Difference between revisions of "LDAP Authentication"

From SME Server

Jump to navigation Jump to search

Revision as of 16:01, 12 March 2010

LDAP for SME Server 8

Description

LDAP authentication

For SME 8 only, LDAP is readonly

This allows the use of SME user's database in other applications

either local, eg. a LAMP app

on the server itself, eg. egroupware

on the local network, eg. another server in the local network which runs an ERP, but uses SME server user/group database

or even a remote host, eg. a GLPI instance used to manage requests from several clients using SME server.

Installation

SME 8 beta 5 onwards

Uninstall

Not needed the new method is benign,

Usage

Test with your email addressbook SME_Server:Documentation:User_Manual:Chapter2

View your LDAP Schema, ObjectClasses and Attributes with Phpldapadmin

Example setups for different types of clients

SugarCRM

Applications should use anonymous bind, there is no need to use the LDAP root password

Enabled LDAP server

Server: IP of the SME server

Port Number: 389

Base DN: ou=Users,dc=sampledomain,dc=com

Bind Attribute: dn

Authenticated User: uid=root,ou=Users,dc=sampledomain,dc=com

Authenticated Password: ldaps admin's password

Enabled Auto Create Users

Bugs

Please raise bugs under the SME Server 8 section

Retrieved from "https://wiki.koozali.org/index.php?title=LDAP_Authentication&oldid=14367"

@@ Line 1: / Line 1: @@
-== LDAP for SME Server ==
+== LDAP for SME Server 8==
-{{Level|Advanced}}
 === Description ===
-Adding LDAP authentication to sme was easy.
+LDAP authentication
-We just needed to add the attribute userPassword to the users entries in the ldap
-server and keep them in sync with the passwords stored in /etc/shadow.
-For SME 8 only, and for simplicity LDAP remains readonly
+For SME 8 only, LDAP is readonly
 This allows  the use of SME user's database in other applications
@@ Line 14: / Line 11: @@
 : on the local network, eg. another server in the local network which runs an ERP, but uses SME server user/group database
 : or even a remote host, eg. a GLPI instance used to manage requests from several clients using SME server.
-Some applications have the possibility to use imap/pop authentication (egroupware, GLPI, maybe others), but some don't offer this possibility, but can use only LDAP. imap/pop isn't as powerful as LDAP as we can only check user/password, whereas with LDAP, we can check other attributes, groups of the user etc.
 === Installation ===
-SME 8 only, e-smith-ldap-5.2.0-5.el5.sme from smetest or smeupdates-testing
+SME 8 beta 5 onwards
-This rpm is currently held in the smetest repository, the following commands will install on your smeserver.
- yum install e-smith-ldap  --enablerepo=smetest --enablerepo=smeupdates-testing --exclude=*+ldap
-no other package is needed, if it says it does it's an issue with the repos's, download manually and 'yum localinstall'
- signal-event post-upgrade;  signal-event reboot
 === Uninstall ===
@@ Line 36: / Line 23: @@
 View your LDAP Schema, ObjectClasses and Attributes with [[:Phpldapadmin ]]
-, This contrib works on sme8
 Example setups for different types of clients
 ==== SugarCRM ====
+Applications should use anonymous bind, there is no need to use the LDAP root password
 : Enabled LDAP server
@@ Line 53: / Line 41: @@
 === Bugs ===
-Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]
+Please raise bugs under the SME Server 8 section
-and select the smeserver-? component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-?|title=this link}}.
-<noinclude>[[Category: Contrib]]</noinclude>

Difference between revisions of "LDAP Authentication"

Revision as of 16:01, 12 March 2010

Contents

LDAP for SME Server 8

Description

Installation

Uninstall

Usage

SugarCRM

Bugs

Navigation menu

Page actions

Page actions

Personal tools

Koozali SME Server

Recent activities

Koozali resources

Koozali SME Server wiki

Tools

Search