LDAP user mapping
Overview
For the ultimate in flexibility, Zeus Server can be configured to query an external LDAP server to perform the mapping from ~username to a physical location on disk. For more information about LDAP, check out these resources:Configuration
LDAP servers can be specified on the path mapping module configuration page.
If an LDAP URL is supplied in the LDAP URL field, the server will use that LDAP URL to perform the mapping of ~username to physical homedirectory for that website.
The LDAP URL can contain $u, which will be expanded at run-time to the username in question. E.g. a simple LDAP url would be:
ldap://localhost/o=Zeus Technology, c=UK?homedir?sub?cn=$uThis URL specifies that the webserver should contact the LDAP server on the local machine, and try to find an entry under the o=Zeus Technology, c=UK basedn which has a common name of $u, which is expanded to the username in question. For example, for the URL http://www.foo.com/~damian%20reeves/, $u would get expanded to damian reeves.Advanced settings
Nested Queries
Two LDAP URLs may be supplied to perform the homedirectory translation. A second URL may be provided which performs another search based on the results of the first search, this allows nested queries to be performed.For example, imagine an LDAP setup where by first the username is resolved by an initial LDAP query to some unique 'controlcode'. A second LDAP query is then required to map that controlcode onto a homedirectory.
An example setup for the LDAP server would be:
dn: o=Zeus Technology, c=UK o: Zeus Technology objectclass: organization dn: ou=Users By Name, o=Zeus Technology, c=UK ou: Users By Name objectclass: orgunit dn: login=Damian Reeves, ou=Users By Name, o=Zeus Technology, c=UK login: Damian Reeves domain: foo.com controlcode: 43 objectclass: person dn: ou=Users By Uid, o=Zeus Technology, c=UK ou: Users by Uid objectclass: orgunit dn: controlcode=43, ou=Users By Uid, o=Zeus Technology, c=UK controlcode: 43 homedir: damian objectclass: personuidIn this case, the first LDAP URL would be a query to map the username into a controlcode. This URL would be:ldap://localhost/ou=Users By Name, o=Zeus Technology, c=UK?controlcode?sub?(&(login=$u)(domain=foo.com))
Then a second URL query is used to perform the mapping from controlcode to homedirectory. This URL would be:
ldap://localhost/ou=Users By Uid, o=Zeus Technology, c=UK?homedir?sub?(controlcode=$r)
As you can see, the second URL contains the special $r code which expands to the result of the first LDAP URL query.
Authentication
A binddn & password may be supplied to allow the webserver to authenticate itself to the LDAP server is required.Cache TTL
LDAP lookups can take some time, so the webserver will cache the results of LDAP lookups for some time-period, called the Time-To-Live, or TTL period. This period is configurable by altering the Cache TTL setting. Higher values will offer better performance and less load on your LDAP server.