Difference between revisions of "stoney core: Authentication Resource Mapping (REST - LDAP)"
From stoney cloud
| [unchecked revision] | [unchecked revision] |
(→Auth Retrieval (GET)) |
|||
| (14 intermediate revisions by one other user not shown) | |||
| Line 4: | Line 4: | ||
= Auth Action = | = Auth Action = | ||
== Auth Retrieval (GET) == | == Auth Retrieval (GET) == | ||
| − | The following sequence describes the authentication | + | The following sequence describes the authentication retrieval: |
| − | # Look-up the user in the OpenLDAP directory | + | # Look-up the user in the OpenLDAP directory in the ou=people,dc=stoney-cloud,dc=org sub tree (with a configurable LDAP service user): |
| − | + | #: filter: <code>(mail=name.surname@example.com)</code> | |
| − | #: | + | #: scope: <code>one</code> |
| − | # If the user exists, try to bind with | + | # If the user exists, use the retrieved DN and try to bind with it (a working LDIF is described under [[stoney_core:_OpenLDAP_directory_data_organisation#People_uid_.28per_person.29 | users credentials]]). |
| − | # If the bind was successful, retrieve the | + | #: bind dn: <code>uid=<UID>,ou=people,dc=stoney-cloud,dc=org</code> |
| + | #: password: <code>myverysecretpassword</code> | ||
| + | # If the bind was successful, retrieve further information with the LDAP service user from the leaf uid=<UID>,ou=people,dc=stoney-cloud,dc=org. | ||
| + | |||
| + | An example how to bind with the user credentials, presuming uid=<UID>: | ||
| + | ldapsearch -H ldaps://ldapm.stoney-cloud.org -b "ou=people,dc=stoney-cloud,dc=org" -D "uid=<UID>,ou=people,dc=stoney-cloud,dc=org" -x "(objectclass=*)" -v -W | ||
| + | |||
| + | Information about the configurable LDAP service user: | ||
| + | * Currently, the LDAP service user is cn=Manager,dc=stoney-cloud,dc=org | ||
| + | * Later on, this will be a [[stoney_core:_OpenLDAP_directory_data_organisation#Services | LDAP service user]]. | ||
=== Auth Retrieval (GET) Mapping === | === Auth Retrieval (GET) Mapping === | ||
{| border="1" class="wikitable sortable" | {| border="1" class="wikitable sortable" | ||
! API Attribute | ! API Attribute | ||
| − | |||
! LDAP Attribute | ! LDAP Attribute | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|- | |- | ||
| − | | | + | | id |
| + | | uid | ||
|- | |- | ||
| − | || | + | | user |
| + | | mail | ||
|- | |- | ||
Latest revision as of 11:47, 26 June 2014
Also visit stoney core: Authentication Resource - REST API.
Contents
Overview
Auth Action
Auth Retrieval (GET)
The following sequence describes the authentication retrieval:
- Look-up the user in the OpenLDAP directory in the ou=people,dc=stoney-cloud,dc=org sub tree (with a configurable LDAP service user):
- filter:
(mail=name.surname@example.com) - scope:
one
- filter:
- If the user exists, use the retrieved DN and try to bind with it (a working LDIF is described under users credentials).
- bind dn:
uid=<UID>,ou=people,dc=stoney-cloud,dc=org - password:
myverysecretpassword
- bind dn:
- If the bind was successful, retrieve further information with the LDAP service user from the leaf uid=<UID>,ou=people,dc=stoney-cloud,dc=org.
An example how to bind with the user credentials, presuming uid=<UID>:
ldapsearch -H ldaps://ldapm.stoney-cloud.org -b "ou=people,dc=stoney-cloud,dc=org" -D "uid=<UID>,ou=people,dc=stoney-cloud,dc=org" -x "(objectclass=*)" -v -W
Information about the configurable LDAP service user:
- Currently, the LDAP service user is cn=Manager,dc=stoney-cloud,dc=org
- Later on, this will be a LDAP service user.
Auth Retrieval (GET) Mapping
| API Attribute | LDAP Attribute |
|---|---|
| id | uid |
| user |
