Operations grimoire/LDAP
From Nasqueron Agora
This page discusses future LDAP implementation.
Goals
- Foundation of a SSO, source of truth for internal credentials, especially if we use Keycloak
- Allow applications to check credentials
Products to evaluate
- 389 Directory Server
- OpenLDAP
- directly slapd
Schema
The page wolfplex:OID defines a class inetWolf, to add properties in addition to inetOrgPerson class. We can follow that schema.
If we need to define custom LDAP elements, we can use the following OIDs:
| Defined in project | Type | OID |
|---|---|---|
| Wolfplex | Classes | 1.3.6.1.4.1.37822.1.1. |
| Wolfplex | Attributes | 1.3.6.1.4.1.37822.1.2. |
| Nasqueron | Classes | 1.3.6.1.4.1.60024.1.1. |
| Nasqueron | Attributes | 1.3.6.1.4.1.60024.1.2. |
Attributes should be added to inetWolf and wolf schemas, as long as possible.
If we need something Nasqueron-specific, create a class nasquenaute under 1.3.6.1.4.1.60024.1.1.1 and add specific attributes there. The nasquenaute class would extend the class inetWolf.
