mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Make examples in ldap chapter consistent (#1495)

Browse source
This commit is contained in:
Firstyear 2023-03-28 09:10:54 +10:00 committed by GitHub
parent 4718f2dc6b
commit 26b233acc0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
book/src/integrations/ldap.md
View file

@ -133,8 +133,8 @@ ldapwhoami -H ldaps://idm.example.com -x -D "dn=token" -w "..."
## Example ## Example
Given a default install with domain "example.com" the configured LDAP DN will be Given a default install with domain "idm.example.com" the configured LDAP DN will be
"dc=example,dc=com". "dc=idm,dc=example,dc=com".
```toml ```toml
# from server.toml # from server.toml
@ -146,19 +146,19 @@ This can be queried with:
```bash ```bash
LDAPTLS_CACERT=ca.pem ldapsearch \ LDAPTLS_CACERT=ca.pem ldapsearch \
-H ldaps://127.0.0.1:3636 \ -H ldaps://127.0.0.1:3636 \
-b 'dc=example,dc=com' \ -b 'dc=idm,dc=example,dc=com' \
-x '(name=test1)' -x '(name=test1)'
# test1@example.com, example.com # test1@example.com, idm.example.com
dn: spn=test1@example.com,dc=example,dc=com dn: spn=test1@idm.example.com,dc=idm,dc=example,dc=com
objectclass: account objectclass: account
objectclass: memberof objectclass: memberof
objectclass: object objectclass: object
objectclass: person objectclass: person
displayname: Test User displayname: Test User
memberof: spn=group240@example.com,dc=example,dc=com memberof: spn=group240@idm.example.com,dc=idm,dc=example,dc=com
name: test1 name: test1
spn: test1@example.com spn: test1@idm.example.com
entryuuid: 22a65b6c-80c8-4e1a-9b76-3f3afdff8400 entryuuid: 22a65b6c-80c8-4e1a-9b76-3f3afdff8400
``` ```
@ -172,21 +172,21 @@ the object listed above (if it was a POSIX account, that is).
```bash ```bash
ldapwhoami ... -x -D 'name=test1' ldapwhoami ... -x -D 'name=test1'
ldapwhoami ... -x -D 'spn=test1@example.com' ldapwhoami ... -x -D 'spn=test1@idm.example.com'
ldapwhoami ... -x -D 'test1@example.com' ldapwhoami ... -x -D 'test1@idm.example.com'
ldapwhoami ... -x -D 'test1' ldapwhoami ... -x -D 'test1'
ldapwhoami ... -x -D '22a65b6c-80c8-4e1a-9b76-3f3afdff8400' ldapwhoami ... -x -D '22a65b6c-80c8-4e1a-9b76-3f3afdff8400'
ldapwhoami ... -x -D 'spn=test1@example.com,dc=example,dc=com' ldapwhoami ... -x -D 'spn=test1@idm.example.com,dc=idm,dc=example,dc=com'
ldapwhoami ... -x -D 'name=test1,dc=example,dc=com' ldapwhoami ... -x -D 'name=test1,dc=idm,dc=example,dc=com'
``` ```
Most LDAP clients are very picky about TLS, and can be very hard to debug or display errors. For Most LDAP clients are very picky about TLS, and can be very hard to debug or display errors. For
example these commands: example these commands:
```bash ```bash
ldapsearch -H ldaps://127.0.0.1:3636 -b 'dc=example,dc=com' -x '(name=test1)' ldapsearch -H ldaps://127.0.0.1:3636 -b 'dc=idm,dc=example,dc=com' -x '(name=test1)'
ldapsearch -H ldap://127.0.0.1:3636 -b 'dc=example,dc=com' -x '(name=test1)' ldapsearch -H ldap://127.0.0.1:3636 -b 'dc=idm,dc=example,dc=com' -x '(name=test1)'
ldapsearch -H ldap://127.0.0.1:3389 -b 'dc=example,dc=com' -x '(name=test1)' ldapsearch -H ldap://127.0.0.1:3389 -b 'dc=idm,dc=example,dc=com' -x '(name=test1)'
``` ```
All give the same error: All give the same error: