

You can set this directly in storage.conf:

type             = LDAP
ldapServer       = ldap://localhost
ldapConfBase     = ou=conf,ou=applications,dc=example,dc=com
ldapBindDN       = cn=manager,dc=example,dc=com
ldapBindPassword = secret

Import



Use script named lmConfig_File2LDIF shipped with LemonLDAP::NG:

$ lmConfig_File2LDIF -b "ou=conf,ou=applications,dc=example,dc=com" /usr/local/lemonldap-ng/data/conf/lmConf-1


You can use -c to print the branch above configuration entry in LDIF file. In this case, the branch must use ou as RDN attribute.

You can import LDIF directly in your directory:

$ lmConfig_File2LDIF -c -b "ou=conf,ou=applications,dc=example,dc=com" /usr/local/lemonldap-ng/data/conf/lmConf-1 | ldapadd -x -D "cn=manager,dc=example,dc=com -w secret