i have added entry:
!DATE 2014-01-19T11:48:56.062
dn: cn=Derek Carter2,ou=mis,ou=unit,ou=company,dc=labs,dc=com
changetype: add
telephoneNumber: 02-29587572
mail: c291677874#labs.com
objectClass: person
objectClass: inetOrgPerson
givenName: Derek Carter
sn: Carter
title: engineer
cn: Derek Carter2
but joomla ldap config need uid field。
what else should i to enable joomla login with ldap?
change schema or add entry attrbuite?
uid is supposed to be globally unique. Often it is a short name you might consider a login name value. It is unlikely that the user wants to login as Derek Carter2 they probably want to login as dcarter or carterd or somesuch. Do you maintain such a value? Conversely, folk often use the email address as the login id, since it must be globally unique. Or at worst, the stuff before the # sign in the email address, if it is your email domain. I.e. All users in your email domain, should have unique bits before the # sign.
In that case, use that data in the uid attribute. Or else change the LDAP mapping that takes the passed in login name, and looks at mail instead of uid.
Related
I have the Google apps account: domain1.com
I have the following accounts set up:
Jane (jane#firstdomain.com)
Ben (ben#firstdomain.com)
Joe (joe#firstdomain.com)
I have the domain seconddomain.com set up as an alias of firstdomain.com. So Jane, Ben and Joe have jane#seconddomain.com, ben#seconddomain.com and joe#dseconddomain.com.
I want to create a group using the alias email, such that group#seconddomain.com includes Jane, Ben, and Bill as recipients of that email address. Is this possible?
Yes, this is possible. But a few notes to consider when doing so.
It is only possible for you to create a group using #seconddomain.com if the group was added as a Secondary Domain, not a User alias domain. You can read more about it here.
You would need to manually create the group, and a dropdown option should appear letting you choose which Domain you would like to use as the domain for your group email. You can read more about creating groups here.
I'm using OUD 12c and I would like tho achieve something like the following.
Suppose I have two branches in my LDAP:
ou=users,dc=example,dc=com
ou=users_special,dc=example,dc=com
Is it possible to set on LDAP side that ou=users_special extends the ou=users branch?
So every search in the ou=users branch will automatically look even at the ou=users_special.
Note: no, I can't search for the users in the base dn.
Thanks
EDIT:
I try to re-explain because it seems the goal was not clear.
I have two users with these two DN:
uid=user0,ou=people,dc=example,dc=com
uid=user1,ou=users,dc=example,dc=com
I need that both of these ldapsearches work.
ldapsearch -h localhost -p 1389 -b "ou=people,dc=example,dc=com" (uid=user0)
ldapsearch -h localhost -p 1389 -b "ou=people,dc=example,dc=com" (uid=user1)
That's not schema -- schema defines what attributes exist on an object. You're talking about a referral.
The following LDIF creates an OU with a referral:
dn: ou=users_special,ou=users,dc=example,dc=com
changetype: add
objectclass: top
objectclass: extensibleObject
objectclass: referral
ou: users_special
ref: ldap://LDAPHOST:PORT/ou=users_special,dc=example,dc=com??sub?(objectClass=inetOrgPerson)
I created a user with uid "specialuser01" in ou=users_special,dc=example,dc=com. A query set to follow referrals at base ou=users,dc=example,dc=com for uid=specialuser01 returns the account that is in the
***Searching...
ldap_search_s(ld, "ou=users,dc=example,dc=com", 2, "uid=specialuser01", attrList, 0, &msg)
Getting 1 entries:
Dn: uid=specialuser01,ou=users_special,dc=example,dc=com
cn: special User01;
objectClass (4): top; person; organizationalPerson; inetOrgPerson;
uid: specialuser01;
However a search that doesn't follow referrals will return 0 entries.
I want to query LDAP for all users in a specific OU (call it OU = Anberlin)
This is my current approach:
(&(objectCategory=person)(objectClass=user)(memberOf=OU=Anberlin, DC=Domain, DC=local)( !(userAccountControl:1.2.840.113556.1.4.803:=2)))
That should get all the enabled users in that OU right?
No, it won't. The memberOf attribute stores the list of groups the object is a member of.
All LDAP searches have a base DN value that you can pass as well as the query. Usually it's the whole domain, but if you set the base DN to your OU, then you will only get results from that OU.
So this is what you'd use for your search:
Base DN: OU=Anberlin,DC=Domain,DC=local
Query: (&(objectCategory=person)(objectClass=user)( !(userAccountControl:1.2.840.113556.1.4.803:=2)))
I am using LDAP authentication in spring-security. For some reason I don't have an LDAP server and I have configured my spring-security.xml to use the LDIF file.
I need to add a custom attribute, called type for the users. So I created an objectclass and an attributetypes as mentioned here.
The LDIF file looks like :
dn: cn=subschemasubentry
changetype: modify
add: attributetypes
attributetypes: ( 1.2.3.4.5.6.7 NAME 'type' DESC 'New attribute definition'
EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
dn: cn=subschemasubentry
changetype: modify
add: objectClasses
objectClasses: ( 1.2.3.4.56789.1.0.200 NAME 'testUser'
SUP ( inetOrgPerson ) STRUCTURAL
MUST cn
MAY type )
dn: ou=users,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: users
dn: uid=testuser1,ou=users,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: testUser
mail: test1#test.com
cn: Some Name
sn: someName
uid: someId
type: someType
userPassword: pass1
However, this fails with NameNotFoundException, when I try to use some REST call (protected by spring-security) with the error :
LDAP: error code 32 - NO_SUCH_OBJECT:
...
...
Attempt to search under non-existant entry: ou=users,dc=springframework,dc=org];
nested exception is javax.naming.NameNotFoundException:
If I remove the custom attribute and the custom objectclass, and change the user data to objectclass: inetOrgPerson, it works fine.
How can I add the objectclass and the attributes then ?
I was trying to use the schema in LDIF files, which was wrong. I used ApacheDS to create new schema with the custom attributes and custom objectclass. Then exported them to LDIF.
The resulting LDIF I added to the LDIF file used for spring-security.
It is another matter that spring still does not read the new attributes from entries even when it reads the object classes.
Some users in my LDAP Directory have several uids assigned as such:
dn: uid=user1,ou=People,o=org
uid: user1
uid: nick1
dn: uid=user2,ou=People,o=org
uid: user2
uid: nick2
While trying to get uid for these users using ActiveLdap (like User.uid) I only get the first uid attr as it is DN attribute.
Is it possible with ActiveLdap to get both of them?
i just ran into this a couple weeks ago:
Query all the users in a system with LDAP
It is not an ActiveLDAP issue per say.
Here is the thing, and I will hopefully save you some time. with your ldap schema, as is, what you have is a unique dn for every user. So, in effect, if you have 100,000 users, you have 100,000 folders, each identified at the top level as unique by id. if your schema was setup like this:
dn: category=active,ou=People,o=org
uid: uid1
uid: nick1
then you could query all the active users for overlapping uid because the filter would filter down to active users and select from that the users with uid attributes of x.
As it is, you can only get at the top level dn, so each filter will filter one user, so its useless. What I did is actually query my flatfile backup of the ldap database and extracted information that way. i used basic ruby and just split records on newlines, and made a big array, if I remember correctly. We had about 130,000 records and was able to get my query in about 2 seconds from the flat file.