Topic: [Announce] LDAP authentication

[Sebastien]

Hi all,

As a French computer science student (in ENSEIRB [1], a graduate school of engineering), I am currently doing a tree month internship at Firewall Services [2].

The aim of my internship is to allow LDAP authentication via SME Server. Formally, I have to fix bug #1543 [3]. Then, if I have enough time, I will try to:
 - allow LDAP replication;
 - ensure interoperability with M$ active directory.

Up to now, I read some documentation about SME Server [4], LDAP [5] and did some experiments. I am currently gathering information about PAM/NSS and "CPU" [3]. At the same time, I am analyzing already done work by reading current development e-smith-base+ldap package.

I will post on bugzilla when I will have fresh stuff. At this time, I am open to any advice which can help me to do a better job

That's all folks !

References
[1] http://www.enseirb.fr
[2] https://sme.firewall-services.com
[3] http://bugs.contribs.org/show_bug.cgi?id=1543
[4] http://mirror.contribs.org/smeserver/contribs/gordonr/devguide/html/devguide.html
[5] Marcel Rizcallah. Annuaires LDAP. Eyrolles, 2nd edition.

[cactus]

The aim of my internship is to allow LDAP authentication via SME Server. Formally, I have to fix bug #1543 [3]. Then, if I have enough time, I will try to:
 - allow LDAP replication;
 - ensure interoperability with M$ active directory.

Great! I very much hope you can solve this issue! Thanks as well to Firewall Services as LDAP authentification on it's own will be a step forward for SME Server, let alone LDAP synchronisation and AD interoperability.

Perhaps joining the development mailing list will also help you much, as development issues are discussed there. Perhaps a nice introduction there will help you find resources and information as well as train of thoughts by others including the main dev team.

[raem]

Sebastien

I think the suggestion to "Perhaps join... the ....development mailing list" is not strong enough.

You SHOULD & MUST join the devinfo list, and make yourself known there by posting what you have said here already, and then make the devinfo list the focus of where you conduct your development work.
You are likely to get a lot of feedback and assistance from developers and they can steer your work in the right direction (as far as outcome & code is concerned), so that your work fits in with developers general intentions for the sme project.

It would be great for LDAP authentication to be integrated into sme, but it does need to be done the "sme way" so it has ongoing support from developers.

[kruhm]

"You SHOULD & MUST join the devinfo list," is not strong enough."

I didn't even know this was being used. If it is almost a requ, it certainly isn't advertised anywhere. Adding to BT: http://bugs.contribs.org/show_bug.cgi?id=3073

------------------------------------------
I would stress adding all the existing and future work to the BUG TRACKER (which hasn't been done for any FWS packages).
http://bugs.contribs.org/describecomponents.cgi?product=SME%20Contribs

This will help so that:
-info is centrally located
-info is avail to all devs
-published packages get put in central repo
-if requ'd the packages become part of base

[jester]

Sebastien,

Is there any progress in your work?


Kind regards,
jester.

[Sebastien]

Jester,

I have just post some news on the bugzilla [1], I have put a copy below :

Up to now, I read some documentation and made some tests on Debian (so as to keep time because I am more skillful with this distribution). I have successfully configured LDAP authentication (on Debian) with following features (using first OpenLDAP and then Fedora Directory Server [2]) :
 - unix authentication via PAM, NSS;
 - tls ciphered connexion using both client and server certificates;
 - PDC via Samba (smbldap-tools);
 - authentication on web based applications (tested with Spip).

I am now switching to SME Server. First, I will try to configure LDAP authentication with OpenLDAP (because some work has already done). Thus, I am interesting in information you can provide about issues you have encountered with smbldap-tools.

Fedora Directory Server provides some interesting features (not included in OpenLDAP) such as :
 - multi-master replication;
 - active directory user and group synchronization.
Regarding these features, I am considering to replace OpenLDAP by Fedora Directory Server. For now, I do not know well OpenLDAP current level of integration in SME Server, that's why I am open to every advices on this point.

[1] http://bugs.contribs.org/show_bug.cgi?id=1543
[2] http://directory.fedoraproject.org/

[cactus]

I have just post some news on the bugzilla [1]

Sebastien,

why haven't we read this at the dev maillinglist? As in this thread and in bugzilla subscribe to the devinfo list and report there.

This is the correct and only place to report and discuss on those issues.

I am now switching to SME Server. First, I will try to configure LDAP authentication with OpenLDAP (because some work has already done). Thus, I am interesting in information you can provide about issues you have encountered with smbldap-tools.

Fedora Directory Server provides some interesting features (not included in OpenLDAP) such as :
 - multi-master replication;
 - active directory user and group synchronization.
Regarding these features, I am considering to replace OpenLDAP by Fedora Directory Server. For now, I do not know well OpenLDAP current level of integration in SME Server, that's why I am open to every advices on this point.

Advice can also be asked there! For instance: I suggest you try things out on CentOS as this is the basis of SME Server, therefore CentOS is much closer to SME Server than Debian.

Happy to be hearing of you (on the devinfo list)!

cactus

[Sebastien]

Cactus,

After your advice, I post on definfo list. I guess an admin has to valid it as it is my first post on the list.

See you on the devinfo list,

Sebastien

[RvLardin]

Hi,

The SME LDAP authentification package seems to be ready for production.
Last version should be found in BugZilla, Bug 1543 : http://bugs.contribs.org/show_bug.cgi?id=1543
Unfortunatly, we don't have the ressources to maintain it until it will be integrated in SME Base (our goal).
So today, we ask the community to sponsorize in order to help this integration by donating.
http://www.smeserver.org/index.php?option=com_wrapper&Itemid=34
Feel free to contribute in any way you can.


Thanks,
RV.

[frenchi6625]

Sorry to revive this topic, but I'm not sure wether this has been sorted out? Can someone point me toward instructions on getting this to work, or does it work out the box on 7.3?

thanks!