Koozali.org: home of the SME Server

LDAP Authentication

CanyonMan

LDAP Authentication
« on: February 14, 2005, 10:59:20 PM »
Hello,

I have been hearing rumblings and rumors that somewhere out there is an LDAP module for SME.  I'm looking to link multiple SME servers together and use a common LDAP repository for authentication.  I have searched the forums, the Contribs section and any other place I could think of, but as of yet, have not been able to find an LDAP authentication/replication module.  

I apologize if this question has been asked before and I'm just looking in the right spot, but I'd be most grateful if someone could point me in the right direction to download this module.

Thanks,

Troy

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: LDAP Authentication
« Reply #1 on: February 15, 2005, 01:03:22 AM »
Quote from: "CanyonMan"

I have been hearing rumblings and rumors that somewhere out there is an LDAP module for SME.


I don't know where you've been hearing your rumblings and rumours.
Quote

I apologize if this question has been asked before and I'm just looking in the right spot, but I'd be most grateful if someone could point me in the right direction to download this module.


I'm not aware of any such module. I'd be interested in such a beast myself.

Offline stephen noble

  • *
  • 607
  • +1/-0
    • Dungog
LDAP Authentication
« Reply #2 on: March 02, 2005, 08:22:41 AM »
maybe you heard of a central address book using ldap

http://mirror.contribs.org/smeserver/contribs/hmuhammad/

Offline hmuhammad

  • **
  • 65
  • +0/-0
How to install Network Information Service (NIS)
« Reply #3 on: March 02, 2005, 03:47:56 PM »
Have not tried it (yet), but this solution might work for you...

How to install Network Information Service (NIS)...
http://sme.swerts-knudsen.dk/index.html?frame=http%3A//sme.swerts-knudsen.dk/howtos/howto_31.htm

...NIS or Network Information Service, is a service that provides information, that has to be known throughout the network, to all machines on the network. NIS is a system that becomes very useful when you have more than one SME server in your network and you want to be able to log into all with the same username.

Hasan
...............

Offline hgomez

  • *
  • 36
  • +0/-0
    • http://www.isfalpiz.com.ve
Re: LDAP Authentication
« Reply #4 on: March 11, 2005, 08:18:01 PM »
Quote from: "CanyonMan"
Hello,

I have been hearing rumblings and rumors that somewhere out there is an LDAP module for SME.  I'm looking to link multiple SME servers together and use a common LDAP repository for authentication.  I have searched the forums, the Contribs section and any other place I could think of, but as of yet, have not been able to find an LDAP authentication/replication module.  

I apologize if this question has been asked before and I'm just looking in the right spot, but I'd be most grateful if someone could point me in the right direction to download this module.

Thanks,

Troy


I have a E-smith SAMBA+OpenLDAP+PDC made by myself, if you want to probe it, contact me.
"No One Will Ever Need More Than 640K Ram"
                                                                              Bill Gates, 1981
......

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: LDAP Authentication
« Reply #5 on: March 11, 2005, 08:40:40 PM »
Quote from: "hgomez"

I have a E-smith SAMBA+OpenLDAP+PDC made by myself, if you want to probe it, contact me.


It'd be really great if you could write a HOWTO.

Offline hgomez

  • *
  • 36
  • +0/-0
    • http://www.isfalpiz.com.ve
Re: LDAP Authentication
« Reply #6 on: March 17, 2005, 11:13:22 PM »
Quote from: "CharlieBrady"
Quote from: "hgomez"

I have a E-smith SAMBA+OpenLDAP+PDC made by myself, if you want to probe it, contact me.


It'd be really great if you could write a HOWTO.


Hi everyone, this is my E-smith SAMBA+PDC+OpenLDAP HOWTO, any comment will be well received.
http://www.isfalpiz.com/howtos/How%20to%20SAMBA+PDC+OpenLDAP.pdf
"No One Will Ever Need More Than 640K Ram"
                                                                              Bill Gates, 1981
......

Offline Franco

  • *
  • 1,171
  • +0/-0
    • http://contribs.org
LDAP Authentication
« Reply #7 on: March 18, 2005, 12:02:15 AM »
Have you tested this on 6.01? Should it work?

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: LDAP Authentication
« Reply #8 on: March 18, 2005, 01:18:24 AM »
Quote from: "hgomez"
Quote from: "CharlieBrady"
Quote from: "hgomez"

I have a E-smith SAMBA+OpenLDAP+PDC made by myself, if you want to probe it, contact me.


It'd be really great if you could write a HOWTO.


Hi everyone, this is my E-smith SAMBA+PDC+OpenLDAP HOWTO, any comment will be well received.
http://www.isfalpiz.com/howtos/How%20to%20SAMBA+PDC+OpenLDAP.pdf


Looks very interesting. Would it be possible for you to make it available in some other format too? It's difficult to cut&paste from pdf, and I'm sure someone would like to write scripts and/or packages based on your research.

Offline gregswallow

  • *
  • 651
  • +1/-0
LDAP Authentication
« Reply #9 on: March 18, 2005, 03:00:08 AM »
Looks good :-)  Thanks for sharing

Might be worth trying on SME 6.5 that has Samba 3 built in.  And instead of doing the CPAN stuff, you could maybe try it with these rpms:

http://dag.wieers.com/packages/perl-Net-SSLeay/perl-Net-SSLeay-1.25-1.0.rh7.dag.i386.rpm

http://dag.wieers.com/packages/perl-IO-Socket-SSL/perl-IO-Socket-SSL-0.96-1.0.rh7.rf.noarch.rpm

http://dag.wieers.com/packages/perl-Net-LDAP/perl-Net-LDAP-0.3202-1.0.rh7.rf.noarch.rpm

http://dag.wieers.com/packages/perl-Crypt-SmbHash/perl-Crypt-SmbHash-0.02-1.0.rh7.dag.noarch.rpm

http://dag.wieers.com/packages/perl-Convert-BER/perl-Convert-BER-1.31.01-1.rh73.dag.noarch.rpm

...and any dependancies are most likely also found here:
http://dag.wieers.com/home-made/apt/rpmforge.php


PS - The wiki system here on contribs.org is great for documenting your work (and getting help from others) - I created a page for your howto.  You can see/edit it by going to this link -
http://no.longer.valid/phpwiki/index.php/HOWTO-Samba+PDC+OpenLDAP

Offline hgomez

  • *
  • 36
  • +0/-0
    • http://www.isfalpiz.com.ve
Re: LDAP Authentication
« Reply #10 on: March 18, 2005, 01:31:48 PM »
Quote from: "CharlieBrady"
Quote from: "hgomez"
Quote from: "CharlieBrady"
Quote from: "hgomez"

I have a E-smith SAMBA+OpenLDAP+PDC made by myself, if you want to probe it, contact me.


It'd be really great if you could write a HOWTO.


Hi everyone, this is my E-smith SAMBA+PDC+OpenLDAP HOWTO, any comment will be well received.
http://www.isfalpiz.com/howtos/How%20to%20SAMBA+PDC+OpenLDAP.pdf


Looks very interesting. Would it be possible for you to make it available in some other format too? It's difficult to cut&paste from pdf, and I'm sure someone would like to write scripts and/or packages based on your research.


I made it in .doc, try with it:
http://www.isfalpiz.com/howtos/How%20to%20SAMBA+PDC+OpenLDAP.doc

Thanks for comments...
"No One Will Ever Need More Than 640K Ram"
                                                                              Bill Gates, 1981
......

Offline hgomez

  • *
  • 36
  • +0/-0
    • http://www.isfalpiz.com.ve
LDAP Authentication
« Reply #11 on: March 18, 2005, 01:47:22 PM »
Quote from: "stuntshell"
Have you tested this on 6.01? Should it work?


Ummm, yes, I think so. Just check if you have /usr/lib/perl5/5.6.1 folder...if not and using the "perl -MCPAN -e -shell" method you get errors you must fix it in right folder...I don't see other problem. Good luck.
"No One Will Ever Need More Than 640K Ram"
                                                                              Bill Gates, 1981
......

wallyrp

LDAP Authentication
« Reply #12 on: April 19, 2005, 08:10:05 PM »
Good Afternoon,

Would this answer my long standing question of integrating SME with a Windows 2000 domain? I found the following article: http://support.microsoft.com/?kbid=324083 as to how to install NIS on Windows.

Here's the scenario. Windows 2000 Domain w/Windows XP Pro workstations, SME as my firewall/proxy/content filter server. I would like to make it to where if I do any userid maintenance/creation on the Windows 2000 Domain that it is replicated to the SME servers. Now if I install NIS on the Windows box and make it the master, would I be assuming too much that it would integrate with the SME boxes with the NIS that is detailed in the sme.swerts-knudsen how-to?

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
LDAP Authentication
« Reply #13 on: April 19, 2005, 08:38:16 PM »
Quote from: "wallyrp"
Windows 2000 Domain w/Windows XP Pro workstations, SME as my firewall/proxy/content filter server. I would like to make it to where if I do any userid maintenance/creation on the Windows 2000 Domain that it is replicated to the SME servers.


Nobody has created such a thing for SME (that I've noticed). The SME server is always the master, and I think would need considerable modification to become anything else.

I wouldn't bother with NIS. If I wanted to make SME a slave of a Windoze domain, I'd start with winbind.

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: LDAP Authentication
« Reply #14 on: April 20, 2005, 07:59:57 PM »
Quote from: "hgomez"

I made it in .doc, try with it:
http://www.isfalpiz.com/howtos/How%20to%20SAMBA+PDC+OpenLDAP.doc

Thanks for comments...


Hmmm, .doc format isn't so linux friendly. Could you do .txt or .html?

I'm a bit worried about this mod to smb.conf:

...
[everything]
comment = Root File System
path = /
read only = No
guest ok = Yes  
...

That is rather an insecure configuration change - and not likely to be essential or central to what you are trying to achieve. People would be wise to avoid doing that if possible.

It's not advised to install modules using the technique you have described. Better to find and install (or make and install using cpan2rpm) RPMs which contain the modules you need.

I haven't completely looked through your HOWTO, but it looks very interesting. Thanks.