README.ldap 3.93 KB
Newer Older
1
tests/LDAP/ldif/glpi-ldap.ldif provides :
2 3 4 5 6
- 3 branches, to simulate 3 differents directories
- users stored in using 2 differents objectclasses : person & inetOrgPerson
- groups : groupOfNames & posixGroup
- a lot of users in order to test ldap sizelimit

Walid Nouh's avatar
Walid Nouh committed
7 8 9 10 11 12 13 14
- rootdn : cn=admin,dc=glpi,dc=org
- rootpw : secret

- user's passwords : for ou=ldap3, all user's password are 'password'
- for other users, password is the same as the login

Create your own directory :
- add a new database with prefix dc=glpi,dc=org
15 16 17

=================================================
In glpi_authldaps :
18 19 20
INSERT INTO `glpi_authldaps` (`name`, `host`, `basedn`, `rootdn`, `rootdn_passwd`, `port`, `condition`, `login_field`, `email1_field`, `realname_field`, `firstname_field`, `comment_field`, `use_dn`, `entity_field`, `entity_condition`, `is_default`) VALUES('GLPI1', 'localhost', 'ou=ldap1,dc=glpi,dc=org', 'cn=admin,dc=glpi,dc=org', 'secret', 389, '(objectclass=person)', 'cn', 'mail', 'cn', 'givenname', 'description', 0, 'ou', '(objectclass=organizationalUnit)', 1);
INSERT INTO `glpi_authldaps` (`name`, `host`, `basedn`, `rootdn`, `rootdn_passwd`, `port`, `condition`, `login_field`, `group_condition`, `group_search_type`, `group_member_field`, `email1_field`, `realname_field`, `firstname_field`, `phone_field`, `comment_field`, `use_dn`, `title_field`, `category_field`) VALUES('GLPI2', 'localhost', 'ou=ldap2,dc=glpi,dc=org', 'cn=admin,dc=glpi,dc=org', 'secret', 389, '(objectclass=inetOrgPerson)', 'uid', '(objectclass=groupOfNames)', 1, 'member', 'mail', 'cn', 'sn', 'telephonenumber', 'description', 1, 'title', 'businesscategory');
INSERT INTO `glpi_authldaps` (`name`, `host`, `basedn`, `rootdn`, `rootdn_passwd`, `port`, `condition`, `login_field`, `group_condition`, `group_search_type`, `group_member_field`, `email1_field`, `realname_field`, `firstname_field`, `phone_field`, `comment_field`, `use_dn`, `title_field`, `category_field`, `entity_field`, `entity_condition`) VALUES ('GLPI3', 'localhost', 'ou=ldap3,dc=glpi,dc=org', 'cn=admin,dc=glpi,dc=org', 'secret', 389, '(objectclass=inetOrgPerson)', 'uid', '(objectclass=posixGroup)', 1, 'memberUid', 'mail', 'cn', 'sn', 'telephonenumber', 'description', 0,'title', 'businesscategory', 'o', '(objectclass=inetOrgPerson)');
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79

=================================================
Entities :
Create entities in GLPI :
- USA :
   * DN : ou=usa,ou=ldap2,dc=glpi,dc=org
   * TAG : usa
- Asia :
   * DN : ou=asia,ou=ldap1,dc=glpi,dc=org
   * TAG : asia
- China :
   * DN : ou=china,ou=asia,ou=ldap2,dc=glpi,dc=org
   * TAG : china
- China :
   * DN : ou=china,ou=asia,ou=ldap1,dc=glpi,dc=org
   * TAG : china
- Europe
   * DN : ou=europe,ou=ldap1,dc=glpi,dc=org
   * TAG : europe
- France
   * DN : ou=france,ou=europe,ou=ldap1,dc=glpi,dc=org
   * TAG : france
- Belgium
   * DN : ou=belgium,ou=europe,ou=ldap1,dc=glpi,dc=org
   * TAG : belgium
- Netherland
   * DN : ou=netherland,ou=europe,ou=ldap1,dc=glpi,dc=org
   * TAG : netherland
- Brazil
   * DN : none
   * Attribute representing the entity : (o=Brazil)
   * TAG : Brazil
- Ecuador
   * DN : none
   * Attribute representing the entity : (o=Ecuador)
   * TAG : Ecuador
   
=================================================
Right rules:
1 - Entity by LDAP field (for directories GLPI1 & GLPI2)
   * Criteria : (LDAP)DistinguishedName regex checks /ou=people,(.*)/
   * Action : Entity by LDAP assign regex result #0
   
2 - Entity by LDAP field (for directories GLPI1 & GLPI2)
   * Criteria : (LDAP)Organizationregex checks /(.*)/
   * Action : Entity by TAG assign regex result #0


=================================================
Branch : ou=ldap1,dc=glpi,dc=org
- works with objectclass person

=================================================
Branch : ou=ldap2,dc=glpi,dc=org
-works with objectclass inetOrgPerson & groupOfNames

=================================================
Branch : ou=ldap3,dc=glpi,dc=org
-works with objectclass inetOrgPerson & posixGroup
80
- more than 500 users (to address ldap's sizelimit)