Koozali.org: home of the SME Server

Anbindung von Ricoh MFP ldap an SME 9.2

Offline drestof

  • 13
  • +0/-0
Anbindung von Ricoh MFP ldap an SME 9.2
« on: November 07, 2019, 10:34:20 AM »
Hallo,

da es mir als neuem User nicht möglich ist, meine Anfrage (und bug report?) in das 9.2 Forum zu stellen, stelle ich meine Frage hier (allerdings kann ich in diesem Forum keine Bilder anhängen, ist aber im Text beschrieben):


we are trying to connect Ricoh Multifunction Printers (MFPs) for authentification to SME Servers used in schools. Since the base of the installations run on SME 8.0 we started migrating to 9.2, to use the ldap connectivity.
Specifically the Ricohs use AD, so we are going to use a handler to convert to LDAP.

Unfortunately we don't really understand which of the variants of ldap is the right one to connect to a MFP:

1. We spent some effort activating "LDAP authentication" on a fresh installed 9.2 server (we did so several times) and "reliably" can not activate any users we create at this point since we cannot change the password (and we tried many). Now I am asking myself if this "feature" is obolete? See description description and logs below and attachements.

2. As I see there also is the "LDAP authentication for applications"  is it to be used with or alternatively to "LDAP authentication"?

3. Perhaps there is even more "ldapping" right on board by default I am not aware of?


About the way "LDAP authentication" on a fresh installed and updated SME 9.2:

1. Installation of SME 9.2

2. Installing Updates (via yum... restart)

3. Enabling LDAP Authentication (db configuration setprop ldap Authentication enabled)

4. Using server-manager from a wired PC in the same subnet.

5. When we create a user it is locked. This is signaled by "account locked". If we try to enter an initial password, the input is "done" but after input the right side of the sme-manager screen stays blank, no acknowledgement of a password change. Same behaviour in IE 11 and Firefox ESR 68.2.



I tried to get some information from the logs. In /var/log/messages I find:

Nov  6 13:08:02 server4 esmith::event[2716]: Could not lock (smb) password for test

/var/log/messages

Code: [Select]
[root@server4 ~]# cat /var/log/messages | grep passw

Nov  6 11:41:36 server4 esmith::event[1101]: expanding /etc/pam.d/passwd

Nov  6 11:41:37 server4 esmith::event[1101]: expanding /var/service/mysqld/set.password

Nov  6 11:41:38 server4 esmith::event[1101]: Running event handler: /etc/e-smith/events/bootstrap-console-save/S06store-ldap-smbpasswd

Nov  6 11:41:39 server4 esmith::event[1101]: Setting stored password for "cn=root,dc=it-server4,dc=de" in secrets.tdb

Nov  6 11:41:39 server4 esmith::event[1101]: S06store-ldap-smbpasswd=action|Event|bootstrap-console-save|Action|S06store-ldap-smbpasswd|Start|1573036898 716771|End|1573036899 117754|Elapsed|0.400983

Nov  6 11:42:11 server4 esmith::event[1962]: Running event handler: /etc/e-smith/events/bootstrap-ldap-save/S06store-ldap-smbpasswd

Nov  6 11:42:11 server4 esmith::event[1962]: Setting stored password for "cn=root,dc=it-server4,dc=de" in secrets.tdb

Nov  6 11:42:11 server4 esmith::event[1962]: S06store-ldap-smbpasswd=action|Event|bootstrap-ldap-save|Action|S06store-ldap-smbpasswd|Start|1573036931 623804|End|1573036931 680594|Elapsed|0.05679

Nov  6 11:42:11 server4 esmith::event[1962]: Running event handler: /etc/e-smith/events/bootstrap-ldap-save/S15user-lock-passwd

Nov  6 11:42:12 server4 esmith::event[1962]: S15user-lock-passwd=action|Event|bootstrap-ldap-save|Action|S15user-lock-passwd|Start|1573036931 680923|End|1573036932 544497|Elapsed|0.863574

Nov  6 13:08:02 server4 esmith::event[2716]: Could not lock (smb) password for test

/var/log/ldap/current log:   
Code: [Select]
[root@server4 ~]# cat /var/log/ldap/current | grep test

@400000005dc2b7ac0352b34c 5dc2b7a2 conn=1077 op=1 ADD dn="cn=test,ou=Groups,dc=it-server4,dc=de"

@400000005dc2b7ac0edf59a4 5dc2b7a2 conn=1078 op=5 ADD dn="uid=test,ou=Users,dc=it-server4,dc=de"

@400000005dc2b7ac250c65dc 5dc2b7a2 conn=1079 op=1 SRCH base="ou=Groups,dc=it-server4,dc=de" scope=2 deref=0 filter="(&(objectClass=posixGroup)(memberUid=test))"

@400000005dc2b7ac2512805c 5dc2b7a2 conn=1079 op=3 SRCH base="ou=Groups,dc=it-server4,dc=de" scope=2 deref=0 filter="(&(objectClass=posixGroup)(memberUid=test))"

@400000005dc2b7ac2760e114 5dc2b7a2 conn=1079 op=5 SRCH base="ou=Users,dc=it-server4,dc=de" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=test))"

@400000005dc2b7ac2bf165b4 5dc2b7a2 conn=1079 op=8 MOD dn="uid=test,ou=Users,dc=it-server4,dc=de"

@400000005dc2b7ac30e1929c 5dc2b7a2 conn=1080 op=3 SRCH base="dc=it-server4,dc=de" scope=2 deref=0 filter="(&(uid=test)(objectClass=sambaSamAccount))"

@400000005dc2b7d82c009c3c 5dc2b7ce conn=1088 op=1 SRCH base="ou=Users,dc=it-server4,dc=de" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=test))"

@400000005dc2b7d82c87dd3c 5dc2b7ce conn=1089 op=3 SRCH base="dc=it-server4,dc=de" scope=2 deref=0 filter="(&(uid=test)(objectClass=sambaSamAccount))"

@400000005dc2b8500b8d8adc 5dc2b846 conn=1092 op=1 SRCH base="ou=Users,dc=it-server4,dc=de" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=test))"

@400000005dc2b8500c054734 5dc2b846 conn=1093 op=3 SRCH base="dc=it-server4,dc=de" scope=2 deref=0 filter="(&(uid=test)(objectClass=sambaSamAccount))"

Offline mmccarn

  • *
  • 2,647
  • +10/-0
Re: Anbindung von Ricoh MFP ldap an SME 9.2
« Reply #1 on: November 07, 2019, 01:14:39 PM »
Here are old notes of mine on trying to get LDAP authentication to work with Owncloud:
https://forums.contribs.org/index.php/topic,50372.msg253289.html#msg253289


[Google Übersetzer]
Hier sind meine alten Notizen zum Versuch, die LDAP-Authentifizierung für Owncloud zu aktivieren:
https://translate.google.com/translate?sl=en&tl=de&u=https%3A%2F%2Fforums.contribs.org%2Findex.php%2Ftopic%2C50372.msg253289.html%23msg253289

Offline drestof

  • 13
  • +0/-0
Re: Anbindung von Ricoh MFP ldap an SME 9.2
« Reply #2 on: November 07, 2019, 01:48:02 PM »
Here are old notes of mine on trying to get LDAP authentication to work with Owncloud:
https://forums.contribs.org/index.php/topic,50372.msg253289.html#msg253289


[Google Übersetzer]
Hier sind meine alten Notizen zum Versuch, die LDAP-Authentifizierung für Owncloud zu aktivieren:
https://translate.google.com/translate?sl=en&tl=de&u=https%3A%2F%2Fforums.contribs.org%2Findex.php%2Ftopic%2C50372.msg253289.html%23msg253289

tkx for your information - I'll try