stoney core: Authentication Resource Mapping (REST - LDAP)

From stoney cloud
Revision as of 10:47, 26 June 2014 by Tiziano (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Also visit stoney core: Authentication Resource - REST API.

Overview

Auth Action

Auth Retrieval (GET)

The following sequence describes the authentication retrieval:

  1. Look-up the user in the OpenLDAP directory in the ou=people,dc=stoney-cloud,dc=org sub tree (with a configurable LDAP service user):
    filter: (mail=name.surname@example.com)
    scope: one
  2. If the user exists, use the retrieved DN and try to bind with it (a working LDIF is described under users credentials).
    bind dn: uid=<UID>,ou=people,dc=stoney-cloud,dc=org
    password: myverysecretpassword
  3. If the bind was successful, retrieve further information with the LDAP service user from the leaf uid=<UID>,ou=people,dc=stoney-cloud,dc=org.

An example how to bind with the user credentials, presuming uid=<UID>:

ldapsearch -H ldaps://ldapm.stoney-cloud.org -b "ou=people,dc=stoney-cloud,dc=org" -D "uid=<UID>,ou=people,dc=stoney-cloud,dc=org" -x "(objectclass=*)" -v -W

Information about the configurable LDAP service user:

  • Currently, the LDAP service user is cn=Manager,dc=stoney-cloud,dc=org
  • Later on, this will be a LDAP service user.

Auth Retrieval (GET) Mapping

API Attribute LDAP Attribute
id uid
user mail

Links