Philippe Caseiro
1eb5faaa82
|
||
|---|---|---|
| creolefuncs | ||
| diagnose | ||
| dicos | ||
| posttemplate | ||
| tmpl | ||
| LICENSE | ||
| Makefile | ||
| README.md | ||
| apps.mk | ||
| eole-lemonldap.mk | ||
| eole.mk | ||
README.md
eole-lemonldap
LemonLDAP::NG EOLE integration
Howto
Repository configuration
- Add the lemonldap-ng deb respository we need the last version of LemonLDAP.
GenConfig -> Mode Expert -> Dépôts tiers -> Libellé du dépôt
LemonLDAP::NG repository
- deb https://lemonldap-ng.org/deb stable main
- deb-src https://lemonldap-ng.org/deb stable main
- Key URL : https://lemonldap-ng.org/_media/rpm-gpg-key-ow2
Cadoles Repository
- deb [ arch=all ] https://vulcain.cadoles.com 2.6.2-dev main
- Key URL : https://vulcain.cadoles.com/cadoles.gpg
Install packages
apt update apt install eole-lemonldap
Configure LemonLDAP in GenConfig
- Enable lemonldap in "Services" tab
Gen_Config -> Services -> Activer LemonLDAP::NG -> "Oui"
- Fill LemonLDAP configuration
Configuration DNS
GenConfig -> Lemonldap -> Nom DNS du manager LemonLDAP-NG GenConfig -> Lemonldap -> Nom DNS du service d'authentification LemonLDAP-NG
Configuration LDAP
GenConfig -> Lemonldap -> Protocole LDAP à utiliser GenConfig -> Lemonldap -> Adresse du Serveur LDAP utilisé par LemonLDAP::NG GenConfig -> Lemonldap -> Port d'écoute du LDAP utilisé par LemonLDAP::NG GenConfig -> Lemonldap -> Base DN des utilisateurs dans l'annuaire GenConfig -> Lemonldap -> Utilisateur de connection à l'annuaire (DN ex: cn=reader,o=gouv,c=fr) GenConfig -> Lemonldap -> Mot de passe de l'utilisateur de connection à l'annuaire
Configuration CAS
Add your CAS attributes mapping (default)
uid = uid mail = mail
GenConfig -> Lemonldap -> Nom de l'attribut CAS GenConfig -> Lemonldap -> Attribut LDAP équivalent
SSL issues
If you use "autosign" certificates you need to add the "manager" and "auth" service names to the alternative names. You also need to include "reload" service name (available in GenConfig -> Mode Expert -> Lemonldap -> Nom DNS du service Reload de LemonLDAP-NG)
GenConfig -> Mode Expert -> Certificats ssl -> Nom Alternatif de la machine (SubjectAltName)
If you use "manual" certificates make sure this names are covered by your SSL Certificate
If you use "letsencrypt" mode you also need to add this names to the let'sencrypt request:
GenConfig -> Mode Expert -> Certificat ssl -> Nom de domaines supplémentaires