OpenSCADA

Modules/LDAP

English • ‎mRussian • ‎Українська
Module Name Version License Source Languages Platforms Type Author
LDAP Directory by LDAP 0.6 GPL2 bd_LDAP.so en,uk,ru,de x86,x86_64,ARM DB Roman Savochenko
Description
BD module. Provides support of directories by LDAP.
  • Total complexity: 1.9 HD[!]
  • Sponsored by, for initial implementation on 1.7 HD[!]: Alexander Kolesov, BIOCAD, 2017
  • To Do:
- expand the authentication mechanism by the storage functions (the DB object), that is virtual functions to TBD:
  • auth() — direct checking the user authentication, through "bind" or ldap_whoami();
  • passHash() — obtaining the password hash, to comparing, if auth() is missed, and changing the password by the function ldap_passwd() or see to the utility slappasswd.
- expand the "OSCADA-user" scheme:
  • set the password field "PASS" as a synonym of "userPassword";
  • make the own scheme dependent from "simpleSecurityObject";
  • check of working with the field-type "userPassword".

The module gives to OpenSCADA support of directories by Lightweight Directory Access Protocol (LDAP). The module is based on the OpenLDAP library on the programming language "C". Due conceptual difference the directory service from data bases (DB) the module allows you to perform mostly reading and modification entries represented as tables' records in the DB conception.

Directory service or name service maps the names of network resources to their respective network addresses. It is a shared information infrastructure for locating, managing, administering and organizing everyday items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. A common use of LDAP is to provide a central place to store usernames and passwords. This allows many different applications and services to connect to the LDAP server to validate users. The protocol provides an interface with directories that follow the 1993 edition of the X.500 model:

Contents

1 Operations over the database

The module provides only opening database (representing in that way of a base entry) operation. In terms of the subsystem "DB" of OpenSCADA, opening of a DB is its registration for further using of the program. It also supports the operation of requesting the list of tables in the database.

LDAP database (connection) is addressed in the following format "ldap[s]://{host}[:{port}];bdn[;{adn};{pass}[;{tm}]]", where:

2 Operations over the table

The operations of opening and closing of the table (representing in that way of an entry into the base entry) only are supported. As a table is considered to be elements with existing the attribute "ou" (usually it is the object class "organizationalUnit") that are included in the base element.

3 Operations over the table content

API of the subsystem "DB" suppose the access to the contents of the table on the value of key(s) fields. Thus, the operation of requesting of the record implies the preset of key columns of the object TConfig, which will do the request. Creating a new record (row) is performed by setting the record values that are missing.

Before setting any value, the module loads the current value, compares them and then sends only the changed value.

The module currently does not differentiate the attribute types of the elements and considers all of their as strings.

To perform all this operations for the OpenSCADA nodes you need to create, load and use of the specific schemes of this nodes to the directory server. All known schemes of the OpenSCADA nodes provided into the followed table:

OpenSCADA node Value of the Organizational Unit "ou" (table name) Structure Scheme, auxiliaries mostly
User ou=Security_user NAME, DESCR, LONGDESCR, PASS, LANG, PICTURE OSCADA-user
Users group ou=Security_grp NAME, DESCR, LONGDESCR, USERS OSCADA-grp

A subtree of LDAP entries of the typical tables of users and their groups looks like:

4 Access rights

Access rights to the database are determined by the user rights of the connection.

Modules/LDAP/en - GFDLMay 2024OpenSCADA 0.9.7