Announcement

Collapse
No announcement yet.

Open-Xchange 6 & Active Directory

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Open-Xchange 6 & Active Directory

    Dear OX Pros,
    I went through all the guide to set up OX6 on ubuntu 8.10 and it works fine. Now I'm trying to authenticate users to our AD through "OX LDAP Sync". Again I went through all the steps in that guide at least the one I understand. Unfortunately up to now I could not get any good results. what I try to login I got this in the log-file:
    Code:
    25 Feb, 2009 9:34:56 AM com.openexchange.ajax.Login doGet
    SEVERE: LGI-0005 Category=5 Message=Login not possible at the moment. Please try again later. exceptionID=1334134695-4
    LGI-0005 Category=5 Message=Login not possible at the moment. Please try again later. exceptionID=1334134695-4
    .......
    Caused by: javax.naming.CommunicationException: localhost:389 [Root exception is java.net.ConnectException: Connection refused]
    .....
    Caused by: java.net.ConnectException: Connection refused
    I like to find out something; as you say "OX LDAP Sync" is not a direct authenticate to our AD it just copy the users details form AD to the OX. Hence, should not OX has also an Openldap server or what?. sorry for this dump Q!!. Again, how that "ldapauth.properties" could authinticate to an ldap-server while OX doesn't have one??!
    here is my "ldapauth.properties":
    Code:
    java.naming.provider.url=ldap://localhost:389/dc=example,dc=edu
    java.naming.security.authentication=simple
    com.sun.jndi.ldap.connect.timeout=10000
    com.sun.jndi.ldap.read.timeout=10000
    uidAttribute=uid
    baseDN=ou=Users,ou=OxObjects,dc=example,dc=edu
    Also to mention that "oxldapsync.pl" works fine and I got all the users I need. Also here is how I configure the "ldapsyn-ads.conf ".
    Code:
    ....
    userbasedn              = ou=IT,dc=example,dc=edu
    groupbasedn             = ou=IT,dc=example,dc=edu
    ...
    Last edited by Guest; 02-25-2009, 08:17 AM.

  • #2
    Hi,

    OX does not provide an LDAP Service, therefor you'll need to configure an (existing) external LDAP service for authentication.

    Comment


    • #3
      The OX authentication-ldap module just does what you did configure. It connects to an ldap server running on the local host, which obviously isn't the case... :-)

      Your AD does not run on the same machine, I'm quite sure.

      OX needs to authenticate against an external LDAP server, e.g. AD, check http://www.open-xchange.com/wiki/ind...#Prerequisites for more information.
      Last edited by Carsten Hoeger; 02-25-2009, 10:00 AM.

      Comment


      • #4
        Very grateful to your replies guys. What I got is that I have to install an Ldap server in my OX machine, so it could authenticate via it. So is this the logic:

        * "oxldapsync.pl" will copy user details from the REAL External AD using the configuration in ldapsyn-ads.conf.
        * I have to install an LDAP-server in OX machine so OX could authenticate to it.
        ............
        ?? but then how the ldap-server in my OX machine will get the list of the users. Does "oxldapsync.pl" feed it..???

        Or what?

        Comment


        • #5
          oxldapsync feeds the ox database, not another ldap server, as documented at http://www.open-xchange.com/wiki/ind...LDAPSync_Guide

          You still need the external ldap server to authenticate against it, as documented at http://www.open-xchange.com/wiki/ind...#Prerequisites

          Comment


          • #6
            Very clear now, I thought that before too, but reading a thread about undirect auth with AD server mixes things in my mind. Nevermore, now I keep getting this message "Login failed. Please check your user name and password and try again". I don't know where the problem is it in my "ldapauth.properties" or it is time to do something with "ldap.properties". By the way how really should that last file look like, there is no guide about it.

            Comment


            • #7
              Guys, Help,

              I'm still not able to authenticate against our Active Directory. I have tried all the possible tricks in "ldapauth.properties", but it still not working!!

              Any body could explain it in a very boring detail how to set up the "ldapauth.properties" putting all the options and the tricks that it could possibly setup-ed in our stupid Active Directory server.!!

              Comment


              • #8
                Hi folks,

                Sorry, but was my Q that hard?, or it turns that I'm so much dump that I should not ask???!?!?

                I really like Open Source stuff and Linux world, I dream of seeing all the world using LINUX only not the MS crap systems. I'm working in environment with MS everywhere, but I promised our Network Admin to find a good real stable solution for our MS-Exchange E-mail server problem. so please help me...

                Comment


                • #9
                  Sorry, never did such stuff.
                  You might want to contact rccsoftware/sourcegarden directly:



                  Die Sourcegarden GmbH entwickelt webbasierte Software, bietet Design f?r digitale Medien und Oberfl?chen, konzipiert IT-Infrastrukturen und bietet au?erordentlichen Helpdesk.


                  They did the implementation of oxldapsync

                  Comment


                  • #10
                    ldap.properties

                    Thanks for your help, unfortunately that website is in German and I barely know English lol. Even trying to translate it to English didn't work well. By the way how should I fix "ldap.properties" to fit out AD server needs?. what it is main job?. It possible that it is the problem that I can get my users authenticated against the AD server?!.

                    Comment


                    • #11
                      Possilbility 1:
                      Contact Sourcegarden for help: info[AT]sourcegarden.de

                      Possibility 2:
                      Post the errors that are in the logfiles of Open-Xchange and in the eventlog of the AD server here. Attach all relevant configs, too.

                      Regards,
                      Daniel

                      Comment


                      • #12
                        Originally posted by linux-mad View Post
                        Hi folks,

                        Sorry, but was my Q that hard?, or it turns that I'm so much dump that I should not ask???!?!?

                        I really like Open Source stuff and Linux world, I dream of seeing all the world using LINUX only not the MS crap systems. I'm working in environment with MS everywhere, but I promised our Network Admin to find a good real stable solution for our MS-Exchange E-mail server problem. so please help me...
                        Hello there,

                        What i did was the following (it might not be a perfect solution, but it works for me even though there is some manual work to be done which obviously isn't all that great for bigger companies). Since OX documentation is a tad scarce (make that inexistant ), this is the only way as far as i know to get some sort of ADS integration.

                        Steps:
                        1. configure samba/winbindd and join your linux server into existing ADS domain

                        2. install and configure underlaying mail system (i am using courier-imap + postfix). This is the part where manual work comes in place, i did configure pam to autocreate users $HOME, however for all my users i had to manually issue the command "maildirmake Maildir" inside their respective $HOME (HINT: "maildirmake /etc/skel/Maildir").

                        3. install open-xchange-authentication-imap package

                        4. modify your pam "imap" file with following values
                        auth required /lib/security/pam_winbind.so
                        account required /lib/security/pam_winbind.so
                        session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022 debug
                        5. install and configure your oxldapsync package (the script as far as i managed to understand does NOT sync user passwords, so you will have to set to a static value and instruct your users to change it (you set these values in mapping.ads.conf file inside the oxldapsync directory).

                        6. edit ldapsync-ads.conf file and reflect your ADS setup in it, once you have completed modifying both mapping.ads.conf and ldapsync-ads.conf you will have to execute the oxldapsync.pl script.

                        Sample ldapsync-ads.conf
                        ldapuri = ldap://name_or_ip_of_your_dc
                        userbasedn = "cn=Users,dc=foobar,dc=bar"
                        groupbasedn = "cn=Users,dc=foobar,dc=bar"
                        ldapuserdn = "cn=Administrator,cn=Users,dc=foobar,dc=bar"
                        ldapuserpassword = super_secret_password
                        Code:
                        /etc/oxldapsync/sbin/oxldapsync.pl -f /etc/oxldapsync/etc/ldapsync-ads.conf -c 1 -A contextadmin -P context_admin_pass -v -s
                        -v and -s arguments are just to get the verbose output on your cli.

                        I will eventually make a thread in these forums with concrete examples (file modifications) of how i did the "integration" of OX into ADS domain.

                        Hope it sheds a little light on your problem.

                        Regards,
                        Daniel
                        Last edited by Guest; 07-08-2009, 10:15 AM.

                        Comment

                        Working...
                        X