Tweet
Dear OX-Forum,
I am kind of new to OX6 and I am trying to install proper authentication (i.e. via LDAP or IMAP) at a customers.
I am quite puzzled by the fact that things simply do not seem to work properly and I think it might have to do with me not understanding "authenitication" in the sense of OX6.
I am using OX6.18.0 on Ubuntu Server 10.4.1 LTS.
To me, when I install the open-xchange-authentication-[imap|ldap] modules, then I should _remove_ the open-...authentication-database module, if I read the instructions corectly.
I have verified that both my LDAP server and IMAP Sevrer (cyrus) have proper user accounts for my OX6 user, I have also made accounts for oxadmin, oxadminmaster as well as my own user. I think that I have also set up imapauth.properties and ldap property files correctly.
All of the relevant bundles start up correctly in the logfiles.
To me, authentication means, that ALL of the user information should ONLY be taken from the configured mechanism.
However for example when I try to log in with my account, in this case usng IMAP auth, then I get the message, that the account is not in the database.
This is obvious as I have removed the database auth and there is no such account. So I can use Peters Admin GUI to create the account, HOWEVER this requires me to enter a password.
But I want the ONLY source of account and password info to be either in IMAP or LDAP and NEVER in the database.
Therefore I feel it's strange that all the guides for LDAP auth also specify to run oxldapsync to get all LDAP entries into OX6? Surely this should be unecessary ? Any login query etc. should simply be sent to the corresponding server for validation ?
It also kind of bothers me, that the example oxldapsync config files specify the users password to be set to "secret" intially as a default! this is not acceptable: I want people to be able to get onto the groupware immediately without any new passwords or password change ? That is the real reason to use LDAP/IMAP?
So where am I wrong ? A lot of people seem to be happy using these modules and I am not...:-) So I guess I am not understanding the "underlying" concepts properly?
Any pointers, philosophical or otherwise, :-) would be greatly appreciated.
Love,
Snoopy a.k.a. Bluesnoop
I am kind of new to OX6 and I am trying to install proper authentication (i.e. via LDAP or IMAP) at a customers.
I am quite puzzled by the fact that things simply do not seem to work properly and I think it might have to do with me not understanding "authenitication" in the sense of OX6.
I am using OX6.18.0 on Ubuntu Server 10.4.1 LTS.
To me, when I install the open-xchange-authentication-[imap|ldap] modules, then I should _remove_ the open-...authentication-database module, if I read the instructions corectly.
I have verified that both my LDAP server and IMAP Sevrer (cyrus) have proper user accounts for my OX6 user, I have also made accounts for oxadmin, oxadminmaster as well as my own user. I think that I have also set up imapauth.properties and ldap property files correctly.
All of the relevant bundles start up correctly in the logfiles.
To me, authentication means, that ALL of the user information should ONLY be taken from the configured mechanism.
However for example when I try to log in with my account, in this case usng IMAP auth, then I get the message, that the account is not in the database.
This is obvious as I have removed the database auth and there is no such account. So I can use Peters Admin GUI to create the account, HOWEVER this requires me to enter a password.
But I want the ONLY source of account and password info to be either in IMAP or LDAP and NEVER in the database.
Therefore I feel it's strange that all the guides for LDAP auth also specify to run oxldapsync to get all LDAP entries into OX6? Surely this should be unecessary ? Any login query etc. should simply be sent to the corresponding server for validation ?
It also kind of bothers me, that the example oxldapsync config files specify the users password to be set to "secret" intially as a default! this is not acceptable: I want people to be able to get onto the groupware immediately without any new passwords or password change ? That is the real reason to use LDAP/IMAP?
So where am I wrong ? A lot of people seem to be happy using these modules and I am not...:-) So I guess I am not understanding the "underlying" concepts properly?
Any pointers, philosophical or otherwise, :-) would be greatly appreciated.
Love,
Snoopy a.k.a. Bluesnoop
Comment