1 |
robbat2 10/05/02 23:49:24 |
2 |
|
3 |
Modified: ldap.xml |
4 |
Log: |
5 |
Update Gentoo LDAP howto with instructions on changing your password and shell, as well as some of the other schema fields that are in use but are part of stock schemas rather than our custom Gentoo schema. |
6 |
|
7 |
Revision Changes Path |
8 |
1.32 xml/htdocs/proj/en/infrastructure/ldap.xml |
9 |
|
10 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.32&view=markup |
11 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.32&content-type=text/plain |
12 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.31&r2=1.32 |
13 |
|
14 |
Index: ldap.xml |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v |
17 |
retrieving revision 1.31 |
18 |
retrieving revision 1.32 |
19 |
diff -p -w -b -B -u -u -r1.31 -r1.32 |
20 |
--- ldap.xml 24 Apr 2010 18:51:35 -0000 1.31 |
21 |
+++ ldap.xml 2 May 2010 23:49:24 -0000 1.32 |
22 |
@@ -1,6 +1,6 @@ |
23 |
<?xml version="1.0" encoding="UTF-8"?> |
24 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
25 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.31 2010/04/24 18:51:35 robbat2 Exp $ --> |
26 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.32 2010/05/02 23:49:24 robbat2 Exp $ --> |
27 |
|
28 |
<guide link="/proj/en/infrastructure/ldap.xml"> |
29 |
<title>Gentoo Infrastructure LDAP guide</title> |
30 |
@@ -27,8 +27,8 @@ and administrators. |
31 |
<!-- See http://creativecommons.org/licenses/by-sa/2.5 --> |
32 |
<license/> |
33 |
|
34 |
-<version>1.20</version> |
35 |
-<date>2010-04-24</date> |
36 |
+<version>1.25</version> |
37 |
+<date>2010-05-02</date> |
38 |
|
39 |
<chapter> |
40 |
<title>Key Concepts</title> |
41 |
@@ -292,11 +292,66 @@ otherwise noted. Required fields are emp |
42 |
All dates must be formatted as ISO8601, YYYY/MM/DD. |
43 |
</note> |
44 |
|
45 |
-<p |
46 |
->The following attributes were in use at some point in the past, but have |
47 |
-been retired: <e>gentooHerd/herd</e>, <e>gentooAltMail/altMail</e>, <e>gentooForumsUID/forumsUID</e>. |
48 |
+<p> |
49 |
+The following attributes were in use at some point in the past, but have |
50 |
+been retired: <e>gentooHerd/herd</e>, <e>gentooAltMail/altMail</e>, |
51 |
+<e>gentooForumsUID/forumsUID</e>. |
52 |
</p> |
53 |
|
54 |
+<p>Additionally, we use a number of standard LDAP schemas for user records: <e>inetOrgPerson</e>, <e>organizationalPerson</e>, <e>person</e>, <e>posixAccount</e>, <e>shadowAccount</e>. Some of the attributes in these schemas are listed below.</p> |
55 |
+ |
56 |
+<table> |
57 |
+ <tr> |
58 |
+ <th>Attribute Name</th> |
59 |
+ <th>Access Level</th> |
60 |
+ <th>Description</th> |
61 |
+ <th>Type</th> |
62 |
+ <th>Format</th> |
63 |
+ </tr> |
64 |
+ <tr> |
65 |
+ <ti><e>mail</e></ti> |
66 |
+ <ti>user</ti> |
67 |
+ <ti>alternative email addresses</ti> |
68 |
+ <ti>multiple, required</ti> |
69 |
+ <ti>UTF-8</ti> |
70 |
+ </tr> |
71 |
+ <tr> |
72 |
+ <ti><e>cn</e>, <e>sn</e>, <e>givenName</e></ti> |
73 |
+ <ti>recruiters</ti> |
74 |
+ <ti>real name of developer</ti> |
75 |
+ <ti>single, required</ti> |
76 |
+ <ti>UTF-8</ti> |
77 |
+ </tr> |
78 |
+ <tr> |
79 |
+ <ti><e>gecos</e></ti> |
80 |
+ <ti>recruiters</ti> |
81 |
+ <ti>real name of developer for script usage</ti> |
82 |
+ <ti>single, required</ti> |
83 |
+ <ti>ASCII, 7-bit clean</ti> |
84 |
+ </tr> |
85 |
+ <tr> |
86 |
+ <ti><e>initials</e></ti> |
87 |
+ <ti>recruiters</ti> |
88 |
+ <ti>real name of developer</ti> |
89 |
+ <ti>single, required</ti> |
90 |
+ <ti>UTF-8</ti> |
91 |
+ </tr> |
92 |
+ <tr> |
93 |
+ <ti><e>loginShell</e></ti> |
94 |
+ <ti>user</ti> |
95 |
+ <ti>login shell, change with <e>chsh</e></ti> |
96 |
+ <ti>single, required</ti> |
97 |
+ <ti>ASCII</ti> |
98 |
+ </tr> |
99 |
+ <tr> |
100 |
+ <ti><e>userPassword</e></ti> |
101 |
+ <ti>user</ti> |
102 |
+ <ti>password, change with <e>passwd</e> ONLY</ti> |
103 |
+ <ti>single, required</ti> |
104 |
+ <ti>ASCII, hashed</ti> |
105 |
+ </tr> |
106 |
+</table> |
107 |
+ |
108 |
</body> |
109 |
</section> |
110 |
<section> |
111 |
@@ -386,14 +441,14 @@ been retired: <e>gentooHerd/herd</e>, <e |
112 |
<p> |
113 |
These are the main concepts of the perl_ldap script used for user |
114 |
administration. Invoking <e>perl_ldap</e> without arguments shows a nice help. |
115 |
-Your own dev.gentoo.org password is asked when binding. |
116 |
+Your own LDAP password is required when binding. |
117 |
</p> |
118 |
|
119 |
<p> |
120 |
The script is the infra supported method for managing entries, nothing prevents |
121 |
you from using any LDAP browser you like for modifying your attributes. If you |
122 |
like to use something else, ask infra for connection details but keep in mind |
123 |
-that we won't support and/or troubleshoot other browsers issues. |
124 |
+that we won't support and/or troubleshoot other browser's issues. |
125 |
</p> |
126 |
|
127 |
<p> |
128 |
@@ -472,6 +527,18 @@ Only replace <username>, not "user |
129 |
# <i>perl_ldap -b user -E sshPublicKey "$(cat oldpubkey)" <username></i> |
130 |
</pre> |
131 |
|
132 |
+<pre caption="Change your LDAP password"> |
133 |
+<comment>To change your password, simply use the normal <i>passwd</i> command on any LDAP-enabled server.</comment> |
134 |
+<comment><b>Do not use perl_ldap to change your password, as it does not perform any password hashing.</b></comment> |
135 |
+# <i>passwd</i> |
136 |
+</pre> |
137 |
+ |
138 |
+<pre caption="Change your login shell"> |
139 |
+<comment>To change your password, simply use the normal <i>chsh</i> command on any LDAP-enabled server.</comment> |
140 |
+<comment><b>If you want to use a shell other than bash, ask infra about it's availability on other machines</b></comment> |
141 |
+# <i>chsh</i> |
142 |
+</pre> |
143 |
+ |
144 |
</body> |
145 |
</section> |
146 |
<section> |
147 |
@@ -569,7 +636,7 @@ infra-cvsadmin.group, infra-system.group |
148 |
|
149 |
<ul> |
150 |
<li>Master LDAP Server - ldap1.gentoo.org</li> |
151 |
- <li>Slave LDAP Server - ldap2.gentoo.org</li> |
152 |
+ <li>Slave LDAP Server - ldap2.gentoo.org (presently a CNAME to ldap1)</li> |
153 |
<li>Slave LDAP Server - ldap3.gentoo.org</li> |
154 |
<li>Slave LDAP Server - ldap4.gentoo.org</li> |
155 |
<li><uri link="http://www.tldp.org/HOWTO/html_single/LDAP-HOWTO">LDAP HOWTO</uri></li> |