3,704
edits
Changes
Jump to navigation
Jump to search
mLine 1:
Line 1: − == LDAP for SME Server ==+ − − === Description ===+ − Adding LDAP authentication to sme was easy. − We just needed to add the attribute userPassword to the users entries in the ldap − server and keep them in sync with the passwords stored in /etc/shadow. − For SME 8 only, and for simplicity LDAP remains readonly + + − This allows the use of SME user's database in other applications + − : either local, eg. a LAMP app − : on the server itself, eg. egroupware − : on the local network, eg. another server in the local network which runs an ERP, but uses SME server user/group database − : or even a remote host, eg. a GLPI instance used to manage requests from several clients using SME server. − Some applications have the possibility to use imap/pop authentication (egroupware, GLPI, maybe others), but some don't offer this possibility, but can use only LDAP. imap/pop isn't as powerful as LDAP as we can only check user/password, whereas with LDAP, we can check other attributes, groups of the user etc.+ − + − === Installation ===+ − SME 8 only, e-smith-ldap-5.2.0-5.el5.sme from smetest or smeupdates-testing − − This rpm is currently held in the smetest repository, the following commands will install on your smeserver. − − yum install e-smith-ldap --enablerepo=smetest --enablerepo=smeupdates-testing --exclude=*+ldap − − no other package is needed, if it says it does it's an issue with the repos's, download manually and 'yum localinstall' − − signal-event post-upgrade; signal-event reboot − − === Uninstall === − Not needed the new method is benign, − − === Usage === − Test with your email addressbook − − − View your LDAP Schema, ObjectClasses and Attributes with [[:Phpldapadmin ]] − , This contrib works on sme8 − − Example setups for different types of clients − − ==== SugarCRM ==== − − : Enabled LDAP server − : Server: IP of the SME server − : Port Number: 389 − : Base DN: ou=Users,dc=sampledomain,dc=com − : Bind Attribute: dn − : Login Attribute: uid − : Authenticated User: uid=root,ou=Users,dc=sampledomain,dc=com − : Authenticated Password: ldaps admin's password − : Enabled Auto Create Users − − === Bugs === − Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla] − and select the smeserver-? component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-?|title=this link}}. − − <noinclude>[[Category: Contrib]]</noinclude>
no edit summary
{{Warning box|If you enable ldap auth, it'll remove all your groups, users, ibay accounts from the unix databases so everything is only in LDAP.
{{Level|Advanced}}
If you attempt to then disable LDAP Authentication this will break everything as you won't have any functioning accounts afterwards, and you will disable LDAP master auth functionality.}}
LDAP authentication can be enabled (Experimental). Warning - Once enabled it cannot be disabled, so experiment with care. To enable:
db configuration setprop ldap Authentication enabled
{{Warning box|Do not attempt to disable LDAP Authentication once enabled as it will cause your server to become unuseable.}}
{{Note box|For LDAP authentication for applications see [[LDAP_Authentication_for_applications|LDAP Authentication for applications]]}}
----
[[Category:Howto]]
[[:SME_Server:Documentation:User_Manual:Chapter2]]