LDAP client library for tarantool¶

This library allows you to authenticate in a LDAP server and perform searches.

Usage example with OpenLDAP library¶

OpenLDAP – an open-source implementation of LDAP. A complex one and not very fun to deal with. However, it should meet the full LDAP standard.

Install OpenLDAP¶

Centos 7¶

yum install -y openldap*

slapd server will be available in $PATH and can be started right away.

Centos 8¶

There is no package for Centos 8, you will have to build it from scratch.

Full process is described here: https://kifarunix.com/install-and-setup-openldap-on-centos-8/

MacOS¶

brew install openldap

slapd server will be in /usr/local/opt/openldap/libexec/ and must be added to $PATH in order to continue.

Running tests on OpenLDAP¶

There are scripts ready for such a task.

Run test/prepare.sh to setup a virtualenv and create SSL certificates & keys.
Start slapd with test/openldap/start_slapd.sh. This will:
- create a slapd.conf config file according to your environment;
- start a slapd process in the background;
- populate the LDAP database with the contents of test/openldap/database.ldif file.
Run tarantool test.lua

Usage example with `glauth` (a simple LDAP server)¶

First, download glauth, a simple Go-based LDAP server using the following commands:

cd test/glauth
./glauth/download_glauth.sh

Then run glauth:

./glauth -c glauth_test.cfg

Then run the following tarantool script in a separate terminal

#!/usr/bin/env tarantool

local ldap = require('ldap')
local yaml = require('yaml')

local user = "cn=johndoe,ou=superheros,dc=glauth,dc=com"
local password = "dogood"

local ld = assert(ldap.open("localhost:3893", user, password))

local iter = assert(ldap.search(ld,
    {base="dc=glauth,dc=com",
     scope="subtree",
     sizelimit=10,
     filter="(objectclass=*)"}))

for entry in iter do
    print(yaml.encode(entry))
end

Usage ldap for authorization in the web interface¶

See this doc page.

Version: