Announcement

Collapse
No announcement yet.

using ldap for authentification?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • using ldap for authentification?

    Hello I need help to configure the Ldap for OX6

    I have found the ldapauth.properties

    but I have not found how I can set the login dn and password for the ldap conection

    Is ther a documentation where this is deiscribed?

    exists a ldap shema for OX?


    System :
    Debian etch
    Open-xchange:Build: 6.6.0-6602, 2008-08-19 17:49:53
    Last edited by Guest; 09-02-2008, 11:00 PM.

  • #2
    Hello wurtzel,

    the schema files reside in /etc/openldap/schema (at least in the SuSE distribution)
    the setup of the LDAP server is done in the file /etc/openldap/slapd.conf

    here you find the sections of server configuration
    Code:
    database        bdb
    suffix          "dc=my-domain,dc=com"
    checkpoint      1024    5
    cachesize       10000
    rootdn          "cn=Manager,dc=my-domain,dc=com"
    rootpw          {SSHA}pW/jgCO2p+BKlElVIPyfd25zRisp5NVg
    directory       /var/lib/ldap
    (this is an example - of course.... and the passwd is fake )

    above you have the section of restrictions and access policies.
    for example:
    Code:
    access to dn.base=""
            by * read
    
    access to dn.base="cn=Subschema"
            by * read
    
    access to attrs=userPassword,userPKCS12
            by self write
            by * auth
    
    access to attrs=shadowLastChange
            by self write
            by * read
    
    access to *
            by * read
    where the first and last access allow a anonymous browsing of the tree - used for login mechanisms and simple clients.

    For the ldap connection you have 3 possibilities:
    1) Use the rootdn and rootpw as defined above - SECURITYRISC!!!! DON'T DO IT (except for tests, because this dn and pw is allowed to see and do everything )
    2) For browsing only use anonymous connection as defined above
    3) create a special user outside the usertree (for example "dn=browser,ou=systemaccounts,dc=my-domain,dc=com") with a special password and no other informations and accessrights. Thats the best and safest way.

    Further Documentation can be found at
    http://www.openldap.org/ look for the admin guide and the quick start guide


    CU
    Popeye

    Comment


    • #3
      Does the createuser script which adds users to mysql database also add the same users to the LDAP directory?

      Comment


      • #4
        so i have a Ldap tree where i do the Authentification for linux

        now I sit for the "ldap.properties" file and don't know which attributes I have to change

        I have found this part

        Code:
        #JDBC URL to the database for user specific databases instead of one global database.
        UserAttributeJDBCDatabaseURL=oxJDBCDatabaseURL
        
        #JDBC driver class name for user specific databases instead of one global database.
        UserAttributeJDBCDriverClassName=oxJDBCDriverClassName
        
        #JDBC database login for user specific databases instead of one global database.
        UserAttributeJDBCLogin=oxJDBCLogin
        
        #JDBC password for user specific databases instead of one global database.
        UserAttributeJDBCPassword=oxJDBCPassword
        is this the right place to connect to my Ldap tree?
        which DriverClass is to choose ?

        Frank

        Comment


        • #5
          So I can use the Login from Ldap.
          But I have manual to create the user with the createuser script.
          IS there a Way to sync automaticly the users and groups with my Ldap.

          The Goal is to create the user in my ldap and all is ready for OX.

          Comment


          • #6
            This works with Open-Xchange Server 6, I'm not sure if the sync-tool (OpenLDAP, ADS) is released for the community. Will clarify the topic.

            Daniel

            Comment


            • #7
              Update: We decided to release the sync-tool for the community in the near future.

              Best regards,
              Daniel

              Comment


              • #8
                Thanky for this news. That`s cool. I am still waiting for something like that.

                Kind regards
                mmlitz

                Comment

                Working...
                X