Expose the Internal LDAP in Gluu v3.0.1 to external applications

By: Abdulrazaq Adams user 05 May 2017 at 1:44 a.m. CDT

3 Responses
Abdulrazaq Adams gravatar
I followed the example in the link attached to this ticket but I d not understand how to "add ACI's to allow this user to perform search operations (to find the DN of the entry to BIND)". Also, please could you give me the default values to use for ldap server address (would this be the internet reachable address or local IP address?), the ldap server port, ldap binddn, ldap base, ldap filter (please I'll need one to be able to read all users and groups by default; and also how to read specific groups). Thanks a bunch.
OS Version : N/A
closed

Answers

By Aliaksandr Samuseu staff 05 May 2017 at 4:55 a.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Abdulrazaq. >I d not understand how to "add ACI's to allow this user to perform search operations (to find the DN of the entry to BIND)" This question is not related directly to Gluu itself, and I don't think somebody has tried it in Gluu CE 3.x yet (which is now using OpenLDAP instead of OpenDJ), so can't refer you to a ticket providing exact steps. You will need to check [OpenLDAP's documentation](https://www.openldap.org/doc/admin24/) and find out for yourself how to do it. You also have an option to use default root user of the directory for searches done by your external apps, though it's a bit more insecure approach. In that case your bind credentials will be `cn=directory manager,o=gluu`, plus your default admin password (the one you use to log in to web UI). For LDAP base you could use the root `o=gluu`, or you could first search for `ou=people` and `ou=groups` branches, where all user entries are stored, and use their DNs as bases. Please study directory's structure with some GUI browser tool, like **jxplorer**, to understand its composition. Your other questions touch different basic linux administration tasks. In general, we expect that our users are familiar with basic administration procedures, those are not usually covered by free community support. If you would like to benefit from a more engaged assistance from us, you could consider buying a paid support plan.

By Aliaksandr Samuseu staff 05 May 2017 at 5:01 a.m. CDT

Copy
Aliaksandr Samuseu gravatar
Please also note that by default OpenLDAP listens on loopback (ip 127.0.0.1) interface of the host in Gluu. To make it accessible from outside you need to make it listen on some external interface, or on all of them. The latter is done by editing next line in `/opt/symas/etc/openldap/symas-openldap.conf`: ``` HOST_LIST="ldaps://127.0.0.1:1636/" ``` ..to look like ``` HOST_LIST="ldaps://0.0.0.0:1636/" ``` Or you can use a specific ip instead of `0.0.0.0` You also need to make sure that nothing hinders connectivity for apps accessing those listening ports (firewall, NAT etc).

By Michael Schwartz Account Admin 07 May 2017 at 2:52 p.m. CDT

Copy
Michael Schwartz gravatar
This seems to be a question about OpenLDAP. Perhaps you should post to their mailing list. You can also purchase support from Symas on OpenLDAP.

Post an answer