Changes between Version 1 and Version 2 of HBPHPCLDAP


Ignore:
Timestamp:
06/15/16 14:30:03 (8 years ago)
Author:
Carsten Karbach
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • HBPHPCLDAP

    v1 v2  
    1111Both protocols can be used for read and write access. The REST API is intended to be simpler to use, as it offers powerful dispatch commands, which combine multiple LDAP protocol operations in a single REST call. E.g. by calling the REST function {{{https://hbpacc.zam.kfa-juelich.de/hpcmanagement/v1/accounts?oidcid=123&action=create&project=bp01}}} a bp0-account is created for the user with oidcid 123 within project bp01. To achieve that with plain LDAP protocol, the people entry for that person needs to be searched, imported into the users branch and the new account needs to be stored as member of the project entry.
    1212
     13=== Trouble shooting ===
     14
     15==== Missing certificates for LDAP ====
     16If ldapsearch commands fail with the following error message:
     17{{{
     18ldap_start_tls: Can't contact LDAP server (-1)
     19        additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate in certificate chain)
     20}}}
     21Try to add the root certificate for our server certificate to the trusted certificates. The root certificate can be found at https://www.pki.dfn.de/fileadmin/PKI/zertifikate/deutsche-telekom-root-ca-2.pem
     22Download that certificate, then do the following:
     23{{{
     24export LDAPTLS_CACERT=/path/to/certificate/deutsche-telekom-root-ca-2.pem
     25ldapsearch -v -W -H ldaps://hbpacc.zam.kfa-juelich.de:636 -D o=FZJ,ou=sites,dc=hbp,dc=eu -b "ou=users,dc=hbp,dc=eu" uid
     26}}}
     27Afterwards, the LDAP commands should work.