为了使用目录作为存储用户和角色信息, LDAP服务器可从JOSSO网关(an LDAP server accessible from the JOSSO Gateway)。在TCP / IP端口参与的LDAP会议是389和636的SSL 。
JOSSO已经测试OpenLDAP和ActiveDirectory,但应与几乎任何标准LDAP服务器。
这种使用方法将解释如何把JOSSO单点登录与LDAP服务器的存储的用户和作用的信息。它将执行的LDAP存储,配置提供身份验证信息,如用户密码,使用LDAP协议。
如果你已经安装了自己的schema,这一步并不是必需的。你应该替换。
You should create a namespace which should contain user and role entries. Lets have a look at an example.(你应该创建一个命名空间应包含用户和作用的项目。可以看看一个例子)
LDIF file:
# OU DEFINITIONS
# People OU - for holding records of all individuals
dn: ou=People,dc=my-domain,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
# Roles OU - for holding records of roles and the users to which those roles
# have been assigned
dn: ou=Roles,dc=my-domain,dc=com
ou: Roles
objectClass: top
objectClass: organizationalUnit
# PEOPLE ENTRIES
dn: uid=user1,ou=People,dc=my-domain,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
sn: User1 SN
cn: User1 CN
uid: user1
userpassword: user1pwd
mail: user1@josso.org
dn: uid=user2,ou=People,dc=my-domain,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
sn: User2 SN
cn: User2 CN
uid: user2
userpassword: user2pwd
mail: user2@josso.org
# ROLES ENTRIES
dn: cn=role1,ou=Roles,dc=my-domain,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: role1
uniqueMember: uid=user1,ou=People,dc=my-domain,dc=com
dn: cn=role2,ou=Roles,dc=my-domain,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: role2
uniqueMember: uid=user2,ou=People,dc=my-domain,dc=com
The LDIF file should be imported into the LDAP server using the specific command available for this task in the LDAP server product. In case of using OpenLDAP you should use the ldapadd command.
On succesfull creation of the schema, the Directory should look like the following :
扫一扫
1960
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
