Koozali.org: home of the SME Server
Obsolete Releases => SME Server 8.x => Topic started by: Jáder on November 28, 2011, 07:42:37 PM
-
I'm testing SME8b7 LDAP authentication.
Using a LDAP Browser as client and:
base dn=ou=Users,dc=antinsect,dc=com,dc=br
If I connect without user information I'm able to see users info.
But my browser allow to put and user and password... and this way I cannot connect.
I'm tryi8ng to use pfSense 2.0 + squid (as pfSense module) authenticating on SME8b7
On pfSsense interface
Services
Proxy Server
auth settings TAB
I have 5 fields ( I put the numbers to later reference ):
1 - LDAP server user DN
Enter here the user DN to use to connect to the LDAP server.
2 - LDAP password
Enter here the password to use to connect to the LDAP server.
3 - LDAP base domain
For LDAP authentication, enter here the base domain in the LDAP server.
4 - LDAP username DN attribute
Enter LDAP username DN attibute.
5 - LDAP search filter
Enter LDAP search filter.
So to field I fill it with:
1 - cn=root,dc=antinsect,dc=com,dc=br or cn=admin,dc=antinsect,dc=com,dc=br or
cn=root,ou=Users,dc=antinsect,dc=com,dc=br or cn=admin,ou=Users,dc=antinsect,dc=com,dc=br or
(or with uid= and not cn=)
2 - the ldap password (sme admin/root user password)
3 - ou=Users,dc=antinsect,dc=com,dc=br
4 - uid
5 - uid=%s or (objectClass=inetOrgPerson)
but none of them appears to work.
Any ideas ?
-
hi.. take a look here: http://wiki.contribs.org/LDAP
please report any bug in bugzilla, thank you
-
I'm testing SME8b7 LDAP authentication.
Testing is great! But it's only really useful if you report any problems you find via the bug tracker. And if you find problems, it works best if you discuss those problems only in one place, so that information doesn't get fragmented. Thanks.
-
Charlie
I think you really could do a better use of your time. ;)
Because you're not helping anyone. Even passing a bad impression about you.
And I'm sure you're a nice guy... you're a top programmer of SME!
Stefano's answer was a lot better.
-
I think you really could do a better use of your time. ;)
Well if you would like me to work on things other than SME server you should continue to criticise what I do, in public. Very encouraging. Thanks.
-
Jader, Charlie.. please.. :-)
Jader: Charlie told you exactly what I did in my previous post: remember to submit any bug in bugzilla
Charlie: please continue your work on SME :-)
-
Charlie
I have a GREAT respect about your work, just cannot understand why you're spending your time reading forums and giving no so friendly answers to a lot of persons.
If you're a developer and would like to everyone to use bugzilla, just read bugzilla and NEVER reply to questions on forums.
When someone else (Stefano) points the forgotten (me!) about to use Bugzilla, so they (ME AGAIN!) will have your attention.
If you reply forum questions about doubts with a tough response you're building a bad reputation to you and do not helping anyone.
I don't care if you abandon SME... SME will slow down a lot, but I think it will survive.
Any OSS project needs a comunity, and a comunity cannot survive if everyone involved is not friendly.
So I'd like to ask you: if you do not like the question: IGNORE IT... but PLEASE do not give a tough reply!
There are several other people (Mary, Stefano, ... even myself) wishing to help people with doubts, even the basic ones! Let us to do our work and use your time as you wish ... even in other projects, but PLEASE DO NOT GIVE TOUGH ANSWER ... just give your silence!
-
Jader, Charlie.. please.. :-)
Jader: Charlie told you exactly what I did in my previous post: remember to submit any bug in bugzilla
Charlie: please continue your work on SME :-)
Yes, but as my wife allways say: it's not what you say, it's HOW do you say! ;)
Your answer was a polite one... but Charlie's...
-
Jader.. I would agree with you but you are a forums' member since a looooong time.. you'd know Charlie.. he's a good guy but. he's Charlie.. that's all..
let's go back to work guys :wink:
-
Your answer was a polite one... but Charlie's...
Mine was polite too. I suggest you go read it again.
I said the same as Stefano, but in addition explained why it is important to report all testing results in the bug tracker, and to discuss only in the bug tracker.
Good night.
-
I'm in a good morning (9AM here!)... so I'll start working again:
Bug created: http://bugs.contribs.org/show_bug.cgi?id=6801
But we need to create some page (or make it more visible) about what is a bug and what is a doubt.
My version of facts: what I have is a DOUBT : I'm not sure if I'm configurating that screen correct.
It's not a bug because I've no information about something was wrong neither I got a error message (I even cannot find where to look for them!).
That's because I open a new thread on forum.
And yes, I heard about "if do not work as desired, open a bug"... but for that we need a lot more documentation (and MYSELF and others need to read them!).
For those times something is written and was not read, support guys should just post the link to manual page (yes, do not "RFTM" only answers!) .
Charlie and others top DEVELOPERS should focus on DEVELOPMENT... while Mary, Stefano and many others like me focus on support forums.
That's my opinion... not intended to create flame war/discussion !
-
Jader: did you try as suggested in the wiki page?
you should use: Authenticated User: uid=root,ou=Users,dc=sampledomain,dc=com
does it work for you?
-
Jader: did you try as suggested in the wiki page?
you should use: Authenticated User: uid=root,ou=Users,dc=sampledomain,dc=com
does it work for you?
Yes, I've tried... in fact, I've tried more than 20 different configurations... now I use a counter on REALM message to know I'm using the actual config. See bug's screen capture.
I think the problem is the other fields:
LDAP username DN attribute
LDAP search filter
What I should to put on those ?
Jáder
-
I've just added some general informations on how to use the LDAP directory in the wiki: http://wiki.contribs.org/LDAP#Authentication
Please read it and tell us if you can solve your issue
Regards, Daniel
-
Daniel
The new information was welcome but do not solve the problem.
I'm updating info on bug 6801 about error messages.
-
jader
I have to agree with Charlie on this one, his comment was "matter of fact" and it seems you "took offence or dislike" to the way he used the English language.
The following comments are not just made to you, but to all users of these forums.
I have observed many of your posts lately and you do seem critical of people and do seem to "read emotion" into various peoples posts.
Everyone is entitled to answer in the way they best see fit and not be subject to criticism.
Indeed much or most of what someone criticises is I believe due to a misinterpretation by the reader, in many many cases that I have observed in these forums it is due to language & grammatical & cultural values of the reader (being different to that of the poster).
eg
I see you appear to be from Brazil and while you write adequate English sentences, I note you sometimes have grammatical type errors in your words. That leads me to believe it is your English language comprehension skills that are the cause of you being critical about certain peoples posts.
In most cases I see nothing wrong with their posts, but I believe it is your comprehension of what they have written that leads you to believe they are being harsh or unpleasant or unhelpful. This same conclusion I would also apply to other posters, not just yourself, it is the mix of languages and language skills that abound amongst the users of these forums that is the source of users "upsets". Words are often reversed in sentences in different languages and can appear to have different meanings when read by a person who has different language background than the person who wrote the original post.
To me Charlies post in this thread was simple, to the point and accurately represented what he wanted to say, all done with a minimum set of words and therefore a minimum time effort.
I'm aware that Charlie is very busy and dedicated and involved in many areas of technology and web site forum posting elsewhere etc, so he uses his time wisely, which to you comes across as "abrupt".
To me his posts are sharp, short, accurate, and on occasions "witty", he continually impresses me how he gives such accurate answers in such a minimalistic way.
Jader, please stop being critical of anybody on this forum, unless of course they are clearly being rude or offensive, in which case your best course of action is to report them to the Moderator.
Please note that nothing I have said here is meant to be an attack on you or in any way designed to be offensive to you, I'm just being "matter of fact", at least as I see it.
Please just post your answers without also needing to criticise others.
The same request goes to all other users of these forums, although I must say that lately the personal attacks have quietened down significantly compared to some time ago when there seemed to be regular "flurries of activity" from those who had "nothing better to do".
-
Mary
I just would like to see people helping each other or being quiet.
Even my English skill are not so great as a native speaker I believe my problem is not this.
I appreciate efforts everyone do for SME... in any/many ways.
I understand Charlie is a VERY busy person, so what's I'm asking is: if he has nothing good to say, just ignore posts. This is valid for everyone else.
Please read the Stefano answer and you'll see I'm not the only one who thinks this way.
And let's go back to beggining:
I open a thread in forum asking for help... so they said "open a bug" I went to bugzilla... where people say: "I'll close as NOTABIG", "go ask in forum".
I think it's time to make a clear separation what is a bug and what must be on forums.
Maybe it's just me again... but please read the bug 6801 and this thread and let me know what is wrong.
I'm dv.linuxfacil _at_ gmail _dot__ com if you like to continue this chat in private.
-
I'm the one that closed the bug. If you are having issues the first place you should post is the bug tracker. If it is determined that there isn't a bug we will close it and ask you to go back to the forums for support. In closing the bug I did say that what you are doing doesn't appear to be a bug with SME but if you determine that it is then reopen the bug (or open a new one).
If you are asking for help configuring things that belongs in the forums. If you are saying this isn't working like it should be or is broken then it belongs in the bug tracker. The LDAP auth stuff is very likely unfinished (and/or broken) so what you are trying to do might not even work. As it is experimental we likely won't provide support in the bugtracker unless you have suggestions for how to improve/fix it (see all the bugs Daniel has opened regarding LDAP).
Until LDAP auth is working for SME there most likely won't be much progress on external apps.
-
jader
Well this could go on and on...
Charlie's answer is fine with me, he acurately asked you to report issues to bugzilla, he implicitly referred to your post in the forums as being inappropriate (my words), and implied that bugzilla is the best place to sort out your apparent bug.
While Stefano's answer was OK, Charlies answer was more informative, and I read no unhelpful information or no bad intent at all.
My knowledge of Stefano is that he is also from a non english background, so perhaps he may interpret something that Charlie did not mean (but that's again your opinion of what Stefano is thinking/feeling).
That is my point, please stop attaching your emotional or attitudinal values to words that people type, it's IMPOSSIBLE to do so in this context, and in virtually every case I have seen this happen in these forums it has been an error on the part of the responder to do so.
I open a thread in forum asking for help... so they said "open a bug" I went to bugzilla... where people say: "I'll close as NOTABIG", "go ask in forum".
I think it's time to make a clear separation what is a bug and what must be on forums.
That is the official/semi-official preferred process (as it says in the message displayed each time you create a forum post), ie lodge a bug, see if it really is a bug, if so developers will triage it, if not you will be referred back to the forums. This has been discussed many many times in these forums, so I suggest you do some searching and back reading.
Maybe it's just me again... but please read the bug 6801 and this thread and let me know what is wrong.
I'm dv.linuxfacil _at_ gmail _dot__ com if you like to continue this chat in private
Sorry I don't use LDAP so have no need to spend my time on it, but I would just add Shad Lords answer from that bug which I believe sums it up very accurately. You can work with other people who are actively involved in developing LDAP functionality. I recall too that it is NOT envisaged to be part of sme8.0 final release, but more likely a part of a later sme 8.1 release.
"LDAP auth on SME is in its infancy. It is about 90% there for a working SME instance. Having the ability for external devices to authenticate against LDAP hasn't been addressed yet. There are some things you can try and Daniel has been kind enough to point you in the right direction.
This isn't a help forum though. So far you haven't demonstrated anything wrong with SME. Please take the configuration discussion of LDAP auth to the forums and if you find a bug in SME then raise a bug report detailing what is wrong with SME. If you can provide details about how to fix it as well then this will help get it fixed quicker."
-
I am also interested in this configuration. Hopefully, a solution will be made available soon.
Have a good day to all!