Difference between revisions of "LDAP Authentication"

From SME Server
Jump to navigationJump to search
m
 
(38 intermediate revisions by 10 users not shown)
Line 1: Line 1:
== LDAP for SME Server ==
+
{{Warning box|If you enable ldap auth, it'll remove all your groups, users, ibay accounts from the unix databases so everything is only in LDAP.
  
=== Maintainer ===
+
If you attempt to then disable LDAP Authentication this will break everything as you won't have any functioning accounts afterwards, and you will disable LDAP master auth functionality.}}
http://firewall-services.com
 
  
=== Description ===
+
LDAP authentication can be enabled (Experimental). Warning - Once enabled it cannot be disabled, so experiment with care. To enable:
This contribution for smeserver adds LDAP
+
db configuration setprop ldap Authentication enabled
  
{{Warning box|This is development code, not suitable for production servers, testing and feedback is welcome}}
+
{{Warning box|Do not attempt to disable LDAP Authentication once enabled as it will cause your server to become unuseable.}}
  
This allows  the use of SME user's database in other applications  
+
{{Note box|For LDAP authentication for applications see [[LDAP_Authentication_for_applications|LDAP Authentication for applications]]}}
: either local, eg. a LAMP app
+
----
: on the server itself like egroupware,
+
[[Category:Howto]]
: on the local network, eg. another server in the local network which runs an ERP, but uses SME server user/group database,
 
: or even a remote host, eg. a GLPI instance used to manage requests from several clients using SME server.
 
 
 
Some applications have the possibility to use imap/pop authentication (egroupware, GLPI, maybe others), but some don't offer this possibility, but can use only LDAP. imap/pop isn't as powerful as LDAP as we can only check user/password, whereas with LDAP, we can check other attributes, groups of the user etc...
 
 
 
=== Requirements ===
 
You need a test server, preferably SME 8.
 
 
 
We need feedback to Bugzilla, either [http://bugs.contribs.org/show_bug.cgi?id=4590 here] or create a new bug for new issues.
 
 
 
=== Installation ===
 
This contrib is currently held in the smetest repository, so the following commands will install on your smeserver.
 
 
 
yum --enablerepo=smetest install e-smith-base+ldap e-smith-samba+ldap
 
 
 
This will replace standard e-smith-base and e-smith-samba packages
 
 
 
signal-event post-upgrade;  signal-event reboot
 
 
 
=== Uninstall ===
 
rpm -e e-smith-base+ldap e-smith-samba+ldap
 
yum install e-smith-base e-smith-samba [untested ...]
 
 
 
=== Usage ===
 
{{Incomplete}}
 
 
 
ToDo, Add example setups for different types of clients
 
 
 
=== Source ===
 
The source for this contrib can be found in the SME Server CVS [http://fisheye1.atlassian.com/browse/smeserver/rpms/e-smith-base+ldap e-smith-base+ldap] and
 
[http://fisheye1.atlassian.com/browse/smeserver/rpms/e-smith-samba+ldap e-smith-samba+ldap] on sourceforge.
 
 
 
=== Bugs ===
 
Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]
 
and select the smeserver-? component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-?|title=this link}}.
 
 
 
<noinclude>[[Category: Contrib]]</noinclude>
 

Latest revision as of 03:34, 13 August 2016

Warning.png Warning:
If you enable ldap auth, it'll remove all your groups, users, ibay accounts from the unix databases so everything is only in LDAP.

If you attempt to then disable LDAP Authentication this will break everything as you won't have any functioning accounts afterwards, and you will disable LDAP master auth functionality.


LDAP authentication can be enabled (Experimental). Warning - Once enabled it cannot be disabled, so experiment with care. To enable:

db configuration setprop ldap Authentication enabled


Warning.png Warning:
Do not attempt to disable LDAP Authentication once enabled as it will cause your server to become unuseable.



Important.png Note:
For LDAP authentication for applications see LDAP Authentication for applications