~drizzle-trunk/drizzle/development : contents of plugin/auth_ldap/schema/README.auth

~drizzle-trunk/drizzle/development : (revision 2433)

These are the first draft of LDAP schema attributes for drizzle to do MySQL authentication.  Additional attributes needed to be added for MySQL authentication because of the way MySQL does authentication.


Explanation of schema

Objectclass: drizzleUser
    This is used to identify a user can be used for drizzle authentication module.  This object class can have drizzleUserMysqlPassword attribute. Search filter should be "(objectclass=drizzleUser)".


Attribute: drizzleUserMysqlPassword
    Used to store the MySQL sha1(sha1) hash of the users password, it is required that the LDAP object have the drizzleUser objectclass.  Also this attribute must be readable by the user that drizzle is using to access the LDAP server.  Unfortunately the way that MySQL authentication is written the password hash has to be readable by the server.


Schema and ldif files are located in the server specific directories. 

drizzle_create_ldap_user:

    This is a script to quickly generate users for testing the drizzle mysql ldap authentication module.  Note this is not the de facto way of doing things more of just a quick start example.

./drizzle_create_ldap_user -h 
    This will output help on how to use the file.

Example:
./drizzle_create_ldap_user -p pass -b <drizzle installdir>/bin/drizzle_password_hash -u user -n 1 -l "ou=people,dc=drizzle,dc=org"

Will output:

dn: uid=user0,ou=people,dc=drizzle,dc=org
objectclass: top
objectclass: posixAccount
objectclass: account
objectclass: drizzleUser
drizzleUserMysqlPassword: 196BDEDE2AE4F84CA44C47D54D78478C7E2BD7B7
uidNumber: 500
gidNumber: 500
uid: user0
homeDirectory: /home/user0
loginshell: /sbin/nologin
userPassword: pass
cn: user0


1523.1.1 by Edward "Koko" Konetzko check in first version of the schema for plugin auth_ldap	1	These are the first draft of LDAP schema attributes for drizzle to do MySQL authentication. Additional attributes needed to be added for MySQL authentication because of the way MySQL does authentication.
	2
	3
	4	Explanation of schema
	5
	6	Objectclass: drizzleUser
	7	This is used to identify a user can be used for drizzle authentication module. This object class can have drizzleUserMysqlPassword attribute. Search filter should be "(objectclass=drizzleUser)".
	8
	9
	10	Attribute: drizzleUserMysqlPassword
	11	Used to store the MySQL sha1(sha1) hash of the users password, it is required that the LDAP object have the drizzleUser objectclass. Also this attribute must be readable by the user that drizzle is using to access the LDAP server. Unfortunately the way that MySQL authentication is written the password hash has to be readable by the server.
	12
	13
	14	Schema and ldif files are located in the server specific directories.
	15
2426.3.1 by Henrik Ingo This does 2 things:	16	drizzle_create_ldap_user:
1523.1.1 by Edward "Koko" Konetzko check in first version of the schema for plugin auth_ldap	17
	18	This is a script to quickly generate users for testing the drizzle mysql ldap authentication module. Note this is not the de facto way of doing things more of just a quick start example.
	19
2426.3.1 by Henrik Ingo This does 2 things:	20	./drizzle_create_ldap_user -h
1523.1.1 by Edward "Koko" Konetzko check in first version of the schema for plugin auth_ldap	21	This will output help on how to use the file.
	22
	23	Example:
2426.3.1 by Henrik Ingo This does 2 things:	24	./drizzle_create_ldap_user -p pass -b <drizzle installdir>/bin/drizzle_password_hash -u user -n 1 -l "ou=people,dc=drizzle,dc=org"
1523.1.1 by Edward "Koko" Konetzko check in first version of the schema for plugin auth_ldap	25
	26	Will output:
	27
	28	dn: uid=user0,ou=people,dc=drizzle,dc=org
	29	objectclass: top
	30	objectclass: posixAccount
	31	objectclass: account
	32	objectclass: drizzleUser
	33	drizzleUserMysqlPassword: 196BDEDE2AE4F84CA44C47D54D78478C7E2BD7B7
	34	uidNumber: 500
	35	gidNumber: 500
	36	uid: user0
	37	homeDirectory: /home/user0
	38	loginshell: /sbin/nologin
	39	userPassword: pass
	40	cn: user0
	41