Homepage | Products | OX Knowledge Base | Support | Try Now | Contact | Company
OX Logo
Results 1 to 8 of 8
  1. #1
    wurtzel Guest

    Default using ldap for authentification?

    Hello I need help to configure the Ldap for OX6

    I have found the ldapauth.properties

    but I have not found how I can set the login dn and password for the ldap conection

    Is ther a documentation where this is deiscribed?

    exists a ldap shema for OX?


    System :
    Debian etch
    Open-xchange:Build: 6.6.0-6602, 2008-08-19 17:49:53
    Last edited by wurtzel; 09-02-2008 at 11:00 PM.

  2. #2
    Join Date
    Jul 2007
    Location
    Bern - Switzerland
    Posts
    27

    Default

    Hello wurtzel,

    the schema files reside in /etc/openldap/schema (at least in the SuSE distribution)
    the setup of the LDAP server is done in the file /etc/openldap/slapd.conf

    here you find the sections of server configuration
    Code:
    database        bdb
    suffix          "dc=my-domain,dc=com"
    checkpoint      1024    5
    cachesize       10000
    rootdn          "cn=Manager,dc=my-domain,dc=com"
    rootpw          {SSHA}pW/jgCO2p+BKlElVIPyfd25zRisp5NVg
    directory       /var/lib/ldap
    (this is an example - of course.... and the passwd is fake )

    above you have the section of restrictions and access policies.
    for example:
    Code:
    access to dn.base=""
            by * read
    
    access to dn.base="cn=Subschema"
            by * read
    
    access to attrs=userPassword,userPKCS12
            by self write
            by * auth
    
    access to attrs=shadowLastChange
            by self write
            by * read
    
    access to *
            by * read
    where the first and last access allow a anonymous browsing of the tree - used for login mechanisms and simple clients.

    For the ldap connection you have 3 possibilities:
    1) Use the rootdn and rootpw as defined above - SECURITYRISC!!!! DON'T DO IT (except for tests, because this dn and pw is allowed to see and do everything )
    2) For browsing only use anonymous connection as defined above
    3) create a special user outside the usertree (for example "dn=browser,ou=systemaccounts,dc=my-domain,dc=com") with a special password and no other informations and accessrights. Thats the best and safest way.

    Further Documentation can be found at
    http://www.openldap.org/ look for the admin guide and the quick start guide


    CU
    Popeye

  3. #3
    mhondiwa Guest

    Default

    Does the createuser script which adds users to mysql database also add the same users to the LDAP directory?

  4. #4
    wurtzel Guest

    Default

    so i have a Ldap tree where i do the Authentification for linux

    now I sit for the "ldap.properties" file and don't know which attributes I have to change

    I have found this part

    Code:
    #JDBC URL to the database for user specific databases instead of one global database.
    UserAttributeJDBCDatabaseURL=oxJDBCDatabaseURL
    
    #JDBC driver class name for user specific databases instead of one global database.
    UserAttributeJDBCDriverClassName=oxJDBCDriverClassName
    
    #JDBC database login for user specific databases instead of one global database.
    UserAttributeJDBCLogin=oxJDBCLogin
    
    #JDBC password for user specific databases instead of one global database.
    UserAttributeJDBCPassword=oxJDBCPassword
    is this the right place to connect to my Ldap tree?
    which DriverClass is to choose ?

    Frank

  5. #5
    wurtzel Guest

    Default

    So I can use the Login from Ldap.
    But I have manual to create the user with the createuser script.
    IS there a Way to sync automaticly the users and groups with my Ldap.

    The Goal is to create the user in my ldap and all is ready for OX.

  6. #6
    Join Date
    Feb 2007
    Location
    Olpe
    Posts
    199

    Default

    This works with Open-Xchange Server 6, I'm not sure if the sync-tool (OpenLDAP, ADS) is released for the community. Will clarify the topic.

    Daniel

  7. #7
    Join Date
    Feb 2007
    Location
    Olpe
    Posts
    199

    Default

    Update: We decided to release the sync-tool for the community in the near future.

    Best regards,
    Daniel

  8. #8

    Default

    Thanky for this news. That`s cool. I am still waiting for something like that.

    Kind regards
    mmlitz

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •