Arief Yudhawarman

Masih belajar buat blog

Posts Tagged ‘openldap

LDAP Tutorial (2)

with one comment


Security Policy

We are going to build an Access Control Policy (ACP a.k.a. ACL) based on Corporate Policy which states:

  1. The directory entry owner is able to see and update ALL the directory attributes including passwords.
  2. Human Resources must be able to update ANY entry but must not be able to read or write the users password.
  3. The Directory entries carlicence, homepostaddress and homephone must not be readable by anyone except human resources and the owner of the directory entry.
  4. All users must authenticate (anonymous access is not allowed).
  5. The IT department must be able to update or change the password entry on ALL directory entries.

Whatever your opinions of the above policy we are going to have to provide the access controls to implement it. The first thing we have do is to create two groups one for hrpeople and one for itpeople to enable us to assign group permissions. We will locate these groups using a groups branch under the DIT root. The diagram below shows our new structure.


Read the rest of this entry »

Advertisements

Written by awarmanf

November 1, 2017 at 2:59 am

Posted in LDAP, Linux, perl

Tagged with , ,

LDAP Tutorial (1)

leave a comment »


LDAP

LDAP is an acronym for Lightweight Directory Access Protocol, it is a simplified version of the X.500 protocol. The directory setup in this section will be used for authentication. Nevertheless, LDAP can be used in numerous ways: authentication, shared directory (for mail clients), address book, etc.

To describe LDAP quickly, all information is stored in a tree structure. With OpenLDAP you have freedom to determine the directory arborescence (the Directory Information Tree: the DIT) yourself. We will begin with a basic tree containing two nodes below the root:

  • People node where your users will be stored
  • Groups node where your groups will be stored

Before beginning, you should determine what the root of your LDAP directory will be. By default, your tree will be determined by your Fully Qualified Domain Name (FQDN). If your domain is example.com (which we will use in this example), your root node will be dc=example,dc=com.

Entries are in a tree-like structure called Directory Information Tree (DIT)

Read the rest of this entry »

Written by awarmanf

October 27, 2017 at 6:42 am

Posted in LDAP, Linux, perl

Tagged with , ,

Setup Free Radius dengan Autentikasi ke OpenLDAP

with 4 comments

Topologi

Topologi radius openldap

Topologi radius openldap


Server dan Router:

  1. OpenLDAP
    • ether0: 192.168.1.2
  2. Radius Server
    • ether0: 192.168.1.3
  3. Mikrotik
    • ether1: 192.168.1.1
    • ether2: 192.168.10.1

Read the rest of this entry »

Written by awarmanf

January 6, 2015 at 2:24 am