Luma

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search

Luma is a Python & QT based graphical utility for managing data stored in LDAP servers. It can be used to edit the LDAP database on Einstein, including adding or deleting user accounts and groups. Luma has a modular structure and consists of several plugins that each provide different ways of working with LDAP. The two plugins we are primarily concerned with are Browser and User management.

Configuring Luma to work with Einstein

The following settings will enable you to access LDAP on Einstein with administrator privileges. I shouldn't have to tell you that this means you need to be EXTREMELY CAREFUL when accessing LDAP with these settings.

  • Start Luma and choose Settings -> Edit Server List.. (or press Ctrl+E). This should open the Server settings dialogue.
  • Click Add... and then enter a name for your connection into the prompt (I just use einstein.unh.edu). The new server should appear in the Server list after you click OK.
  • Click the server you just created to expand its options, and then select Network options.
  • Enter the following network settings (use the encrypted LDAP port for greater security):
    1. Hostname: einstein.unh.edu
    2. Port: 636
    3. Encryption: SSL (Secure Socket Layer)
  • Select Authentication. Uncheck Anonymous bind and enter these authentication settings:
    1. Mechanism: Simple
    2. Bind as: cn=root,dc=physics,dc=unh,dc=edu
    3. DO NOT enter a password here. Luma will store the password in plaintext in your home folder. Just leave it blank so that Luma will prompt you each time you access LDAP.
  • Select LDAP Options
    1. Uncheck "Use Base DNs provided by the server" and then click Edit BaseDN list
    2. In the Custom: box enter dc=physics,dc=unh,dc=edu and then click Add, and then click OK.


Luma Settings


User Management with Luma

In order to manage user accounts in Luma follow these instructions:

  • Select the User Management plugin
  • Select einstein.unh.edu from the server drop-down. At this point Luma will prompt you for your password. If you used the above setup instructions you need to use the administrator password for LDAP.
  • The box in the bottom left of the window should be populated with a list of existing user accounts. From here you can edit or delete existing accounts as well as add new ones.
  • Changes will NOT be saved until you click the save button at the top of the screen. Exiting Luma will abandon your unsaved changes.

Adding Users

You can click the Add button in the User Management plugin to add a new user account. First you must select the location in the LDAP database to store the new account. The location for user accounts should be ou=People,dc=physics,dc=unh,dc=edu@einstein.unh.edu. You can either enter this directly or navigate to it by expanding the LDAP tree structure.

Select Location