Difference between revisions of "LDAP Authentication"

From SME Server
Jump to navigationJump to search
(change to be sme 8 specific using the new e-smith-ldap rpm)
Line 1: Line 1:
 
== LDAP for SME Server ==
 
== LDAP for SME Server ==
 
{{Level|Advanced}}
 
{{Level|Advanced}}
 
=== Maintainer ===
 
http://www.firewall-services.com
 
  
 
=== Description ===
 
=== Description ===
This contribution for smeserver adds LDAP
+
Adding LDAP authentication to sme was easy.
 +
We just needed to add the attribute userPassword to the users entries in the ldap
 +
server and keep them in sync with the passwords stored in /etc/shadow.
  
{{Warning box|This is development code, not suitable for production servers, testing and feedback is needed}}
+
For SME 8 only
  
 
This allows  the use of SME user's database in other applications  
 
This allows  the use of SME user's database in other applications  
Line 18: Line 17:
 
Some applications have the possibility to use imap/pop authentication (egroupware, GLPI, maybe others), but some don't offer this possibility, but can use only LDAP. imap/pop isn't as powerful as LDAP as we can only check user/password, whereas with LDAP, we can check other attributes, groups of the user etc.
 
Some applications have the possibility to use imap/pop authentication (egroupware, GLPI, maybe others), but some don't offer this possibility, but can use only LDAP. imap/pop isn't as powerful as LDAP as we can only check user/password, whereas with LDAP, we can check other attributes, groups of the user etc.
  
=== Requirements ===
+
The other attributes, eg group membership are yet to be added
You need a test server, or a spirit of adventure.
 
  
Send feedback to [http://bugs.contribs.org/show_bug.cgi?id=4590 Bugzilla,] or create a new bug for new issues.
+
=== Installation ===
 +
SME 8 only, e-smith-ldap-5.2.0-5.el5.sme from smetest or smeupdates-testing
  
=== Installation ===
+
This rpm is currently held in the smetest repository, the following commands will install on your smeserver.
This contrib is currently held in the smetest repository, so the following commands will install on your smeserver.
 
  
  yum install e-smith-base+ldap e-smith-samba+ldap --enablerepo=smetest --enablerepo=smeupdates-testing
+
  yum install e-smith-ldap --enablerepo=smetest --enablerepo=smeupdates-testing
  
This will replace standard e-smith-base and e-smith-samba packages
+
no other package is needed, if it says it does it's an issue with the repos's, download manually and 'yum localinstall'
  
 
  signal-event post-upgrade;  signal-event reboot
 
  signal-event post-upgrade;  signal-event reboot
  
 
=== Uninstall ===
 
=== Uninstall ===
It might be possible but don't use a server where you have an expectation of being able to.
+
Not needed the new method is benign,
  
 
=== Usage ===
 
=== Usage ===
 
 
Test with your email addressbook
 
Test with your email addressbook
 
[[:SME_Server:Documentation:User_Manual:Chapter2]]
 
[[:SME_Server:Documentation:User_Manual:Chapter2]]

Revision as of 13:04, 30 January 2010

LDAP for SME Server

PythonIcon.png Skill level: Advanced
The instructions on this page may require deviations from standard procedures. A good understanding of linux and Koozali SME Server is recommended.


Description

Adding LDAP authentication to sme was easy. We just needed to add the attribute userPassword to the users entries in the ldap server and keep them in sync with the passwords stored in /etc/shadow.

For SME 8 only

This allows the use of SME user's database in other applications

either local, eg. a LAMP app
on the server itself, eg. egroupware
on the local network, eg. another server in the local network which runs an ERP, but uses SME server user/group database
or even a remote host, eg. a GLPI instance used to manage requests from several clients using SME server.

Some applications have the possibility to use imap/pop authentication (egroupware, GLPI, maybe others), but some don't offer this possibility, but can use only LDAP. imap/pop isn't as powerful as LDAP as we can only check user/password, whereas with LDAP, we can check other attributes, groups of the user etc.

The other attributes, eg group membership are yet to be added

Installation

SME 8 only, e-smith-ldap-5.2.0-5.el5.sme from smetest or smeupdates-testing

This rpm is currently held in the smetest repository, the following commands will install on your smeserver.

yum install e-smith-ldap  --enablerepo=smetest --enablerepo=smeupdates-testing

no other package is needed, if it says it does it's an issue with the repos's, download manually and 'yum localinstall'

signal-event post-upgrade;  signal-event reboot

Uninstall

Not needed the new method is benign,

Usage

Test with your email addressbook SME_Server:Documentation:User_Manual:Chapter2

View your LDAP Schema, ObjectClasses and Attributes with Phpldapadmin , This contrib works on sme8

Example setups for different types of clients

SugarCRM

Enabled LDAP server
Server: IP of the SME server
Port Number: 389
Base DN: dc=sampledomain,dc=com
Bind Attribute: dn
Login Attribute: uid
Authenticated User: uid=root,ou=Users,dc=sampledomain,dc=com
Authenticated Password: ldaps admin's password
Enabled Auto Create Users

Bugs

Please raise bugs under the SME-Contribs section in bugzilla and select the smeserver-? component or use this link .