Topic: LDAP Authentication

[hgomez]

I made it in .doc, try with it:
http://www.isfalpiz.com/howtos/How%20to%20SAMBA+PDC+OpenLDAP.doc

Thanks for comments...

Hmmm, .doc format isn't so linux friendly. Could you do .txt or .html?

I'm a bit worried about this mod to smb.conf:

...
[everything]
comment = Root File System
path = /
read only = No
guest ok = Yes  
...

That is rather an insecure configuration change - and not likely to be essential or central to what you are trying to achieve. People would be wise to avoid doing that if possible.

It's not advised to install modules using the technique you have described. Better to find and install (or make and install using cpan2rpm) RPMs which contain the modules you need.

I haven't completely looked through your HOWTO, but it looks very interesting. Thanks.

It's optional, The idea to share the root file system is in order to facility the configuration process, at the end of all, it must be deleted. In fact I don’t put it into the “/etc/e-smith/templates-custom/etc/smb.conf”. In other hands, I tried to install cpan modules using rpms, but it did not work in the same way, if anyone discover another functional method will be great. Thanks for your comments. Ahh soon I will write it in html....

[CharlieBrady]

I tried to install cpan modules using rpms, but it did not work in the same way, if anyone discover another functional method will be great.

If you can identify the full list of required but missing perl modules then someone might be able to find or make the RPMs that you need.

[cydonia]

Could someone clarify what this HowTo actually allows you to do?


All I wish to do is be able to allow authentication against the LDAP server for any web applications running locally.  Will make things so much easier with remembering and managing un/pw combos.

Also, If this isn't the purpose, would this module for Apache allow us to authenticate against SME's LDAP server:

http://www.rudedog.org/auth_ldap/


And finally.  If none of these are suitable, what would it take to incorporate LDAP authentication into SME, say for release 7?  I am willing to work on this in whatever way possible if someone can give me pointers.  If the costs to pay someone to do this mod are not unreasonable, I would consider it.

Cheers.

[DarkMirage]

This is what I have learned from my experiences with sme ldap:
To authenticate with LDAP you would require the user passwords to be incorporated within ldap, as users are already maintained in the tree.

LDAP, as most (all?) modules in sme, is a separate package which therefor can be changed to incorporate such actions. The tricky part would be getting the password once it's entered by the user...and doing that secure.

Aside from that, there are a number of methods in the ldap module, which IMHO could be done better (can't it always?).

I still need to get into this for another project, so I'll let you all know if I get anywhere with it.

Please don't expect anything fast though..

[DarkMirage]

The tricky part would be getting the password once it's entered by the user...and doing that secure.

Ignore that, the nss_ldap module takes care of the problem.

[cydonia]

So is it a major change to make SME itself use LDAP for storage of all user data?

I mean, what is required here?  As I said, this is something that I think adds alot of functional usefulness to SME as far as running web applications go.

If we could simple authenticate all points of login against the central LDAP, it opens many possibilities for SME.


Any ideas here?  As I said, I am willing to follow this up in any way possible, so if the more experienced could provide some pointers, I would love to help get this integrated somehow.

[gregswallow]

So is it a major change to make SME itself use LDAP for storage of all user data?

It should be discussed on the mailing list at smeserver.sourceforge.net if it's something you think would be good to include in SME7.  Think about what would need to be done and suggest it there.

[cydonia]

It should be discussed on the mailing list at smeserver.sourceforge.net if it's something you think would be good to include in SME7.  Think about what would need to be done and suggest it there.

Ok, will head over there and check it out.  I am not a programmer though and only know what I want conceptually. Thanks.

[cydonia]

As a web server authentication alternative to LDAP, how about Samba authentication?

http://uranus.it.swin.edu.au/~jn/linux/php/php_smbauth.htm

http://tekrat.com/smbauth/

[hgomez]

As a web server authentication alternative to LDAP, how about Samba authentication?

http://uranus.it.swin.edu.au/~jn/linux/php/php_smbauth.htm

http://tekrat.com/smbauth/

When you configure LDAP authentication, your samba use it too. ie, when you go to create a user, you have 2 options, SAMBA User or Posix User, each one can be used like samba user, but only posix user can open a shell command into your linux/Unix servers.
Respondind to you a previus question: With this howto you can have a windows 2000/2003 Server without to have no one windows 2000/2003 server, ie, a PDC that use OpenLDAP to authentication. Understand now?

[hgomez]

Hi friends, last week I took some time to made this howto in html, here is it, any comments will be apreciate, thanks.

http://www.isfalpiz.com/howtos/HowtoSAMBA+PDC+OpenLDAP.htm

[nhines]

Does anyone know if this has been updated for v7?

Fees

[hgomez]

Does anyone know if this has been updated for v7?

Fees

Not yet, this week I will download SME7 and I will update this howto, the base must be the same.

be patience,

hg.

[nhines]

Thank you, hg! That is fantastic!

[robin_one]

Yes, thank you. I am using KTv3 on SME and would love to have this type of integration.