1,574
edits
Changes
Jump to navigation
Jump to search
mLine 38:
Line 38: + + + + +
LDAP Authentication enable
(&(objectClass=mailboxRelatedObject)(objectClass=posixGroup))
(&(objectClass=mailboxRelatedObject)(objectClass=posixGroup))
Optional - LDAP authentication can be enabled. Warning - Once enabled it cannot be disabled, so experiment with care. To enable:
db configuration setprop ldap Authentication enabled
{{Warning box|Do not attempt to disable LDAP Authentication once enabled as it will cause your server to become unuseable.}}
{{Note box|Most of the time, anonymous binds are sufficient, no need to configure the Admin DN and password. A few applications do require to bind as a valid user. This is needed when your application needs access attributes like uidNumber, gidNumber, homeDIrectory, loginShell etc... (for example, if you need to authenticate another Linux box using nss_ldap or sssd, you'll need to bind as a valid user). In this case, you can create a regular user (you may name it auth for example), set it a password, and use it's dn and credential to bind to your LDAP server}}
{{Note box|Most of the time, anonymous binds are sufficient, no need to configure the Admin DN and password. A few applications do require to bind as a valid user. This is needed when your application needs access attributes like uidNumber, gidNumber, homeDIrectory, loginShell etc... (for example, if you need to authenticate another Linux box using nss_ldap or sssd, you'll need to bind as a valid user). In this case, you can create a regular user (you may name it auth for example), set it a password, and use it's dn and credential to bind to your LDAP server}}