665
edits
Changes
Jump to navigation
Jump to search
mLine 25:
Line 25: − + − + Line 39:
Line 39: − + − + +
→Authentication
=== Authentication ===
=== Authentication ===
If you want to use the LDAP directory of your SME Server as authentication source on third party software, here are the parameter you need
If you want to use the LDAP directory of your SME Server as authentication source on third party software, here are the parameters you need
User Base: ou=Users,dc=domain,dc=tld
User Base: ou=Users,dc=domain,dc=tld
Group Base: ou=Users,dc=domain,dc=tld
Group Base: ou=Groups,dc=domain,dc=tld
Host: <the ip or hostname of your SME Server> (prefer the hostname or you'll have additional problem with certificate verification)
Host: <the ip or hostname of your SME Server> (prefer the hostname or you'll have additional problem with certificate verification)
(&(objectClass=mailboxRelatedObject)(objectClass=posixGroup))
(&(objectClass=mailboxRelatedObject)(objectClass=posixGroup))
{{Note box|Most of the time, anonymous bind are sufficient, no need to configure the Admin DN and password. A few applications do requires to bind as a valid user. This is needed when your application requires access to attributes like uidNumber, gidNumber, homeDIrectory, loginSHel etc... (for example, if you need to authenticate another Linux box using nss_ldap or sssd, you'll need to bind as a valid user). In this case, you can create a regular user (you may name it auth for example), set it a password, and use it's dn and credential to bind to your LDAP server}}
{{Note box|Most of the time, anonymous binds are sufficient, no need to configure the Admin DN and password. A few applications do require to bind as a valid user. This is needed when your application needs access to attributes like uidNumber, gidNumber, homeDIrectory, loginShell etc... (for example, if you need to authenticate another Linux box using nss_ldap or sssd, you'll need to bind as a valid user). In this case, you can create a regular user (you may name it auth for example), set it a password, and use it's dn and credential to bind to your LDAP server}}
{{Note box|The LDAP directory can be consulted with plain text connection, but for security reason, authentication against LDAP is only allowed using SSL or TLS (or if your connection runs directly on SME itself). So if you want to authenticate against LDAP on a remote box, you need to be sure to use LDAPs on port 686, or TLS on port 389. You also need to be sure your application can validate the certificate of your SME Server. If you try to authenticate over a plain text connection, SME will simply reject the authentication}}
{{Note box|The LDAP directory can be consulted with plain text connections, but for security reason, authentication against LDAP is only allowed using SSL or TLS (or if your application runs directly on SME itself). So if you want to authenticate against LDAP on a remote box, you need to be sure to use LDAPs on port 686, or TLS on port 389. You also need to be sure your application can validate the certificate of your SME Server. If you try to authenticate over a plain text connection, SME will simply reject the authentication}}
Example setups for different types of clients
Example setups for different types of clients
=== Exemple ===
=== Exemple ===