Domain and LDAP

Overview

Core information, such as usernames and passwords, are stored in LDAP. The Domain LDAP Webconfig page is where you can view and manage LDAP server settings.

LDAP is a protocol for accessing user, group and other key information from a directory. Because of its close association with that directory, the directory is sometimes called an LDAP Directory.

ClearOS uses OpenLDAP as its LDAP Directory Server and the LDAP protocol for accessing and authenticating usernames and passwords. All user information on ClearOS is stored in this directory.

Installation

If you install a module that depends on users/groups, this feature will automatically be installed as well.

Menu

You can find this feature in the menu system at the following location:

Directory Setup Domain LDAP

Configuration

LDAP Options

The following settings can be configured in Webconfig:

  • The Domain Name should be set to your primary Internet domain, for example example.com
  • The Publish Policy is useful if you need to access the LDAP directory from an external system

LDAP Information

This Webconfig page also lists the LDAP bind information which is useful if you need to connect with other custom services or with and LDAP directory browser.

The bind information and password listed here is critical and sensitive and should be protected.

Accessing the LDAP Directory via Command Line

Webconfig uses the LDAP Directory transparently for many functions. For the most part, adding users, creating groups, setting passwords or changing information about the server will modify the directory in all the ways you need it to without needing to manually enter records.

Modifying data in your LDAP directory by hand can break functionality of ClearOS and make it unsupportable!

For these examples we will use the following data:

  • Hostname: localhost
  • Base DN: dc=clearos,dc=lan
  • Bind DN: cn=manager,cn=internal,dc=clearos,dc=lan
  • Bind Password: gbGKD86gEWXLYNRm

A simple search will reveal our entire LDAP directory.

ldapsearch -h localhost -b "dc=clearos,dc=lan" \
-D "cn=manager,cn=internal,dc=clearos,dc=lan" \
-s sub "objectclass=*" -x -w gbGKD86gEWXLYNRm

You can also limit the results to include only specific information. For example, the following show all the groups on the system:

ldapsearch -h localhost -b "dc=clearos,dc=lan" \
-D "cn=manager,cn=internal,dc=clearos,dc=lan" \
-s sub "objectclass=GroupOfNames" -x -w gbGKD86gEWXLYNRm

 
TryBuy