Summary of LDAP-based unified user verification in Linux

Source: Internet
Author: User
Article Title: Summary of LDAP-based unified user verification in Linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

Today, I saw this article in 51cto: the research on LDAP-based unified user authentication in Linux, combined with my experience. To sum up.

Applications I have integrated through iredmail ldap include sugarcrm, ejabberd, purefptd, openvpn, and Awstats. These applications should be able to describe ldap integration methods.

It must be noted that the user account and password are maintained on ldap.

OU and filter

Generally, users want to put the users to be verified on an ou, so that the application can find the users under this ou for verification. However, one disadvantage of doing so is that, what if a user needs to enable the ftp service but does not need the samba service?

Therefore, we do not recommend you use ou to classify users. Instead, the filter is used to filter tags. For example, if this user wants to enable the samba service, I will add a samba on this user's attribute. By setting the filter, all users who need to use the samba service can be found, instead of putting these users in an ou.

You can perform the following verification by setting the filter method.

1: schema

If you want all the settings of the application to be controlled on ldap, you need to provide schema and pureftp for this application. This is a good example. The user's download speed and upload speed are all stored in ldap, rather than in the software configuration file or database.

This integration should be ideal for achieving centralized management.

2: No schema. ldap authentication is supported.

The application itself provides ldap authentication, that is, querying the user name and password through ldap. However, the specific permissions of the user in this application need to be set in the software.

Generally, you need to set a default permission for the user. After the user logs on, you can set specific permissions for the user.

Sugarcrm is an example. It supports ldap authentication, but only authentication. If you set sugar to adopt ldap authentication, you will find that there are no users in the system. You must log on to this user before you can manage users and set their permissions.

In fact, as the software itself, it would be better if we could do this by proactively going to ldap to query qualified users and importing them to the system. There are some basic information in ldap. If you can import it, it is better. For example, sugar can import users' mailboxes.

However, few software can do this. Ejabberd will automatically query users in ldap.

3: pam verification. ldap is not supported.

The application itself does not support ldap authentication and supports pam Authentication. You can use pam to implement ldap. This method is feasible and sounds good, but it also increases the complexity of the ldap authentication configuration.

Web applications support ldap authentication, which is easy to implement. Only

Openvpn is an example. In fact, there are two ways to implement openvpn Using ldap authentication,

One is to directly use ldap for verification.

Another method is to use pam and then use ldap for verification.

4: apache Verification

This authentication method is simple for apache to verify users through ldap. iredmail's Awstats implements unified authentication.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.