Difference between revisions of "LDAP Authentication"

From SME Server
Jump to navigationJump to search
(sme8 b5)
m
 
(20 intermediate revisions by 8 users not shown)
Line 1: Line 1:
== LDAP for SME Server 8==
+
{{Warning box|If you enable ldap auth, it'll remove all your groups, users, ibay accounts from the unix databases so everything is only in LDAP.
  
=== Description ===
+
If you attempt to then disable LDAP Authentication this will break everything as you won't have any functioning accounts afterwards, and you will disable LDAP master auth functionality.}}
LDAP authentication
 
  
For SME 8 only, LDAP is readonly
+
LDAP authentication can be enabled (Experimental). Warning - Once enabled it cannot be disabled, so experiment with care. To enable:
 +
db configuration setprop ldap Authentication enabled
  
This allows  the use of SME user's database in other applications
+
{{Warning box|Do not attempt to disable LDAP Authentication once enabled as it will cause your server to become unuseable.}}
: either local, eg. a LAMP app
 
: on the server itself, eg. egroupware
 
: on the local network, eg. another server in the local network which runs an ERP, but uses SME server user/group database
 
: or even a remote host, eg. a GLPI instance used to manage requests from several clients using SME server.
 
  
=== Installation ===
+
{{Note box|For LDAP authentication for applications see [[LDAP_Authentication_for_applications|LDAP Authentication for applications]]}}
SME 8 beta 5 onwards
+
----
 
+
[[Category:Howto]]
=== Uninstall ===
 
Not needed the new method is benign,
 
 
 
=== Usage ===
 
Test with your email addressbook
 
[[:SME_Server:Documentation:User_Manual:Chapter2]]
 
 
 
View your LDAP Schema, ObjectClasses and Attributes with [[:Phpldapadmin ]]
 
 
 
Example setups for different types of clients
 
 
 
==== SugarCRM ====
 
 
 
Applications should use anonymous bind, there is no need to use the LDAP root password
 
 
 
: Enabled LDAP server
 
: Server: IP of the SME server
 
: Port Number: 389
 
: Base DN: ou=Users,dc=sampledomain,dc=com
 
: Bind Attribute: dn
 
: Login Attribute: uid
 
: Authenticated User: uid=root,ou=Users,dc=sampledomain,dc=com
 
: Authenticated Password: ldaps admin's password
 
: Enabled Auto Create Users
 
 
 
=== Bugs ===
 
Please raise bugs under the SME Server 8 section
 

Latest revision as of 03:34, 13 August 2016

Warning.png Warning:
If you enable ldap auth, it'll remove all your groups, users, ibay accounts from the unix databases so everything is only in LDAP.

If you attempt to then disable LDAP Authentication this will break everything as you won't have any functioning accounts afterwards, and you will disable LDAP master auth functionality.


LDAP authentication can be enabled (Experimental). Warning - Once enabled it cannot be disabled, so experiment with care. To enable:

db configuration setprop ldap Authentication enabled


Warning.png Warning:
Do not attempt to disable LDAP Authentication once enabled as it will cause your server to become unuseable.



Important.png Note:
For LDAP authentication for applications see LDAP Authentication for applications