[turba] LDAP Authorization

Craig White craigwhite at azapple.com
Sun Oct 12 19:56:17 UTC 2008


On Sun, 2008-10-12 at 15:45 -0400, Jorge Hernandez wrote:
> I actually have the linux authentication to validate against LDAP, even the
> root account is on LDAP, so the answer is yes I can login using SSH.
> 
> -----Original Message-----
> From: turba-bounces at lists.horde.org [mailto:turba-bounces at lists.horde.org]
> On Behalf Of Craig White
> Sent: Sunday, October 12, 2008 2:55 PM
> To: turba at lists.horde.org
> Subject: Re: [turba] LDAP Authorization
> 
> On Sun, 2008-10-12 at 12:16 -0400, Jorge Hernandez wrote:
> > Well I have my LDAP configured to work with my Samba server acting as a DC
> > for a windows network, everything works well, but when I go to horde
> > authentication to configure it I put the same as my samba is configured,
> but
> > it doesn't show me my users or adds new ones, then I found a How To called
> > Existing LDAP, and it says to put some access permissions to horde, which
> I
> > did but there is one that makes my LDAP not start, and it's this line:
> > 
> > access to attrs="@hordePerson"
> > 
> > so I haven't been able to get horde connect to my LDAP.
> > 
> > Do you have any idea? How do I configure my slapd.conf so horde can
> connect
> > to my LDAP server?
> ----
> can you login via ssh as an LDAP 'user'? If not, that is your first
> problem to solve. Don't expect horde to be able to login via LDAP if you
> can't otherwise make it happen.
> 
> Just to be clear, Samba uses sambaNTPassword (possibly sambaLMPassword)
> hash that is peculiar to Windows authentication and requires a mechanism
> that would be difficult to configure within horde. The mechanisms for
> encrypting Windows passwords are uniquely Microsoft. Most POSIX systems
> would likely use PAM for underlying user authentication and would use
> the 'userPassword' attribute which would be encrypted however your LDAP
> server is designed to store them.
----
if LDAP users (not root) can ssh into that server then you should be
able to 'authenticate' LDAP users via horde.

In answer to your question about modifications to slapd.conf to allow
horde to connect to your LDAP server, the answer should be none other
than those you would make to allow users to connect to your server for
other services and I use ssh as a simple barometer.

Craig



More information about the turba mailing list