Skip to content
Snippets Groups Projects
Commit dbe36855 authored by Russ Garrett's avatar Russ Garrett
Browse files

Update README with some useful info

parent b84331c3
No related branches found
No related tags found
1 merge request!1Update README with some useful info
Pipeline #24457 passed
Stage: build
Stage: test
Hide whitespace changes
Inline Side-by-side
Showing
with 25 additions and 4 deletions
README.md
+ 25
4
View file @ dbe36855
...@@ -4,8 +4,29 @@ Uffd LDAP Proxy Server ...@@ -4,8 +4,29 @@ Uffd LDAP Proxy Server
Proxy server to provide uffd user and group data via LDAP. Proxy server to provide uffd user and group data via LDAP.
Based on [python-ldapserver](https://git.cccv.de/uffd/python-ldapserver). Based on [python-ldapserver](https://git.cccv.de/uffd/python-ldapserver).
To install uffd-ldapd on Debian, add the [uffd Debian repository](https://packages.cccv.de/uffd/) to `/etc/sources.list` and install the package `uffd-ldapd`. `uffd-ldapd` communicates with uffd over the API. It is intended to run locally on the same host as each LDAP client, so it does not support TLS.
Update the config file `/etc/uffd-ldapd.conf` and restart the service with `systemctl restart uffd-ldapd`.
The proxy server listens on `ldap://127.0.0.1:389/`.
uffd-ldapd requires at least uffd v1.2.0! ## Installation
`uffd-ldapd` requires at least uffd v1.2.0!
To install `uffd-ldapd` on Debian, add the [uffd Debian repository](https://packages.cccv.de/uffd/) to `/etc/sources.list` and install the package `uffd-ldapd`.
Create a new service and API client in uffd. The API client will need at least the `users` permission.
If you need to check passwords, it will also need the `checkpassword` permission.
Update the config file `/etc/uffd-ldapd.conf` with your API credentials and restart the
service with `systemctl restart uffd-ldapd`. The proxy server listens on `ldap://127.0.0.1:389/`.
## Usage
This section assumes you've configured `dc=example,dc=com` as your `SERVER_BASE_DN`, but you should probably use your actual domain.
If you've configured the `SERVER_BIND_PASSWORD` in the config, your LDAP clients will need to bind as `cn=service,ou=system,dc=example,dc=com` to list all users. Otherwise they can be listed anonymously.
Users from uffd will be exposed under the `ou=users,dc=example,dc=com` OU. To check passwords you can perform a simple bind to `uid={username},ou=users,dc=example,dc=com` or use SASL PLAIN authentication.
### Authentication errors
* **Invalid credentials (49)**: the bind DN is not a child of `ou=users,dc=example,dc=com`, the `uid` component is not present in the bind DN, or the credentials are wrong.
* **Insufficient access (50)**: the API client configured for `uffd-ldapd` does not have the `checkpassword` permission.
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Impressum - Datenschutzerklärung