Difference between revisions of "Cool Solution - LDAP search user / simple authentication account"

From Univention Wiki

Jump to: navigation, search
Line 4: Line 4:
 
For security reasons we recommend to create a '''simple authentication user''', which can only read LDAP entries.
 
For security reasons we recommend to create a '''simple authentication user''', which can only read LDAP entries.
  
First things first you go to the UMC and open the Users module and a new user. Klick on '''Advanced''' in the new Window.
+
First things first you go to the UMC and open the Users module and add a new user. Klick on '''Advanced''' in the new Window.
 
[[File:LDAP search user1.png|400px|thumb|center| This site shows you the advanced settings of a user creation]]
 
[[File:LDAP search user1.png|400px|thumb|center| This site shows you the advanced settings of a user creation]]
  

Revision as of 12:59, 14 April 2016

Produktlogo UCS Version 4.1

Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.

Also regard the legal notes at Terms of Service.
Note: This article is not yet reviewed.


For security reasons we recommend to create a simple authentication user, which can only read LDAP entries.

First things first you go to the UMC and open the Users module and add a new user. Klick on Advanced in the new Window.

This site shows you the advanced settings of a user creation


Fill out all neccessary text fields (lastname, username and a safety password) and go to the "Option" tab. Untag all checkboxes except "simple authentication".

Untag all checkboxes except simple authentication


With the help of the command line you can check, if the created user is qualified to read the LDAP entries. Execute the following command:

univention-ldapsearch -LLL -D uid=<LDAP user>,cn=users,dc=example,dc=com -W

Enter the password of the LDAP user. After that, the LDAP entries should be read by the LDAP user.

Personal tools