LDAP

From London Hackspace Wiki
Revision as of 17:26, 15 September 2014 by JasperWallace (talk | contribs) (lets do ldap)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

LDAP

Although the hackspace has had babbage for ages we've not had any kind of connection between the membership db on turing and babbage, or anything else. Additionally there are loads of neat things we could be doing if we had a membership db we could get at in software, like spacefed.

This page documents our attempts to make LDAP work, and how to use it.

N.B. LDAP is not yet live, please discuss this on #london-hack-space-infrastructure on freenode, or on the mailing list

FAQ

I don't care about babbage or spacefed and just want to use the workshops at the hackspace, can I ignore this LDAP thing?

Yes.

Why do we have to have an NTLMv2 hash?

It's needed for EAP-MSCHAPv2 for spacenet, apparently only that and EAP-TLS work with windows.

We may also need it if we want per user samba shares.

Adding client certificate support would be good for a number of reasons, patches welcome.

Why is the NTLMv2 hash so bad?

The hash it uses is not very good: MD4, and just hashes the password (i.e., no salt), this means that if someone hacks the ldap server and gets a list of hashes then it's trivial to use an offline dictionary of hashed password (aka a rainbow table) to find peoples passwords.

I use the same password everywhere should I use it for the SSHA and NTLM hash's?

No!

Please look into getting a password manager (keepassx works for me), and use the password managers 'generate' function to generate a random password.