Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: LDAP help please!
« previous next »
Pages: [1]   Go Down

LDAP help please!

  • 7 Replies
  • 1965 Views

Offline steever

  • *
  • 185
  • +0/-0
    • Open-Sesame
LDAP help please!
« on: October 04, 2004, 02:40:07 AM »
Hi.  I use contribs 6.01 to host a mambo site.   I am trying to get the mambo ldap authentication hack working, but they need to know information about my ldap setup, and I am not sure what goes where.

The guide says that it needs the following data (and gives the following examples):

1) LDAP host
this is the name of the server where your LDAP is installed. Mambo will connect to this server to perform authentication.
If this field is left blank, LDAP will not be used.

Is this just my server? eg.  xxxxx.no-ip.com ? or something else?

2) Use LDAP V3
Click here if your LDAP requires version 3 to be queried. This is the case of the latest openldap versions.

Do we use LDAP V3?

3) Base DN
If you're installing this hack you should know what the Base DN is. It should look like:
o=mydomain.com

Huh?  I tried dc=xxxxx,dc=no-ip,dc=com ; but no luck!

4) Connect string
The connect string defines how authentication is performed on LDAP, it is specific to your LDAP configuraion. Here are 2 examples:
For OpenLdap: uid=[login],ou=XXX
For Active Directory: sAMAccountName=[login],ou=XXX,dc=XXX,dc=XXX
You'll have to fill in the proper values for XXX (they depend on your configuration). The [login] string will be dynamically replaced by the user-entered login, and should be left as is.

Again, huh?  I assume I use uid=[login], but what's ou ?  What should sme users use?


5) Search string
When a user has been authenticated, we'll want to retrieve LDAP profile information to store it into the mambo profile. The search string defines how to locate the current user, it usually is a substring of the query string, for instance:
uid=[login]

Is this OK, or do I need something else?

6) Default group

I don't need help with this.

7) Email field
This is the name of the LDAP field used to store the email of the user. This is used to initialize the mambo profile on the first connection.

What's our email field called?

I will be very thankful for any advice.  It would be nice to have mambo with ldap authentication working.

Steve
Logged
Saving the world ... one server at a time.

Offline steever

  • *
  • 185
  • +0/-0
    • Open-Sesame
Beuller?
« Reply #1 on: October 08, 2004, 01:15:30 AM »
Ah, no answer.  Is it true that we can't use SME's LDAP for authentication, only for email lookup?  I think I read that somewhere.

Please help me with this issue.
Logged
Saving the world ... one server at a time.

dresserd

ldap authentication
« Reply #2 on: October 26, 2004, 08:18:43 PM »
As far as I can tell, SME server uses smbpasswd for authentication and simply stores contact info in the ldap directory.  Does anyone know of plans to add ldap authentication to SME server?  I'd be interested in helping.  To me that is a show-stopper.  With LDAP authentication, SME would be much more attractive in my view.

-Derek
Logged

deunan

Re: Beuller?
« Reply #3 on: October 28, 2004, 08:06:19 PM »
Quote from: "steever"
Ah, no answer.  Is it true that we can't use SME's LDAP for authentication, only for email lookup?  I think I read that somewhere.


Quote from: "dresserd"
Does anyone know of plans to add ldap authentication to SME server? I'd be interested in helping


Yes it is true..  SME does not support LDAP Authentication out of the box.

Although, in this thread, the guy claims that he managed to get successful results with LDAP Authentication, _but_ using SME 6.0b3.  I find it very intriguing, and to investigate further, I've downloaded the iso, but haven't the time to test it yet.

Anyhow, in this particular thread, it is suggested that we use IMAP and LDAP for authentication.  IMAP to authenticate, and the LDAP Addressbook to fill-in the blanks of user's info where appropriate.

Now that one looks interesting, and I'm even willing to try it out, but being the non-developer me (still kicking myself for sleeping in the programming class), I couldn't figure head nor tails out of the codes.  Couldn't contact the original poster since he posted as a guest.

Whatever you guys decide to do, please include me.  I may not be a developer, but I'll try to help in whatever capacity that I can, even as a lab mouse.


Sincere regards and thanks!
Logged

dresserd

LDAP help please!
« Reply #4 on: October 28, 2004, 08:39:29 PM »
Thanks for the reply,

I can verify that LDAP authentication is NOT an option in 6.0.1

There is great information on building a Samba3/openLDAP primary domain controller here
http://samba.idealx.org/smbldap-howto.fr.html

As soon as I get a chance.  Maybe next week, I will modify my 6.0.1 box to enable LDAP authentication.

This will entail
1. Adding the samba and posix Schema to the openldap server /etc/openldap/slapd.conf
2. populating the ldap directory with a few samba/posix users  (I'll just dump a few from my existing non-SME SambaLDAP pdc)
3. edit the samba configuration file so samba will use the ldap directory instead of the smbpasswd file.
4. verify that I can authenticate against the ldap server via pam on another linux box and via samba.

That process I understand pretty well.  I will then need to figure out how to package those changes to make it easily reproduceable.  It will also require some tweaking of many of the other packages like the user/group creation tools,etc.

I'd like some pointers on the most efficient way to package this so I can make it useful for other SME users.  I have a basic understanding of the template system.

-Derek
Logged

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
LDAP help please!
« Reply #5 on: October 29, 2004, 04:36:08 AM »
Quote from: "dresserd"

As soon as I get a chance.  Maybe next week, I will modify my 6.0.1 box to enable LDAP authentication.

This will entail
1. Adding the samba and posix Schema to the openldap server /etc/openldap/slapd.conf
2. populating the ldap directory with a few samba/posix users  (I'll just dump a few from my existing non-SME SambaLDAP pdc)
3. edit the samba configuration file so samba will use the ldap directory instead of the smbpasswd file.
4. verify that I can authenticate against the ldap server via pam on another linux box and via samba.

That process I understand pretty well.  I will then need to figure out how to package those changes to make it easily reproduceable.  It will also require some tweaking of many of the other packages like the user/group creation tools,etc.

I'd like some pointers on the most efficient way to package this so I can make it useful for other SME users.  I have a basic understanding of the template system.

-Derek


Your best bet would be to join the devinfo mailing list. You'll get advice, and maybe, helpers there. There's a recent thread there (see the archives) on the process of taking an idea, prototyping it, then either packaging the results, or writing up a howto so that someone else can package the results.

I'm pretty sure you'll find interest.

Charlie
Logged

dresserd

LDAP help please!
« Reply #6 on: October 29, 2004, 03:41:38 PM »
Thanks,

That's helpful.  I didn't realize there was another list for development.
Logged

cydonia

LDAP help please!
« Reply #7 on: November 14, 2004, 04:22:44 PM »
All my hopes are dashed for now...:(

I've tried to get this to work a few times, not knowing that SME didn't support it out of the box.

Very eager to see how you go with your modification dresserd.

As you said, it would make SME even more attractive, for my purposes, it would be like the iceing on the cake:).

Cya and good luck!  let us know how it goes.


Edit: btw. let me know even when you have a preliminary howto, and i will test it on a dev server.  I can give you the average users response:P
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: LDAP help please!