Difference between revisions of "stoney core: Authentication Resource Mapping (REST - LDAP)"
From stoney cloud
(→Auth Retrieval (GET) Mapping) |
(→Auth Retrieval (GET)) |
||
(13 intermediate revisions by one other user not shown) | |||
Line 4: | Line 4: | ||
= Auth Action = | = Auth Action = | ||
== Auth Retrieval (GET) == | == Auth Retrieval (GET) == | ||
− | The following sequence describes the authentication | + | The following sequence describes the authentication retrieval: |
− | # Look-up the user in the OpenLDAP directory | + | # Look-up the user in the OpenLDAP directory in the ou=people,dc=stoney-cloud,dc=org sub tree (with a configurable LDAP service user): |
− | + | #: filter: <code>(mail=name.surname@example.com)</code> | |
− | #: | + | #: scope: <code>one</code> |
− | # If the user exists, try to bind with | + | # If the user exists, use the retrieved DN and try to bind with it (a working LDIF is described under [[stoney_core:_OpenLDAP_directory_data_organisation#People_uid_.28per_person.29 | users credentials]]). |
− | # If the bind was successful, retrieve the | + | #: bind dn: <code>uid=<UID>,ou=people,dc=stoney-cloud,dc=org</code> |
+ | #: password: <code>myverysecretpassword</code> | ||
+ | # If the bind was successful, retrieve further information with the LDAP service user from the leaf uid=<UID>,ou=people,dc=stoney-cloud,dc=org. | ||
+ | |||
+ | An example how to bind with the user credentials, presuming uid=<UID>: | ||
+ | ldapsearch -H ldaps://ldapm.stoney-cloud.org -b "ou=people,dc=stoney-cloud,dc=org" -D "uid=<UID>,ou=people,dc=stoney-cloud,dc=org" -x "(objectclass=*)" -v -W | ||
+ | |||
+ | Information about the configurable LDAP service user: | ||
+ | * Currently, the LDAP service user is cn=Manager,dc=stoney-cloud,dc=org | ||
+ | * Later on, this will be a [[stoney_core:_OpenLDAP_directory_data_organisation#Services | LDAP service user]]. | ||
=== Auth Retrieval (GET) Mapping === | === Auth Retrieval (GET) Mapping === | ||
{| border="1" class="wikitable sortable" | {| border="1" class="wikitable sortable" | ||
! API Attribute | ! API Attribute | ||
− | |||
! LDAP Attribute | ! LDAP Attribute | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
− | | | + | | id |
+ | | uid | ||
|- | |- | ||
− | || | + | | user |
+ | | mail | ||
|- | |- | ||
Latest revision as of 11:47, 26 June 2014
Also visit stoney core: Authentication Resource - REST API.
Contents
Overview
Auth Action
Auth Retrieval (GET)
The following sequence describes the authentication retrieval:
- Look-up the user in the OpenLDAP directory in the ou=people,dc=stoney-cloud,dc=org sub tree (with a configurable LDAP service user):
- filter:
(mail=name.surname@example.com)
- scope:
one
- filter:
- If the user exists, use the retrieved DN and try to bind with it (a working LDIF is described under users credentials).
- bind dn:
uid=<UID>,ou=people,dc=stoney-cloud,dc=org
- password:
myverysecretpassword
- bind dn:
- If the bind was successful, retrieve further information with the LDAP service user from the leaf uid=<UID>,ou=people,dc=stoney-cloud,dc=org.
An example how to bind with the user credentials, presuming uid=<UID>:
ldapsearch -H ldaps://ldapm.stoney-cloud.org -b "ou=people,dc=stoney-cloud,dc=org" -D "uid=<UID>,ou=people,dc=stoney-cloud,dc=org" -x "(objectclass=*)" -v -W
Information about the configurable LDAP service user:
- Currently, the LDAP service user is cn=Manager,dc=stoney-cloud,dc=org
- Later on, this will be a LDAP service user.
Auth Retrieval (GET) Mapping
API Attribute | LDAP Attribute |
---|---|
id | uid |
user |