How To Set Up A Ldap Server
Setting up an LDAP server for evolution/testing using Apache Directory Studio¶
In this section, nosotros will describe how to setup an LDAP server using Apache Directory Studio to exam the LDAP authentication in Crafter Studio.
First, we'll configure LDAP authentication in Crafter Studio, then continue to install and setup the LDAP server using Apache Directory Studio, then finally login to Crafter Studio with the users setup in the LDAP server.
Configure LDAP authentication in Crafter Studio¶
We will commencement configure LDAP authentication in Crafter Studio. In your Authoring installation, go to CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension and add the following lines to studio-config-override.yaml. (The server url, bindDN and password are all default values of the Apache Directory Studio) End and restart Crafter Studio after making your changes.
ane ii 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 xix 20 21 22 23 24 25 26 27 28 | # Studio hallmark concatenation configuration studio.authentication.chain : # Authentication provider type - provider : LDAP # Authentication via LDAP enabled enabled : true # LDAP Server url ldapUrl : ldap://localhost:10389 # LDAP bind DN (user) ldapUsername : uid=admin, ou=system # LDAP demark password ldapPassword : secret # LDAP base context (directory root) ldapBaseContext : dc=example,dc=com # LDAP username aspect usernameLdapAttribute : uid # LDAP first name attribute firstNameLdapAttribute : cn # LDAP last name attribute lastNameLdapAttribute : sn # Authentication header for email emailLdapAttribute : postal service # LDAP groups attribute groupNameLdapAttribute : ou # LDAP groups attribute name regex groupNameLdapAttributeRegex : .* # LDAP groups attribute match index groupNameLdapAttributeMatchIndex : 0 |
For more information on configuring LDAP authentication in Crafter Studio, please follow the guide hither: Configure LDAP Hallmark
Delight note that the LDAP attributes are configurable and in our example above, we are using ou for the attribute for groupName instead of crafterGroup as listed in Configure LDAP Hallmark
Setup the LDAP server¶
We will first create our LDAP server. Launch your Apache Directory Studio application. Notice the tabs on the lower left manus corner. Click on the LDAP Servers tab. To create the server, click on the New Server icon, the first icon to the correct of the LDAP Servers tab.
A dialog to create the server will announced, get the the Select the server blazon: department of the dialog. For our example, select ApacheDS 2.0.0 then click on the Finish button.
Next nosotros'll offset our LDAP server. Click on the LDAP server we just created, ApacheDS 2.0.0, which will exist displaying the status Stopped. To start the server, click on the green button correct next to the tabs:
We'll now need to connect the LDAP browser to our newly created LDAP server. To connect to the server, in the LDAP Server tab, correct click on the server ApacheDS 2.0.0, then select Create a Connection
Click on the Connections tab, you should now run into ApacheDS 2.0.0 listed.
Load some data into the LDAP Server¶
The server we setup before does non accept any data yet. We will now load some information by using the LDIF editor. LDIF or LDAP Data Interchange Format, is a text format for representing LDAP data and commands. To open an LDIF editor, click on the New icon at the tiptop left, or click File -> New, a dialog volition appear with a list, select LDIF File under LDAP Browser
An empty file in the middle of your ApacheDS will appear. This is the LDIF editor. We will now enter some data into information technology to create users that Crafter Studio tin can cosign through the LDAP Server we just setup. We will add 3 users, each belonging to a different group for the site myawesomesite in Crafter Studio. Please make sure that the attributes listed in the Crafter Studio LDAP configuration is configured in the LDAP server for each user. Copy and paste the data listed below into the LDIF editor. Brand sure that in that location is an empty line later the terminal entry.
1 two 3 4 5 6 seven eight nine ten 11 12 13 14 15 16 17 18 19 xx 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 sixty 61 62 63 64 65 | dn: dc=example,dc=com objectClass: domain objectClass: height dc: example dn: ou=Users,dc=example,dc=com objectClass: organizationalUnit objectClass: height ou: Users dn: ou=Groups,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: Groups dn: cn=Joe Bloggs,ou=Users,dc=example,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: Joe Bloggs sn: Bloggs ou: site_author description: 19650324000000Z employeeNumber: 9 givenName: Joe mail service: joe@example.com telephoneNumber: 169-637-3314 telephoneNumber: 907-547-9114 uid: jbloggs userPassword:: abc dn: cn=Jane Doe,ou=Users,dc=case,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: elevation cn: Jane Doe sn: Doe ou: site_admin description: 19650324000000Z employeeNumber: 12 givenName: Jane postal service: jane@example.com telephoneNumber: 169-637-3314 telephoneNumber: 907-547-9114 uid: jdoe userPassword:: abc dn: cn=John Wick,ou=Users,dc=instance,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: John Wick sn: Wick ou: site_reviewer description: 19650324000000Z employeeNumber: 8 givenName: John mail: john@instance.com telephoneNumber: 169-637-3314 telephoneNumber: 907-547-9114 uid: jwick userPassword:: abc |
Please note that a user can belong to multiple groups. To add another groupName value in the ldif file, just add another line specifying the attribute and the value. Notice the multiple values for the aspect ou (groupName)
1 2 iii 4 5 half dozen 7 8 9 10 11 12 13 fourteen 15 xvi 17 | dn: cn=John Wick,ou=Users,dc=example,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: superlative cn: John Wick sn: Wick ou: site_publisher ou: site_editor description: 19650324000000Z employeeNumber: 8 givenName: John post: john@example.com telephoneNumber: 169-637-3314 telephoneNumber: 907-547-9114 uid: jwick userPassword:: abc |
To add together the information we entered in the LDIF file into the LDAP Server, first, click on the Browse push button in the LDIF editor and select the connectedness nosotros setup (ApacheDS 2.0.0), then click on the green (Execute LDIF) button adjacent to the Browse button to get our data into the server.
After executing the LDIF file, y'all should see the results in the Modification Logs tab at the lesser of the LDIF Editor and should await something like the image below:
Nosotros should besides be able to see the iii users nosotros just added in the LDAP browser
Changing a user'southward countersign in the LDAP server¶
Observe that we prepare the countersign to the same characters for all the users. Permit's alter the countersign for all the users. To do this, from the LDAP Browser tab, navigate to DIT -> Root DSE -> dc=example,dc=com -> ou=Users, then click on the name os a user. We'll click on user Jane Doe. A new tab will open in the middle of your ApacheDS with all the attributes for user Jane Doe. Double click on userPassword to change the user's password.
The Password Editor dialog will at present be in focus. Click on New Password at the middle summit and make full in the Enter New Password and Confirm New Countersign fields in the form, then click on the OK button
To test the new countersign you just entered, double click on userPassword attribute of the user, then click on Electric current Countersign in the Password Editor dialog. Enter the new password in the Verify Password field, and so click on the Verify button.
When successful, a dialog will announced that the countersign was verified successfully
Repeat the steps listed above for the rest of the users nosotros added in to the LDAP server to alter their password. Afterward changing all the user'southward passwords, nosotros can at present attempt to login to Crafter Studio using the credentials of the users nosotros but added.
Logging in to Crafter Studio as an LDAP user¶
In your browser, enter localhost:8080\studio . Fill in the the username and password using one of the users nosotros setup in the LDAP server. In the image beneath, we will log in the user jbloggs. If hallmark is successful, the user should be taken to the Sites screen of Crafter Studio.
How To Set Up A Ldap Server,
Source: https://docs.craftercms.org/en/3.1/developers/cook-books/how-tos/setting-up-an-ldap-server-for-dev.html
Posted by: burkeexhavy.blogspot.com

0 Response to "How To Set Up A Ldap Server"
Post a Comment