1.7 KiB
LDAP
Sta je LDAP?
- Protokol za cuvanje i pristup podatcima
- Uglavnom informacije o korisnicima (username,password)
- Hierarhijska struktura (grupe korisnika)
- Veliki broj servisa ima opciju za LDAP za korisnike
Hierarhija
Hierarhija
- Domain component (DC)
- Organizational Unit (OU)
- Korisnici (UID)
Klase i atributi
- Distinguished Name (dn)
- Object class
- Atributi
Search
(&(objectClass=person)(givenName=John))
OpenLDAP
OpenBSD-ova implementacija LDAP-a
Python
python3-ldap3 biblioteka
python3-ldap3 setup
CONNECTION TO LDAP SERVER
from ldap3 import Server,Connection,ALL,MODIFY_REPLACE
s=Server('192.168.122.233',use_ssl=True,get_info=ALL) c=Connection(s,'cn=cn=admin,dc=example,dc=com','secret',auto_bind=True)
python3-ldap3 setup
ADD DC OBJECT
objectClass = ['dcObject', 'organization']
attributes = {'o' : 'example', 'dc' : 'example'}
c.add('dc=example,dc=com',objectClass, attributes)
python3-ldap3 setup
ADD ORGANISATIONAL UNIT
objectClass = ['top', 'organizationalUnit']
attributes = {'ou' : 'users'}
c.add('ou=users,dc=example,dc=com', objectClass, attributes)
python3-ldap3 manage users
ADD USERS
objectClass = ['top', 'person', 'organizationalPerson', 'inetOrgPerson', 'posixAccount', 'shadowAccount']
attributes = {'cn' : 'user1', 'sn' : 'user1', 'givenName' : 'user1', 'uid' : 'user1', 'uidNumber' : 1001, 'gidNumber' : 1001, 'homeDirectory' : '/home/user1', 'loginShell' : '/bin/sh', 'gecos' : 'SystemUser', 'shadowLastChange' : 19433, 'shadowMax' : '45', 'userPassword' : 'password123'}
c.add('uid='user1,ou=users,dc=example,dc=com',objectClass, attributes)
python3-ldap3 manage users
DELETE USERS
c.delete('user1,ou=users,dc=example,dc=com')