LDAP client library for tarantool | Enterprise

Version:

latest
Tarantool
Check out the new release policy
Modules reference ldap LDAP client library for tarantool

LDAP client library for tarantool

This library allows you to authenticate in a LDAP server and perform searches.

Usage example with OpenLDAP library

OpenLDAP – an open-source implementation of LDAP. A complex one and not very fun to deal with. However, it should meet the full LDAP standard.

Install OpenLDAP

Centos 7

yum install -y openldap*

slapd server will be available in $PATH and can be started right away.

Centos 8

There is no package for Centos 8, you will have to build it from scratch.

Full process is described here: https://kifarunix.com/install-and-setup-openldap-on-centos-8/

MacOS

brew install openldap

slapd server will be in /usr/local/opt/openldap/libexec/ and must be added to $PATH in order to continue.

Running tests on OpenLDAP

There are scripts ready for such a task.

  1. Run test/prepare.sh to setup a virtualenv and create SSL certificates & keys.

  2. Start slapd with test/openldap/start_slapd.sh. This will:

    • create a slapd.conf config file according to your environment;
    • start a slapd process in the background;
    • populate the LDAP database with the contents of test/openldap/database.ldif file.
  3. Run tarantool test.lua

Usage example with glauth (a simple LDAP server)

First, download glauth, a simple Go-based LDAP server using the following commands:

cd test/glauth
./glauth/download_glauth.sh

Then run glauth:

./glauth -c glauth_test.cfg

Then run the following tarantool script in a separate terminal

#!/usr/bin/env tarantool

local ldap = require('ldap')
local yaml = require('yaml')

local user = "cn=johndoe,ou=superheros,dc=glauth,dc=com"
local password = "dogood"

local ld = assert(ldap.open("localhost:3893", user, password))

local iter = assert(ldap.search(ld,
    {base="dc=glauth,dc=com",
     scope="subtree",
     sizelimit=10,
     filter="(objectclass=*)"}))

for entry in iter do
    print(yaml.encode(entry))
end

Usage ldap for authorization in the web interface

See this doc page.