This was a project at HSBXL. See other space projects.
If you want more info about this project, ask 'askarel'.


We have the following PEN from IANA:

This is based on previous work by TQ_Hirsh (EXPERIMENTAL) (LDAP) (LDAP Attribute type)

  1. x-hsbxl-pgpKey - PGP public key used for encrypted communications
  2. x-hsbxl-sponsorID - Sponsoring member
  3. x-hsbxl-membershipReason - Why you’re becoming a member
  4. x-hsbxl-sshPubKey - SSH public key

The following entries might be included in the definitive user schema

  1. x-hsbxl-membershipStructuredComm - Structured communication for membership payments
  2. x-hsbxl-membershipAccountId - Internal identifier for membership account
  3. x-hsbxl-drinksStructuredcomm - Structured communication for drink account
  4. x-hsbxl-drinksAccountId - Internal identifier for fridge account
  5. x-hsbxl-RFID-id - Access control token ID (LDAP Object class) (SNMP)

(todo) (Member-defined objects)

This arc is reserved for HSBXL member-defined attributes. To use it, get your uidNumber from our LDAP database, and append it to this OID. Anything defined below the resulting OID is up to you.


Your LDAP uidNumber is 4242. Your personal arc will then be

Your arc can then be subdivided as you like: (arc foo) (arc bar) (arc baz)

Getting started

root@xm1:~# apt-get install slapd ldap-utils migrationtools ldapscripts


Adding hosts

When you want to give shell access to a Linux desktop/server you install to HSBXL userbase, there are a few needed steps:

  • Request a machine account in the ou=machines,dc=hsbxl,dc=be organizational unit
  • apt-get install libpam-ldapd
    • Give the IP address of the LDAP server (currently
    • Give the base DN (dc=hsbxl,dc=be)
    • Say yes to all options
  • Edit /etc/pam.d/common-account and add the following line at the end:

session required skel=/etc/skel/ umask=0022

  • Edit the /etc/nslcd.conf file:
    • Verify that the server URI is correct:

uri ldap://

    • Add the machine account details

binddn uid=,ou=machines,dc=hsbxl,dc=be
ignorecase yes

  • Stop the nscd cache daemon (this is the cache daemon, and can get in the way during the testing phase)

/etc/init.d/nscd stop

  • Restart the nslcd daemon

/etc/init.d/nslcd restart

  • Use this command to see if you get more users than what’s defined in /etc/passwd:

getent passwd

  • If you get the user list from the LDAP server, your setup is working and you can restart the nscd daemon:

/etc/init.d/nscd start


Yes, sudo rights can be managed straight from the LDAP !

  • install sudo-ldap

apt-get install sudo-ldap

  • Edit the file /etc/sudo-ldap.conf:

URI ldap://

˅ Page changelog đŸ“–