665
edits
Changes
Jump to navigation
Jump to search
mLine 39:
Line 39: − +
→Authentication
(&(objectClass=mailboxRelatedObject)(objectClass=posixGroup))
(&(objectClass=mailboxRelatedObject)(objectClass=posixGroup))
{{Note box|Most of the time, anonymous binds are sufficient, no need to configure the Admin DN and password. A few applications do require to bind as a valid user. This is needed when your application needs access to attributes like uidNumber, gidNumber, homeDIrectory, loginShell etc... (for example, if you need to authenticate another Linux box using nss_ldap or sssd, you'll need to bind as a valid user). In this case, you can create a regular user (you may name it auth for example), set it a password, and use it's dn and credential to bind to your LDAP server}}
{{Note box|Most of the time, anonymous binds are sufficient, no need to configure the Admin DN and password. A few applications do require to bind as a valid user. This is needed when your application needs access attributes like uidNumber, gidNumber, homeDIrectory, loginShell etc... (for example, if you need to authenticate another Linux box using nss_ldap or sssd, you'll need to bind as a valid user). In this case, you can create a regular user (you may name it auth for example), set it a password, and use it's dn and credential to bind to your LDAP server}}
{{Note box|The LDAP directory can be consulted with plain text connections, but for security reason, authentication against LDAP is only allowed using SSL or TLS (or if your application runs directly on SME itself). So if you want to authenticate against LDAP on a remote box, you need to be sure to use LDAPs on port 686, or TLS on port 389. You also need to be sure your application can validate the certificate of your SME Server. If you try to authenticate over a plain text connection, SME will simply reject the authentication}}
{{Note box|The LDAP directory can be consulted with plain text connections, but for security reason, authentication against LDAP is only allowed using SSL or TLS (or if your application runs directly on SME itself). So if you want to authenticate against LDAP on a remote box, you need to be sure to use LDAPs on port 686, or TLS on port 389. You also need to be sure your application can validate the certificate of your SME Server. If you try to authenticate over a plain text connection, SME will simply reject the authentication}}