Topic: binddn information

[rlastinger]

so i am considering moving my SME 8.0 mail environment to become my LDAP authenticator since I cannot use external LDAP authentication.  One of my applications is requiring binddn information.  is it cn=root,dc=example,dc=org or cn=admin?  How do I find the binddn passwd?

The documentation says that the binddn password is the same as my admin password, but that didn't work, so I'm guessing that have the binddn information wrong.

[Daniel B.]

Most applications can use LDAP without any bind DN (anonymous bind). Only if you need access to posix account attributes (uidNumber, gidNumber, memberUid etc...) you can use a bind DN. In that case, do *not* use the admin or root DN: just create a standard SME user, and use its DN to bind (eg you create a user named ldapauth, the corresponding DN is uid=ldapauth,ou=users,dc=domain,dc=tld)

Using the admin or root DN and password brings no benefit, and just expose a very sensible password somewhere in clear text.

One more point: if you plan to use LDAP as an authentication source from another box, you *must* use TLS (port 389) or SSL (port 636), or SME will just reject the password, even if it's correct.

Regards, Daniel

[rlastinger]

Thanks Daniel.  I will give that a try.