mail us  |  mail this page

contact us
training  | 
tech stuff  | 

Chapter 5. OpenLDAP Samples

5.5 Single Sign On

Contents

5.1 Simple Directory

5.1.1 Designing the DIT
5.1.2 Select the STRUCTURAL objectClass
5.1.3 slapd.conf File
5.1.4 LDIF File
5.1.5 Loading the LDIF
5.1.6 Adding New Entries using LDIF
5.1.7 Modifying Entries using LDIF
5.1.8 Just Fooling Around

5.2 Securing the Directory

5.2.1 Security Policy
5.2.2 Adding Groups
5.2.3 ACL slapd.conf Access Definitions
5.2.4 Testing the ACL

5.3 Expanded Hierarchy

5.3.1 Requirement
5.3.2 Implementation
5.3.3 LDIF
5.3.4 ACL slapd.conf Access Definitions
5.3.5 Testing the ACL

5.4 Creating & Adding Objects

5.4.1 Requirement
5.4.2 Implementation
5.4.3 Attribute Definitions
5.4.4 objectClass & Schema Definition
5.4.5 ACL slapd.conf Access Definitions
5.4.6 LDIF
5.4.7 Testing the Changes

5.5 Single Sign On
5.6 Referral and Replication

5.5 Single Sign-On (SSO)

This chapter sets out to explore the holy grail of Single Sign On (SSO) capabilities in *nix systems and networks using OpenLDAP. The following matrix looks at the potential scope of SSO and whether it is either possible or desirable to provide SSO:

Function Account How OS Notes
System Unix pam_ldap.so
nss_ldap
Linux, FBSD5.x Access to Server facilities via logon (local or remote). FreeBSD 4.x does not support pam/NSS for system logon and hence it is not possible to use SSO for this function.
mail App courier-native Any Access to email - local and virtual users
ftp App ProFTP
mod_ldap
Any Access to private (non-anonymous) ftp services
network Unix Samba3 Any Access to network resources from Windows or OS desktops using either an NT or Samba (NT style) PDC. Requires Unix account.
web App Apache
mod_ldap
Any Access to Intranet or private web services for example WEBDAV

Notes:

Functional Requirement

We define the functional requirement for a single sign on (SSO) system which on its face may seem obvious but ...

Note: The OpenGroup consortium has an excellent introduction to this topic as part of its XSSO specification.

  1. A single user password to control access to all features allowed for the user or group of users. This does not necessarily imply that a single user password will allow access to all services but that the LDAP location where one or more passwords may be stored is accessible via single password. The user sees single sign-on even if different passwords are fed to different applications or sub-systems.

  2. A single location for administrators to control/define access to allowed features for each user or group of users.

  3. The ability to create, modify or delete users and user access rights.

One day real soon now™.

under construction

Up Arrow

Step 6 - Referral and Replication

Go to Arrow



Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.

Contents

tech info
guides home
intro
contents
1 objectives
big picture
2 concepts
3 ldap objects
quickstart
4 install ldap
5 samples
6 configuration
7 replica & refer
reference
8 ldif
9 protocol
10 ldap api
operations
11 howtos
12 trouble
13 performance
14 ldap tools
security
15 security
appendices
notes & info
ldap resources
rfc's & x.500
glossary
ldap objects
change log

Creative Commons License
This work is licensed under a Creative Commons License.

If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Firefox

Search

web zytrax.com

Share

share page via facebook tweet this page

Page

email us Send to a friend feature print this page Decrease font size Increase font size Display full width page

Resources

Systems

FreeBSD
NetBSD
OpenBSD
DragonFlyBSD
Linux.org
Debian Linux

Software

LibreOffice
OpenOffice
Mozilla
GitHub
GNU-Free SW Foundation
get-dns

Organizations

Open Source Initiative
Creative Commons

Misc.

Ibiblio - Library
Open Book Project
Open Directory
Wikipedia

Site

CSS Technology SPF Record Conformant Domain
Copyright © 1994 - 2017 ZyTrax, Inc.
All rights reserved. Legal and Privacy
site by zytrax
Hosted by super.net.sg
web-master at zytrax
Page modified: October 21 2015.