LDAP structure Example for Kimai and OpenLDAP
You are viewing an older version of this documentation page. A newer version is available here.
This is an example LDAP data structure, which was used for testing the Kimai LDAP integration with Kimai 1.18 and 2.0.
It demonstrates a possible setup and the matching LDAP connection configuration.
Creating the structure files
Create the file ou-root.ldiff
and add this:
dn:dc=kimai,dc=org
objectClass:dcObject
objectClass:organizationalUnit
dc:kimai
ou:KIMAI
Create the file ou-users.ldiff
and add this:
dn: ou=users,dc=kimai,dc=org
objectClass: organizationalUnit
ou: users
Create the file ou-groups.ldiff
and add this:
dn: ou=groups,dc=kimai,dc=org
objectClass: organizationalUnit
ou: groups
The hashed password {SSHA}+/Ir5pqpe09B07Xz8IT5AS+swJ5s29QS
from the following files are in plain text kitten
.
Create the file user-user.ldiff
and add this:
dn: uid=user-ldap,ou=users,dc=kimai,dc=org
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: user-ldap
sn: LDAP-User
givenName: LDAP-User Example
cn: user-ldap
displayName: LDAP User (User)
mail: user-ldap@example.com
userPassword: {SSHA}+/Ir5pqpe09B07Xz8IT5AS+swJ5s29QS
Create the file teamlead-user.ldiff
and add this:
dn: uid=teamlead-ldap,ou=users,dc=kimai,dc=org
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: teamlead-ldap
sn: LDAP-Teamlead
givenName: LDAP-Teamlead Example
cn: teamlead-ldap
displayName: LDAP User (Teamlead)
mail: teamlead-ldap@example.com
userPassword: {SSHA}+/Ir5pqpe09B07Xz8IT5AS+swJ5s29QS
Create the file teamlead-group.ldiff
and add this:
dn: cn=teamlead,ou=groups,dc=kimai,dc=org
objectClass: top
objectClass: groupOfNames
cn: Teamleads
member: uid=teamlead-ldap,ou=users,dc=kimai,dc=org
Create the file admin-user.ldiff
and add this:
dn: uid=admin-ldap,ou=users,dc=kimai,dc=org
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: admin-ldap
sn: LDAP-Administrator
givenName: LDAP-Admin Example
cn: admin-ldap
displayName: LDAP User (Administrator)
mail: admin-ldap@example.com
userPassword: {SSHA}+/Ir5pqpe09B07Xz8IT5AS+swJ5s29QS
Create the file admin-group.ldiff
and add this:
dn: cn=admin,ou=groups,dc=kimai,dc=org
objectClass: top
objectClass: groupOfNames
cn: Admins
member: uid=admin-ldap,ou=users,dc=kimai,dc=org
Create the file super-user.ldiff
and add this:
dn: uid=super-ldap,ou=users,dc=kimai,dc=org
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: super-ldap
sn: LDAP-SuperAdmin
givenName: LDAP-Teamlead Example
cn: super-ldap
displayName: LDAP User (Super-Admin)
mail: super-ldap@example.com
userPassword: {SSHA}+/Ir5pqpe09B07Xz8IT5AS+swJ5s29QS
Create the file super-group.ldiff
and add this:
dn: cn=super,ou=groups,dc=kimai,dc=org
objectClass: top
objectClass: groupOfNames
cn: Super-Admins
member: uid=super-ldap,ou=users,dc=kimai,dc=org
Importing the data
ldapadd -D "cn=admin,dc=kimai,dc=org" -W -x -f ou-root.ldif
ldapadd -D "cn=admin,dc=kimai,dc=org" -W -x -f ou-users.ldiff
ldapadd -D "cn=admin,dc=kimai,dc=org" -W -x -f ou-groups.ldiff
ldapadd -D "cn=admin,dc=kimai,dc=org" -W -x -f user-user.ldiff
ldapadd -D "cn=admin,dc=kimai,dc=org" -W -x -f teamlead-user.ldiff
ldapadd -D "cn=admin,dc=kimai,dc=org" -W -x -f teamlead-group.ldiff
ldapadd -D "cn=admin,dc=kimai,dc=org" -W -x -f admin-user.ldiff
ldapadd -D "cn=admin,dc=kimai,dc=org" -W -x -f admin-group.ldiff
ldapadd -D "cn=admin,dc=kimai,dc=org" -W -x -f super-user.ldiff
ldapadd -D "cn=admin,dc=kimai,dc=org" -W -x -f super-group.ldiff
The local.yaml settings
kimai:
ldap:
activate: true
connection:
host: 127.0.0.1
user:
baseDn: ou=users, dc=kimai, dc=org
attributes:
- { ldap_attr: uid, user_method: setUsername }
- { ldap_attr: givenName, user_method: setAlias }
- { ldap_attr: mail, user_method: setEmail }
role:
baseDn: ou=groups, dc=kimai, dc=org
filter: (&(objectClass=groupOfNames)(|(cn=Admins)(cn=Super-Admins)(cn=Teamleads)))
userDnAttribute: member
usernameAttribute: dn
groups:
- { ldap_value: Teamleads, role: ROLE_TEAMLEAD }
- { ldap_value: Admins, role: ROLE_ADMIN }
- { ldap_value: Super-Admins, role: ROLE_SUPER_ADMIN }
Tips and Tricks
Some very basic infos for novice OpenLDAP users.
Links:
- https://github.com/IntersectAustralia/acdata/wiki/Setting-up-OpenLDAP
- http://blog.facilelogin.com/2012/05/setting-up-openldap-under-mac-os-x.html
- https://docs.kanboard.org/en/latest/admin_guide/ldap_examples.html
Create password:
slappasswd
Run OpenLDAP:
/usr/libexec/slapd -d3
Edit configuration:
vim /usr/local/etc/openldap/slapd.conf