Announcement

Collapse
No announcement yet.

Ldap Direct authentication

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ldap Direct authentication

    Is possible to make OX6 authenticate users directly from openldap (slapd)?
    I'm trying some stuffs using the open-xchange-authentication-ldap bundle package instead the database packge, but i still dont get it to work! Can some one help me? Wich files i must edit, how can I set this thing up? please answer.

    Thanks a lot.

  • #2
    Hi,

    did you already looked at http://www.open-xchange.com/forum/fo...play.php?f=19? If there are problems with the LDAP Plugin, please post them there because the developers/maintainers of the plugin are watching this forum.

    Greetings

    Comment


    • #3
      Not trying sync, but direct autentication

      Originally posted by Martin Braun View Post
      Hi,

      did you already looked at http://www.open-xchange.com/forum/fo...play.php?f=19? If there are problems with the LDAP Plugin, please post them there because the developers/maintainers of the plugin are watching this forum.

      Greetings
      Well, as I said before, I'm trying direct authentication, not sync. Is it possible, or I should giveup? I want authentication over ldap.

      Comment


      • #4
        Hey,

        how does your ldap auth file look like?
        /opt/open-xchange/etc/groupware/ldapauth.properties

        Comment


        • #5
          Hi Martin, I work with Lucasm, I will help answering your question.

          Our ldapauth.properties looks like:

          Code:
          java.naming.provider.url=ldap://localhost:389/dc=modelomail,dc=com,dc=br
          java.naming.security.authentication=simple
          com.sun.jndi.ldap.connect.timeout=10000
          com.sun.jndi.ldap.read.timeout=10000
          uidAttribute=uid
          baseDN=ou=Users,ou=OxObjects,dc=modelomail,dc=com,dc=br
          I'll tell you what I've done so far:

          I have a 6.6 version installed via packages and working on an ubuntu 8.04, authenticating using mysql. To try to authenticate against Ldap, I do the following:

          Code:
          apt-get remove open-xchange-authentication-database
          apt-get install open-xchange-authentication-ldap

          and restart the admin and groupware services. I have Slapd installed and working perfectly. Now, when I try to logon in OX I see the following log messages in open-xchange.log:

          Code:
          Nov 17, 2008 7:41:51 PM com.openexchange.ajax.Login doGet
          SEVERE: LGI-0005 Category=5 Message=Login not possible at the moment. Please try again later. exceptionID=-601163121-7
          LGI-0005 Category=5 Message=Login not possible at the moment. Please try again later. exceptionID=-601163121-7
          	at com.openexchange.authentication.ldap.LDAPAuthentication.createContext(LDAPAuthentication.java:167)
          	at com.openexchange.authentication.ldap.LDAPAuthentication.bind(LDAPAuthentication.java:134)
          	at com.openexchange.authentication.ldap.LDAPAuthentication.handleLoginInfo(LDAPAuthentication.java:113)
          	at com.openexchange.authentication.service.Authentication.login(Authentication.java:92)
          	at com.openexchange.ajax.Login.doGet(Login.java:144)
          	at com.openexchange.ajax.Login.doPost(Login.java:440)
          	at javax.servlet.http.HttpServlet.service(HttpServlet.java:616)
          	at com.openexchange.ajax.AJAXServlet.service(AJAXServlet.java:376)
          	at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
          	at com.openexchange.ajp13.AJPv13Request.response(AJPv13Request.java:120)
          	at com.openexchange.ajp13.AJPv13RequestHandler.createResponse(AJPv13RequestHandler.java:466)
          	at com.openexchange.ajp13.AJPv13Connection.createResponse(AJPv13Connection.java:197)
          	at com.openexchange.ajp13.AJPv13Listener.run(AJPv13Listener.java:259)
          	at java.lang.Thread.run(Thread.java:595)
          Caused by: javax.naming.CommunicationException: ox.open-xchange.com:389 [Root exception is java.net.SocketTimeoutException: connect timed out]
          	at com.sun.jndi.ldap.Connection.<init>(Connection.java:194)
          	at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
          	at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1578)
          	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2596)
          	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
          	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
          	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
          	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
          	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
          	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
          	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
          	at javax.naming.InitialContext.init(InitialContext.java:223)
          	at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
          	at com.openexchange.authentication.ldap.LDAPAuthentication.createContext(LDAPAuthentication.java:165)
          	... 13 more
          Caused by: java.net.SocketTimeoutException: connect timed out
          	at java.net.PlainSocketImpl.socketConnect(Native Method)
          	at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
          	at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
          	at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
          	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
          	at java.net.Socket.connect(Socket.java:520)
          	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          	at java.lang.reflect.Method.invoke(Method.java:585)
          	at com.sun.jndi.ldap.Connection.createSocket(Connection.java:333)
          	at com.sun.jndi.ldap.Connection.<init>(Connection.java:181)
          	... 26 more
          In the other side, no Slapd activity is logged in Syslog. I think OX is not trying to connect to the ldap server.


          Thanks for the help Martin! If we (I mean, you LOL) could make this work, it would be a very good option for admin centralization, I think better than the existing uni-directional ldap sync.

          Oh, one more thing: contratulations to you and all the team for the great work! OX community is outstanding!!

          Comment


          • #6
            Hi Martin, sorry the inconvenience, but we are depending on your answer to decide between version 6.6 and 6.4. We just want to know if it's possible, cause if it's not, we'll stick with 6.4, since the user can't change password in 6.6.

            Thanks!

            Comment


            • #7
              Hi,

              i'm sorry but i don't have very deep knowledge of the LDAP Plugin - i'll move this thread to the correct category and hopefully somebody else will answer.

              Comment


              • #8
                Thanks a lot anyway

                Well if is possible to make a way that users can change password in OX6 and it gets changed too in imap and smtp server, that solution wold fit to ower espectations. The real problem is, if some user change his ox password, his acount stop working until some admin change the imap and smtp acount to the same password.
                Thanks for helping.

                Comment

                Working...
                X