Password for LDAP bind

rasi · October 14, 2017, 11:08am

WANTED !
Clear-text password for LDAP bind. Where?

giacomo · October 14, 2017, 6:20pm

You can use any users created from the web interface.
Some services create its own user, you can find related passwords inside /var/lib/nethserver/secrets

mrmarkuz · October 14, 2017, 6:21pm

You may try this one:

rasi · October 15, 2017, 12:14pm

“no such file or directory”

And no, for Horde I cannot use any user. Obviously it only works if the machine account binds to LDAP. But for this I need the machine password decrypted. Or I should be able to use anonymous bind. But how do I enable this?

Stefano_Zamboni · October 15, 2017, 12:17pm

ok, please, explain your problem, not your solution, thank you

rasi · October 15, 2017, 12:32pm

???
The problem is that I cannot bind to the Active Directory with the machine account beause the machine password is encrypted.
Didn’t I say that?

mrmarkuz · October 15, 2017, 12:38pm

What about the other files in /var/lib/nethserver/secrets?

rasi · October 15, 2017, 1:10pm

There is just one file “vmail”. This NS system works as mail server and is joined to the AD.

dnutan · October 15, 2017, 7:29pm

I’ve done a quick test with a user as Giacomo suggested (DOMAIN\binduser) and it worked, either with admin, administrator or a dedicated user. Following the horde howto, listing users didn’t work but domain users could login to horde.

mrmarkuz · October 15, 2017, 8:02pm

I tested it on my 7.4b1 testserver and came to the same result as @dnutan. I could login as domain user. I just followed the horde howto of @m.traeumner, using DOMAIN/admin.

Maybe you are missing the AD in front of your DOMAIN.LOCAL? Just a guess…

[root@testserver ~]# account-provider-test dump
...
   "LdapURI" : "ldaps://ad.domain.local",
   "BaseDN" : "dc=ad,dc=domain,dc=local",

m.traeumner · October 16, 2017, 7:14am

The BindPassword you can get with

account-provider-test dump

I used this for binding my Horde Installation.

rasi · October 16, 2017, 8:40am

Well, Markus, a domain user can login. But the horde log says “DN for the user xy not found”. And as soon as the user switches to addressbook or calendar, Horde crashes.

rasi · October 16, 2017, 8:42am

Which NS version? The BindPassword is encrypted, that’s the whole problem.

rasi · October 13, 2017, 4:05pm

!!! Merged from Installing Horde Groupware !!!

Hi Michael,

which BindDN do you use?
I moved from Univention UCS to a Nethserver AD and followed your Howto to reinstall Horde. But I always get “DN for user … not found”.
In UCS it worked with a machine account. But NS does not give me any machine passwords.
Any idea?

m.traeumner · October 16, 2017, 7:00am

!!! Merged from Installing Horde Groupware !!!

You can get your BindDN with

account-provider-test dump

m.traeumner · October 16, 2017, 8:56am

For me it has worked with 7.3 and now it works with 7.4.
I’ve copied the encrypted BindPassword and the BindDN to the configuration.

Can you post following files please

/etc/horde/conf.php
/etc/horde/hooks.local.php

mrmarkuz · October 16, 2017, 9:18am

My horde.log has no “DN for the user xy not found” error. I use NS 7.4.b1. But I do not have calendar or webmail installed. Just for info.

...
2017-10-15T19:53:48+00:00 NOTICE: HORDE [horde] Login success for admin to horde (192.168.221.1) [pid 6495 on line 164 of "/usr/share/horde/login.php"]
2017-10-16T09:07:45+00:00 NOTICE: HORDE [horde] Login success for admin to horde (192.168.221.1) [pid 2794 on line 164 of "/usr/share/horde/login.php"]

giacomo · October 16, 2017, 12:14pm

Please bear in mind that the password is not encrypted, it’s just in binary form.

You can also create an ad-hoc user from the web interface and use it for Horde configuration.

rasi · October 16, 2017, 1:00pm

It works now. THANK YOU ALL!
The main mistake was that I had “cn=Administrator,dc=ad,…” as BindDN instead of “DOMAIN\User”. I did not think LDAP from the Samba side.

m.traeumner · October 16, 2017, 1:08pm

Could you mark the right answer as solution please