Authentication and Authorization with LDAP (and Kerberos)
AKA: How organizational login systems work
Friday, October 1, 2021 · 4 - 6 PM
Hi everyone,
This meeting will be all about LDAP and how we can use it for authentication and authorization (particularly in Linux). In its most common usage, LDAP is basically how you access a database of all your organization's users. You know how when you use any UMBC system, anywhere (computer lab, myUMBC, email, GL, etc.), you can always log in using your UMBC username and password? LDAP is one way to achieve that kind of setup. (UMBC uses Kerberos, which we will touch on in the last ~30 minutes, but it won't be a main focus.)
We will be doing a workshop via the VPN. The current plan is that everyone will receive an individual LDAP server VM to play around with.
For participating in this workshop:
- Bring your laptops!
- Make sure you have a SAD Greenbank account, and test that it works by connecting to http://hello.greenbank.lan/ on the VPN. If you do not have an account or cannot connect, contact nbura1@umbc.edu before 3:30 PM tomorrow, or let us know on Discord.
- Install an LDAP client on your laptop. (Server not needed, just client.) We recommend one of the following:
Apache Directory Studio - Crossplatform
JXplorer - Crossplatform
LDAP Admin - Windows only
If you do not want to install stuff locally, we can probably clone you a GUI box on Proxmox (or you can just use the LDAP CLI) but please let us know ahead of time on Discord.
You can, of course, come to the meeting without participating in the workshop, but it probably won't be as fun!
In the last 30 minutes of the meeting, we might also take some time to talk about what sort of server we're going to buy for next year, for anyone who isn't interested in the Kerberos stuff.
The meeting will, as always, be hybrid, meaning you can either attend in-person or virtually. If you're comfortable with
in-person, come to ILSB237 at 4PM. If you prefer to meet virtually, join the Jitsi room at 4PM: https://meet.jit.si/SADClubFall2021Hybrid
If you have any questions at all, feel free to email nbura1@umbc.edu or put a message in the Discord. Hope to see you all there!