Koozali.org formerly Contribs.org

LDAP Authentication

CanyonMan

LDAP Authentication
« on: February 14, 2005, 10:59:20 PM »
Hello,

I have been hearing rumblings and rumors that somewhere out there is an LDAP module for SME.  I'm looking to link multiple SME servers together and use a common LDAP repository for authentication.  I have searched the forums, the Contribs section and any other place I could think of, but as of yet, have not been able to find an LDAP authentication/replication module.  

I apologize if this question has been asked before and I'm just looking in the right spot, but I'd be most grateful if someone could point me in the right direction to download this module.

Thanks,

Troy

Re: LDAP Authentication
« Reply #1 on: February 15, 2005, 01:03:22 AM »
Quote from: "CanyonMan"

I have been hearing rumblings and rumors that somewhere out there is an LDAP module for SME.


I don't know where you've been hearing your rumblings and rumours.
Quote

I apologize if this question has been asked before and I'm just looking in the right spot, but I'd be most grateful if someone could point me in the right direction to download this module.


I'm not aware of any such module. I'd be interested in such a beast myself.

LDAP Authentication
« Reply #2 on: March 02, 2005, 08:22:41 AM »
maybe you heard of a central address book using ldap

http://mirror.contribs.org/smeserver/contribs/hmuhammad/

How to install Network Information Service (NIS)
« Reply #3 on: March 02, 2005, 03:47:56 PM »
Have not tried it (yet), but this solution might work for you...

How to install Network Information Service (NIS)...
http://sme.swerts-knudsen.dk/index.html?frame=http%3A//sme.swerts-knudsen.dk/howtos/howto_31.htm

...NIS or Network Information Service, is a service that provides information, that has to be known throughout the network, to all machines on the network. NIS is a system that becomes very useful when you have more than one SME server in your network and you want to be able to log into all with the same username.

Hasan
...............

Re: LDAP Authentication
« Reply #4 on: March 11, 2005, 08:18:01 PM »
Quote from: "CanyonMan"
Hello,

I have been hearing rumblings and rumors that somewhere out there is an LDAP module for SME.  I'm looking to link multiple SME servers together and use a common LDAP repository for authentication.  I have searched the forums, the Contribs section and any other place I could think of, but as of yet, have not been able to find an LDAP authentication/replication module.  

I apologize if this question has been asked before and I'm just looking in the right spot, but I'd be most grateful if someone could point me in the right direction to download this module.

Thanks,

Troy


I have a E-smith SAMBA+OpenLDAP+PDC made by myself, if you want to probe it, contact me.
"No One Will Ever Need More Than 640K Ram"
                                                                              Bill Gates, 1981
......

Re: LDAP Authentication
« Reply #5 on: March 11, 2005, 08:40:40 PM »
Quote from: "hgomez"

I have a E-smith SAMBA+OpenLDAP+PDC made by myself, if you want to probe it, contact me.


It'd be really great if you could write a HOWTO.

Re: LDAP Authentication
« Reply #6 on: March 17, 2005, 11:13:22 PM »
Quote from: "CharlieBrady"
Quote from: "hgomez"

I have a E-smith SAMBA+OpenLDAP+PDC made by myself, if you want to probe it, contact me.


It'd be really great if you could write a HOWTO.


Hi everyone, this is my E-smith SAMBA+PDC+OpenLDAP HOWTO, any comment will be well received.
http://www.isfalpiz.com/howtos/How%20to%20SAMBA+PDC+OpenLDAP.pdf
"No One Will Ever Need More Than 640K Ram"
                                                                              Bill Gates, 1981
......

Offline Franco

  • *
  • 1,171
    • http://contribs.org
LDAP Authentication
« Reply #7 on: March 18, 2005, 12:02:15 AM »
Have you tested this on 6.01? Should it work?

Re: LDAP Authentication
« Reply #8 on: March 18, 2005, 01:18:24 AM »
Quote from: "hgomez"
Quote from: "CharlieBrady"
Quote from: "hgomez"

I have a E-smith SAMBA+OpenLDAP+PDC made by myself, if you want to probe it, contact me.


It'd be really great if you could write a HOWTO.


Hi everyone, this is my E-smith SAMBA+PDC+OpenLDAP HOWTO, any comment will be well received.
http://www.isfalpiz.com/howtos/How%20to%20SAMBA+PDC+OpenLDAP.pdf


Looks very interesting. Would it be possible for you to make it available in some other format too? It's difficult to cut&paste from pdf, and I'm sure someone would like to write scripts and/or packages based on your research.

LDAP Authentication
« Reply #9 on: March 18, 2005, 03:00:08 AM »
Looks good :-)  Thanks for sharing

Might be worth trying on SME 6.5 that has Samba 3 built in.  And instead of doing the CPAN stuff, you could maybe try it with these rpms:

http://dag.wieers.com/packages/perl-Net-SSLeay/perl-Net-SSLeay-1.25-1.0.rh7.dag.i386.rpm

http://dag.wieers.com/packages/perl-IO-Socket-SSL/perl-IO-Socket-SSL-0.96-1.0.rh7.rf.noarch.rpm

http://dag.wieers.com/packages/perl-Net-LDAP/perl-Net-LDAP-0.3202-1.0.rh7.rf.noarch.rpm

http://dag.wieers.com/packages/perl-Crypt-SmbHash/perl-Crypt-SmbHash-0.02-1.0.rh7.dag.noarch.rpm

http://dag.wieers.com/packages/perl-Convert-BER/perl-Convert-BER-1.31.01-1.rh73.dag.noarch.rpm

...and any dependancies are most likely also found here:
http://dag.wieers.com/home-made/apt/rpmforge.php


PS - The wiki system here on contribs.org is great for documenting your work (and getting help from others) - I created a page for your howto.  You can see/edit it by going to this link -
http://no.longer.valid/phpwiki/index.php/HOWTO-Samba+PDC+OpenLDAP

Re: LDAP Authentication
« Reply #10 on: March 18, 2005, 01:31:48 PM »
Quote from: "CharlieBrady"
Quote from: "hgomez"
Quote from: "CharlieBrady"
Quote from: "hgomez"

I have a E-smith SAMBA+OpenLDAP+PDC made by myself, if you want to probe it, contact me.


It'd be really great if you could write a HOWTO.


Hi everyone, this is my E-smith SAMBA+PDC+OpenLDAP HOWTO, any comment will be well received.
http://www.isfalpiz.com/howtos/How%20to%20SAMBA+PDC+OpenLDAP.pdf


Looks very interesting. Would it be possible for you to make it available in some other format too? It's difficult to cut&paste from pdf, and I'm sure someone would like to write scripts and/or packages based on your research.


I made it in .doc, try with it:
http://www.isfalpiz.com/howtos/How%20to%20SAMBA+PDC+OpenLDAP.doc

Thanks for comments...
"No One Will Ever Need More Than 640K Ram"
                                                                              Bill Gates, 1981
......

LDAP Authentication
« Reply #11 on: March 18, 2005, 01:47:22 PM »
Quote from: "stuntshell"
Have you tested this on 6.01? Should it work?


Ummm, yes, I think so. Just check if you have /usr/lib/perl5/5.6.1 folder...if not and using the "perl -MCPAN -e -shell" method you get errors you must fix it in right folder...I don't see other problem. Good luck.
"No One Will Ever Need More Than 640K Ram"
                                                                              Bill Gates, 1981
......

wallyrp

LDAP Authentication
« Reply #12 on: April 19, 2005, 08:10:05 PM »
Good Afternoon,

Would this answer my long standing question of integrating SME with a Windows 2000 domain? I found the following article: http://support.microsoft.com/?kbid=324083 as to how to install NIS on Windows.

Here's the scenario. Windows 2000 Domain w/Windows XP Pro workstations, SME as my firewall/proxy/content filter server. I would like to make it to where if I do any userid maintenance/creation on the Windows 2000 Domain that it is replicated to the SME servers. Now if I install NIS on the Windows box and make it the master, would I be assuming too much that it would integrate with the SME boxes with the NIS that is detailed in the sme.swerts-knudsen how-to?

LDAP Authentication
« Reply #13 on: April 19, 2005, 08:38:16 PM »
Quote from: "wallyrp"
Windows 2000 Domain w/Windows XP Pro workstations, SME as my firewall/proxy/content filter server. I would like to make it to where if I do any userid maintenance/creation on the Windows 2000 Domain that it is replicated to the SME servers.


Nobody has created such a thing for SME (that I've noticed). The SME server is always the master, and I think would need considerable modification to become anything else.

I wouldn't bother with NIS. If I wanted to make SME a slave of a Windoze domain, I'd start with winbind.

Re: LDAP Authentication
« Reply #14 on: April 20, 2005, 07:59:57 PM »
Quote from: "hgomez"

I made it in .doc, try with it:
http://www.isfalpiz.com/howtos/How%20to%20SAMBA+PDC+OpenLDAP.doc

Thanks for comments...


Hmmm, .doc format isn't so linux friendly. Could you do .txt or .html?

I'm a bit worried about this mod to smb.conf:

...
[everything]
comment = Root File System
path = /
read only = No
guest ok = Yes  
...

That is rather an insecure configuration change - and not likely to be essential or central to what you are trying to achieve. People would be wise to avoid doing that if possible.

It's not advised to install modules using the technique you have described. Better to find and install (or make and install using cpan2rpm) RPMs which contain the modules you need.

I haven't completely looked through your HOWTO, but it looks very interesting. Thanks.

Re: LDAP Authentication
« Reply #15 on: April 20, 2005, 09:16:33 PM »
Quote from: "CharlieBrady"
Quote from: "hgomez"

I made it in .doc, try with it:
http://www.isfalpiz.com/howtos/How%20to%20SAMBA+PDC+OpenLDAP.doc

Thanks for comments...


Hmmm, .doc format isn't so linux friendly. Could you do .txt or .html?

I'm a bit worried about this mod to smb.conf:

...
[everything]
comment = Root File System
path = /
read only = No
guest ok = Yes  
...

That is rather an insecure configuration change - and not likely to be essential or central to what you are trying to achieve. People would be wise to avoid doing that if possible.

It's not advised to install modules using the technique you have described. Better to find and install (or make and install using cpan2rpm) RPMs which contain the modules you need.

I haven't completely looked through your HOWTO, but it looks very interesting. Thanks.


It's optional, The idea to share the root file system is in order to facility the configuration process, at the end of all, it must be deleted. In fact I don’t put it into the “/etc/e-smith/templates-custom/etc/smb.conf”. In other hands, I tried to install cpan modules using rpms, but it did not work in the same way, if anyone discover another functional method will be great. Thanks for your comments. Ahh soon I will write it in html....
"No One Will Ever Need More Than 640K Ram"
                                                                              Bill Gates, 1981
......

Re: LDAP Authentication
« Reply #16 on: April 20, 2005, 11:21:16 PM »
Quote from: "hgomez"

I tried to install cpan modules using rpms, but it did not work in the same way, if anyone discover another functional method will be great.


If you can identify the full list of required but missing perl modules then someone might be able to find or make the RPMs that you need.

cydonia

LDAP Authentication
« Reply #17 on: June 19, 2005, 07:03:22 PM »
Could someone clarify what this HowTo actually allows you to do?


All I wish to do is be able to allow authentication against the LDAP server for any web applications running locally.  Will make things so much easier with remembering and managing un/pw combos.

Also, If this isn't the purpose, would this module for Apache allow us to authenticate against SME's LDAP server:

http://www.rudedog.org/auth_ldap/


And finally.  If none of these are suitable, what would it take to incorporate LDAP authentication into SME, say for release 7?  I am willing to work on this in whatever way possible if someone can give me pointers.  If the costs to pay someone to do this mod are not unreasonable, I would consider it.

Cheers.

DarkMirage

LDAP Authentication
« Reply #18 on: June 19, 2005, 07:53:59 PM »
This is what I have learned from my experiences with sme ldap:
To authenticate with LDAP you would require the user passwords to be incorporated within ldap, as users are already maintained in the tree.

LDAP, as most (all?) modules in sme, is a separate package which therefor can be changed to incorporate such actions. The tricky part would be getting the password once it's entered by the user...and doing that secure.

Aside from that, there are a number of methods in the ldap module, which IMHO could be done better (can't it always?).

I still need to get into this for another project, so I'll let you all know if I get anywhere with it.

Please don't expect anything fast though..

DarkMirage

LDAP Authentication
« Reply #19 on: June 19, 2005, 11:42:52 PM »
Quote from: "DarkMirage"
The tricky part would be getting the password once it's entered by the user...and doing that secure.


Ignore that, the nss_ldap module takes care of the problem.

cydonia

LDAP Authentication
« Reply #20 on: June 20, 2005, 02:47:14 PM »
So is it a major change to make SME itself use LDAP for storage of all user data?

I mean, what is required here?  As I said, this is something that I think adds alot of functional usefulness to SME as far as running web applications go.

If we could simple authenticate all points of login against the central LDAP, it opens many possibilities for SME.


Any ideas here?  As I said, I am willing to follow this up in any way possible, so if the more experienced could provide some pointers, I would love to help get this integrated somehow.

LDAP Authentication
« Reply #21 on: June 20, 2005, 04:17:40 PM »
Quote from: "cydonia"
So is it a major change to make SME itself use LDAP for storage of all user data?


It should be discussed on the mailing list at smeserver.sourceforge.net if it's something you think would be good to include in SME7.  Think about what would need to be done and suggest it there.

cydonia

LDAP Authentication
« Reply #22 on: June 20, 2005, 04:24:09 PM »
Quote from: "gregswallow"

It should be discussed on the mailing list at smeserver.sourceforge.net if it's something you think would be good to include in SME7.  Think about what would need to be done and suggest it there.


Ok, will head over there and check it out.  I am not a programmer though and only know what I want conceptually. Thanks.

cydonia

LDAP Authentication
« Reply #23 on: July 06, 2005, 10:47:33 AM »
As a web server authentication alternative to LDAP, how about Samba authentication?

http://uranus.it.swin.edu.au/~jn/linux/php/php_smbauth.htm

http://tekrat.com/smbauth/

What about Samba authentication?
« Reply #24 on: July 18, 2005, 04:49:49 PM »
Quote from: "cydonia"
As a web server authentication alternative to LDAP, how about Samba authentication?

http://uranus.it.swin.edu.au/~jn/linux/php/php_smbauth.htm

http://tekrat.com/smbauth/


When you configure LDAP authentication, your samba use it too. ie, when you go to create a user, you have 2 options, SAMBA User or Posix User, each one can be used like samba user, but only posix user can open a shell command into your linux/Unix servers.
Respondind to you a previus question: With this howto you can have a windows 2000/2003 Server without to have no one windows 2000/2003 server, ie, a PDC that use OpenLDAP to authentication. Understand now?
"No One Will Ever Need More Than 640K Ram"
                                                                              Bill Gates, 1981
......

Re: LDAP Authentication, new html format, check it...
« Reply #25 on: July 18, 2005, 05:13:07 PM »
Hi friends, last week I took some time to made this howto in html, here is it, any comments will be apreciate, thanks.

http://www.isfalpiz.com/howtos/HowtoSAMBA+PDC+OpenLDAP.htm
"No One Will Ever Need More Than 640K Ram"
                                                                              Bill Gates, 1981
......

nhines

LDAP Authentication
« Reply #26 on: March 21, 2006, 02:37:36 AM »
Does anyone know if this has been updated for v7?

Fees

Answer.
« Reply #27 on: March 21, 2006, 02:03:11 PM »
Quote from: "nhines"
Does anyone know if this has been updated for v7?

Fees

Not yet, this week I will download SME7 and I will update this howto, the base must be the same.

be patience,

hg.
"No One Will Ever Need More Than 640K Ram"
                                                                              Bill Gates, 1981
......

nhines

LDAP Authentication
« Reply #28 on: March 21, 2006, 05:20:54 PM »
Thank you, hg! That is fantastic!

robin_one

LDAP Authentication
« Reply #29 on: March 22, 2006, 07:29:34 PM »
Yes, thank you. I am using KTv3 on SME and would love to have this type of integration.

Re: LDAP Authentication
« Reply #30 on: May 04, 2006, 07:28:55 PM »
Quote from: "CharlieBrady"

Hmmm, .doc format isn't so linux friendly. Could you do .txt or .html?


I see that there is an HTML version at http://www.isfalpiz.com/howtos/HowtoSAMBA+PDC+OpenLDAP.htm

Thanks

LDAP Authentication
« Reply #31 on: September 13, 2006, 09:16:33 PM »
ok, i need to do this but in sme 7, somebody knows howto?
thks

You can try to install openexchange.
« Reply #32 on: September 13, 2006, 10:52:23 PM »
Quote from: "lucho115"
ok, i need to do this but in sme 7, somebody knows howto?
thks

Hi friend, I did that, but installing openexhange, try with that howto, the if you don't want to use openexhange only unistall it.
"No One Will Ever Need More Than 640K Ram"
                                                                              Bill Gates, 1981
......

Re: You can try to install openexchange.
« Reply #33 on: September 14, 2006, 02:34:04 PM »
Quote from: "hgomez"
Quote from: "lucho115"
ok, i need to do this but in sme 7, somebody knows howto?
thks

Hi friend, I did that, but installing openexhange, try with that howto, the if you don't want to use openexhange only unistall it.


OK, i am going to see this howto, but Where stored is? i did a search to the entire contribs site, but i cant find anythnig about a openexhange howto.
thks

Re: You can try to install openexchange.
« Reply #34 on: September 14, 2006, 07:55:10 PM »
Quote from: "lucho115"
Quote from: "hgomez"
Quote from: "lucho115"
ok, i need to do this but in sme 7, somebody knows howto?
thks

Hi friend, I did that, but installing openexhange, try with that howto, the if you don't want to use openexhange only unistall it.


OK, i am going to see this howto, but Where stored is? i did a search to the entire contribs site, but i cant find anythnig about a openexhange howto.
thks


I saw once time before, is a script that downloads all necessary packages and next install it all, If you find me the openldap-2.2.13-2aci.i386.rpm I could make a howto for you, right now I don't sure if it is needed, I made some test time ago but sme 7 that I downloaded was not mature yet, I think it was CR1, not sure at all. Tell me what sme 7 are you trying to use? in fact if I remember well, some packages are same that I update in my howto, that make more easy the process, did you try with this howto?
"No One Will Ever Need More Than 640K Ram"
                                                                              Bill Gates, 1981
......

Re: You can try to install openexchange.
« Reply #35 on: September 14, 2006, 08:31:14 PM »
Quote from: "hgomez"
Quote from: "lucho115"
Quote from: "hgomez"
Quote from: "lucho115"
ok, i need to do this but in sme 7, somebody knows howto?
thks

Hi friend, I did that, but installing openexhange, try with that howto, the if you don't want to use openexhange only unistall it.


OK, i am going to see this howto, but Where stored is? i did a search to the entire contribs site, but i cant find anythnig about a openexhange howto.
thks


I saw once time before, is a script that downloads all necessary packages and next install it all, If you find me the openldap-2.2.13-2aci.i386.rpm I could make a howto for you, right now I don't sure if it is needed, I made some test time ago but sme 7 that I downloaded was not mature yet, I think it was CR1, not sure at all. Tell me what sme 7 are you trying to use? in fact if I remember well, some packages are same that I update in my howto, that make more easy the process, did you try with this howto?


OK, iam using SME 7.0 FINAL, and i dont try this how to because is for olders sme and i think that maybe i could brake my system, but if you could tell me if it is allrigth  i will try it
Anyway iam still finding the openexhange howto
thks
thks

Re: You can try to install openexchange.
« Reply #36 on: September 18, 2006, 11:23:57 PM »
Quote from: "lucho115"
Quote from: "hgomez"
Quote from: "lucho115"
Quote from: "hgomez"
Quote from: "lucho115"
ok, i need to do this but in sme 7, somebody knows howto?
thks

Hi friend, I did that, but installing openexhange, try with that howto, the if you don't want to use openexhange only unistall it.


OK, i am going to see this howto, but Where stored is? i did a search to the entire contribs site, but i cant find anythnig about a openexhange howto.
thks


I saw once time before, is a script that downloads all necessary packages and next install it all, If you find me the openldap-2.2.13-2aci.i386.rpm I could make a howto for you, right now I don't sure if it is needed, I made some test time ago but sme 7 that I downloaded was not mature yet, I think it was CR1, not sure at all. Tell me what sme 7 are you trying to use? in fact if I remember well, some packages are same that I update in my howto, that make more easy the process, did you try with this howto?


OK, iam using SME 7.0 FINAL, and i dont try this how to because is for olders sme and i think that maybe i could brake my system, but if you could tell me if it is allrigth  i will try it
Anyway iam still finding the openexhange howto
thks
thks

If you have some testing enviroment you can try, I'm working in a customer now, but as soon as possible I will download the SME 7.0 Final too and I will update this howto, using openexcahne is more easy yet, I will try to use it, but you can try with my howto, things that can happen are: 1.- you could not compile last samba source, 2.-some packages are in last update take care about it...3.-dont use my cpan.tar.gz.4.-maybe openssl-0.9.6b-36.7.legacy.i386.rpm is installed yet, 5.- in step 13 if you test samba and output is good everything gona be ok, next if smbldap-populate.pl output is ok better 6.- if "net groupmap list" print output right then you finish!!!!.
Good luck, let me to know what are you going to do...
"No One Will Ever Need More Than 640K Ram"
                                                                              Bill Gates, 1981
......

LDAP Authentication
« Reply #37 on: September 19, 2006, 02:13:42 PM »
ok, a will start the next monday with the test environment , but why i need to compile samba, sme 7 es centos so i can get a samba rpm from atrpms or other place or iam wrong?
thks

ummmm
« Reply #38 on: September 20, 2006, 11:15:50 PM »
Quote from: "lucho115"
ok, a will start the next monday with the test environment , but why i need to compile samba, sme 7 es centos so i can get a samba rpm from atrpms or other place or iam wrong?
thks


Yes, you are right!!!
"No One Will Ever Need More Than 640K Ram"
                                                                              Bill Gates, 1981
......

Offline ngomes

  • ***
  • 129
SME7 + LDAP
« Reply #39 on: October 19, 2006, 03:18:48 PM »
Hi all,

Does anyone have tried the Henry Gómez Howto on SME7 ?

Nuno
Nuno Rafael Gomes
Learning everyday from everyday problems...

LDAP Authentication
« Reply #40 on: October 19, 2006, 06:37:38 PM »
Looks like Charlie has been working on this:
http://smeserver.cvs.sourceforge.net/smeserver/e-smith-base%2Bldap/

Maybe this is a topic for the devinfo list...

ksc133

LDAP Authentication
« Reply #41 on: May 28, 2007, 04:18:20 PM »
Hi folks,

any updates on this LDAP replication feature?
it would be great feature as we can have more than 1 SME servers with Single sign on for the users.
EG: SME1 for file and print sharing
SME2 for email and web hosting...etc...

thanks

taxaw

up
« Reply #42 on: June 25, 2007, 07:44:39 AM »
SME7+SAMBA PDC LDAP AUTH ?

Yes, it work fine..but I need update my howto...
« Reply #43 on: June 26, 2007, 06:09:45 PM »
Quote from: "taxaw"
SME7+SAMBA PDC LDAP AUTH ?


I need to update my howto, when I finish you can try...right now you
only can use SME 7.1 + OpenLDAP+ OpenXchane...it's very easy...
"No One Will Ever Need More Than 640K Ram"
                                                                              Bill Gates, 1981
......