8. LDIF
●
LDAP Data Interchange Format
dn: uid=coudot,ou=users,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
uid: coudot
mail: coudot@linagora.com
cn: Clément OUDOT
sn: OUDOY
givenName: Clément
9. Tips::Devel::LDAP
●
●
●
●
●
●
●
LDAP is a connected protocol: 1 connection,
several operations
For each operation, a return code: test it!
LDAPS is deprecated, use startTLS
Use LDAPv3
Say hello! (BIND)
Say goodbye! (UNBIND)
Use search parameters to improve
performances
11. A module with modules
●
●
●
●
●
●
●
Net::LDAP: main module
Net::LDAP::LDIF: manipulate LDIF files
Net::LDAP::RFC: list of RFC (POD)
Net::LDAP::Schema: parse schema
Net::LDAP::Extensions::*
Net::LDAP::Control::*
And many others...
11
13. Create a connection
●
●
●
Create a new Net::LDAP object
Specify host, port, scheme
Other options:
●
dsebug
●
IO::Socket options
●
async
●
version (v3 is the default)
●
onerror
13
15. Search
●
You need to provide:
●
●
Scope
●
Filter
●
●
Base
Attributes
Search can return 0 entries and be
successful
15
16. Entry
●
●
Entries object are returned by search or
generated from LDIF, or generated from
scratch
Methods to:
●
browse attributes and values
●
to add/modify/delete values
●
export to LDIF
16
17. Add and delete
●
Add method parameters:
●
●
●
Net::LDAP::Entry
DN and list of attributes
Delete method parameters:
●
Net::LDAP::Entry
●
DN
17
18. Modification
●
●
Add, replace, delete values
Modification applies to one entry:
●
●
●
Net::LDAP::Entry
DN
To rename/move an entry, use moddn:
●
Define a new RDN
●
Define a new superior
18
19. Password::Policy
●
●
Password policy controls password quality
at modification, and prevent brute force
attack at authentication
Net::LDAP::Control::PasswordPolicy:
●
Sent by client
●
Sent back by server
19
22. Scripts
●
Provided by LDAP Tool Box project:
●
Monitoring scripts:
–
–
Check OpenLDAP syncrepl status
–
●
Check LDAP response time
Check OpenLDAP monitor data
Data manipulation:
–
CSV to LDIF or LDIF to LDIF
–
Convert data from SUN/Oracle to OpenLDAP
22
23. LemonLDAP::NG
●
●
●
●
●
●
●
WebSSO, Access Control and Identity
Federation free software
Authentication against LDAP
Password modification in LDAP
Session storage in LDAP
Configuration storage in LDAP
Notification storage in LDAP
Implements Password Policy
23
25. Thanks
●
Special thanks to:
●
●
Company LINAGORA
●
●
FOSDEM and their organizers
All Perl developers
Keep in touch:
●
Twitter: @clementoudot
●
IRC: KPTN #linagora@freenode
●
Web: http://coudot.blogs.linagora.com
25
27. Thanks for your attention
http://www.linid.org
Logiciels et services Open Source
80 rue Roque de Fillol l 92800 PUTEAUX
Tel : 0810 251 251 l Fax : +33 1 46 96 63 64
www.linagora.com