Announcement

Collapse
No announcement yet.

How all the Authentification works...more than just OX

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How all the Authentification works...more than just OX

    Hello,

    i would like to combine Samba, Hyperion, Squid, Apache, etc.. authentification in one LDAP database.

    I have already a running Samba PDC based on ldap, but how do you combine this all?

    Does it all break down to the authentification itself, which pam could handle with its modules? Or is it a little more complex?

    At the moment i have no idea where all the user information should go to!?

    I guess each service must have its own database structure with its relevant infos (samba, ox, apache, squid infos).

    How do you put it all nicely together once Hyperion is able to work with Ldap?

    Thanks, Spiekey

  • #2
    Originally posted by spiekey View Post
    Hello,
    i would like to combine Samba, Hyperion, Squid, Apache, etc.. authentification in one LDAP database.
    samba and apache can definitely do that
    squid can do authentication over ldap too but i guess the setup would be a bit more complex

    Originally posted by spiekey View Post
    Hello,
    I have already a running Samba PDC based on ldap, but how do you combine this all?
    havin ldap _is_ the combination.

    you have to make sure you use the right attributes (e.g. I use uid from posixAccount and password from simpleSecurityObject)

    Originally posted by spiekey View Post
    Hello,
    Does it all break down to the authentification itself, which pam could handle with its modules? Or is it a little more complex?
    it is more complex it depends wether you only want authorization (who) or authorization and authentication (who and which things one can do).

    The most complex part are probably aplications that can neither do ldap nor pam (which would use ldap again) nor any other thing that could build a chain down to ldap.

    as far as I am in my hyperion setup this is one of the applications that lack nice integration. To be honest i don't get why all those web apps have to use their own authentication function when apache has quite a number of supported auth method. users could then be auto created upon first login with a default group yadda yadda but i don't think hyperion does that right now.

    so I'll have to make something up that will create a hyperion user upon adding new users and then keep the password in sync with ldap.

    I'll probably disable somehow the password change inside ox.

    Originally posted by spiekey View Post
    Hello,
    At the moment i have no idea where all the user information should go to!?
    Read about 3 tons of howtos, this is the holy grail of system administration, single sign on and (what you are trying to achieve) syncronized passwords are a pain in the ass.

    Originally posted by spiekey View Post
    Hello,
    How do you put it all nicely together once Hyperion is able to work with Ldap?
    read all of the above

    Comment


    • #3
      Hyperion does not support LDAP Authentification at this Point. This is why we Work on Hymalia 0.8.2.

      Comment


      • #4
        Originally posted by XeN View Post
        Hyperion does not support LDAP Authentification at this Point. This is why we Work on Hymalia 0.8.2.
        No it does not. But using LDAP for authentication only should not be a big problem. I am quite sure the code has been designed in a way that you can plug different authentication mechanism into OX.

        René

        Comment


        • #5
          There is a enhancement request (Bug 6554) dealing with this.
          I also hope this will work soon, this is a key feature for OpenXchange Hyperion.

          Comment


          • #6
            There is already a solution available - our authentification can be plugged with anything in an easy way. I'm already using it and will find out if I can publish the patch.

            Daniel

            Comment


            • #7
              Hi Daniel!

              we're interested too in moving the community edition user database to an openldap repository.
              We're studing a solution for intergating open-xchange with caas/opensso single sign-on java/jsp technology.
              Have you any hint?

              Comment


              • #8
                Please desribe your architecture in detail.

                Which authentification backend uses OpenSSO, which agents do you want to use, ...

                Daniel

                Comment


                • #9
                  Hi
                  I tryed ldap
                  but with ldap sql-beckend
                  point to ox user db its not complex read some howto for sql-beckend
                  Dryphon

                  Comment


                  • #10
                    We are thinking in integrating our cms (named ISIPortal) with your open-xchange.
                    The final effect would be:

                    an user makes a login into an isiportal intranet . Isiportal integrates with ldap and checks the user credentials.

                    At this point would be interesting to show in the user intranet something like "Go to your open-xchange account".
                    Obviously the integration works fine if no user/password keypair is newly asled to the user.

                    We are now thinking about how is the best way to achive this target.
                    The opensso/caas tools could be a good design solution, but obviously open-xchange must task to caas too.

                    Have you any ideas on how to realize this feature with the minimum effort?

                    Thanks

                    Comment


                    • #11
                      for beeing more clear, i'm asking you what kind of SSO (single sign-on) products do you support.

                      Comment


                      • #12
                        Obviously the integration works fine if no user/password keypair is newly asled to the user.

                        We are now thinking about how is the best way to achive this target.
                        The opensso/caas tools could be a good design solution, but obviously open-xchange must task to caas too.

                        Have you any ideas on how to realize this feature with the minimum effort?

                        Please describe this in detail, I'm not sure if I understand your requirements /7 ideas.


                        Originally posted by alessandrop View Post
                        for beeing more clear, i'm asking you what kind of SSO (single sign-on) products do you support.
                        OX can potentially authenticate against any "service", you "only" need to customize the authentification code if you want OX to authentificate again backends like LDAP.

                        The other possible way is to export the OX credentials, which are stored in the mySQL databse, with LDAP like dryphon explained and let the other services like CRM authentificate again this LDAP.


                        Daniel

                        Comment

                        Working...
                        X