|
|
(23 intermediate revisions by 9 users not shown) |
Line 1: |
Line 1: |
− | == LDAP for SME Server ==
| + | {{Warning box|If you enable ldap auth, it'll remove all your groups, users, ibay accounts from the unix databases so everything is only in LDAP. |
− | {{Level|Advanced}} | |
| | | |
− | === Description ===
| + | If you attempt to then disable LDAP Authentication this will break everything as you won't have any functioning accounts afterwards, and you will disable LDAP master auth functionality.}} |
− | Adding LDAP authentication to sme was easy.
| |
− | We just needed to add the attribute userPassword to the users entries in the ldap
| |
− | server and keep them in sync with the passwords stored in /etc/shadow.
| |
| | | |
− | For SME 8 only, and for simplicity LDAP remains readonly
| + | LDAP authentication can be enabled (Experimental). Warning - Once enabled it cannot be disabled, so experiment with care. To enable: |
| + | db configuration setprop ldap Authentication enabled |
| | | |
− | This allows the use of SME user's database in other applications
| + | {{Warning box|Do not attempt to disable LDAP Authentication once enabled as it will cause your server to become unuseable.}} |
− | : either local, eg. a LAMP app
| |
− | : on the server itself, eg. egroupware
| |
− | : on the local network, eg. another server in the local network which runs an ERP, but uses SME server user/group database
| |
− | : or even a remote host, eg. a GLPI instance used to manage requests from several clients using SME server.
| |
| | | |
− | Some applications have the possibility to use imap/pop authentication (egroupware, GLPI, maybe others), but some don't offer this possibility, but can use only LDAP. imap/pop isn't as powerful as LDAP as we can only check user/password, whereas with LDAP, we can check other attributes, groups of the user etc.
| + | {{Note box|For LDAP authentication for applications see [[LDAP_Authentication_for_applications|LDAP Authentication for applications]]}} |
− | | + | ---- |
− | The other attributes, eg group membership are yet to be added
| + | [[Category:Howto]] |
− | | |
− | === Installation ===
| |
− | SME 8 only, e-smith-ldap-5.2.0-5.el5.sme from smetest or smeupdates-testing
| |
− | | |
− | This rpm is currently held in the smetest repository, the following commands will install on your smeserver.
| |
− | | |
− | yum install e-smith-ldap --enablerepo=smetest --enablerepo=smeupdates-testing --exclude=*+ldap
| |
− | | |
− | no other package is needed, if it says it does it's an issue with the repos's, download manually and 'yum localinstall'
| |
− | | |
− | signal-event post-upgrade; signal-event reboot
| |
− | | |
− | === Uninstall ===
| |
− | Not needed the new method is benign,
| |
− | | |
− | === Usage ===
| |
− | Test with your email addressbook
| |
− | [[:SME_Server:Documentation:User_Manual:Chapter2]] | |
− | | |
− | View your LDAP Schema, ObjectClasses and Attributes with [[:Phpldapadmin ]]
| |
− | , This contrib works on sme8
| |
− | | |
− | Example setups for different types of clients
| |
− | | |
− | ==== SugarCRM ====
| |
− | | |
− | : Enabled LDAP server
| |
− | : Server: IP of the SME server
| |
− | : Port Number: 389
| |
− | : Base DN: dc=sampledomain,dc=com
| |
− | : Bind Attribute: dn
| |
− | : Login Attribute: uid
| |
− | : Authenticated User: uid=root,ou=Users,dc=sampledomain,dc=com
| |
− | : Authenticated Password: ldaps admin's password
| |
− | : Enabled Auto Create Users
| |
− | | |
− | === Bugs ===
| |
− | Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]
| |
− | and select the smeserver-? component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-?|title=this link}}.
| |
− | | |
− | <noinclude>[[Category: Contrib]]</noinclude>
| |