Just a strange question:
I do use AD / LDAP within Nethserver from several structures, in most cases UID is required for Authentificatin / Authorisation. But in One Case, UserPrincipalName is required which I can neither resolve nor explain.
-> External Router -> Nethserver AD / LDAP … works with UID of the user, e.g. thorsten as the login
-> Nextcloud -> Nethserver AD / LDAP … works with UID of the user, e.g. thorsten as the login
-> External EcoDMS -> Nethserver AD / LDAP … DOES not work with UID, CN, sAMAccountname but requires UserPrincipalName -> thorsten@ad.nethserver.local
-> External EcoDMS -> Zentyal AD / LDAP … DOES work with UID (parallel installion)
Is there any option to tell the client (or nethserver) to check user against UID instead of UserPrincipalName?
It depends on the client configuration. AD by its side allows LDAP simple binds with DN, samaccountname (with ‘@’ plus any registered domain suffix), UPN…
You could compare the LDAP entries in Zentyal and NethServer databases to see what differs.
You may try to change the ecodms “UID Feld” setting to sAMAccountName:
You may compare Zentyal and Nethserver LDAP fields with an LDAP client, maybe in Zentyal userPrincipalName is just “username” whereas in Nethserver it’s “username@domain.tld”.
If I enter UID, sAMAccountname, cn or users I do get a valid environment. The test button - see
shows my valid users in the respective group, but I can not log in.
only if I enter UserPrincipalName, the result from the test button is the same (just user@mydomain.tld) and I need to use user@mydomain.tld … I do not get that.
yes, I use this option - until I am still in an test environment. Once Nethserver goes completly live, it will serve WWW, POP and IMAP. At that point I will enable strong auth again.
Currently I can not take advantage of letsencrypt as the server must be reachable from the internet. At the moment any open Port on the router points to my old Zentyal installation. Consequently I can not use letsencrypt certifcates until I do a swich. Also this is more difficult as I got new domain names (not only dyndns but a real dns A record with a static IP ) … This is a little blindfold testing…
no it is not solved: I still do not want to use UserPrincipalName. This forces me to authetificate against user@top.level.domain. I do not get why this should be necessary.
I want to authetificate against sAMAccountName or UID (like other clients do) using “user” as the login. According to ECODMS this is caused by Nethserver: ECODMS Support told be that this is a setting on MS-AD servers whicht can be changed.
you do need a client installation on windows or linux (ubuntu preferred). The client installation comes with the connection manager. All three pieces of software (connection manager, client, server) may be installed on the same system. Client and Connection manager require a graphical desktop (windows, Ubuntu, Mac). From the connection manager you can log in to the server. You can find the standand users and passwords on the manual. Default admin ist:
user ecoSIMSAdmin
pwd ecoSIMSAdmin
From the admin panel you can go to users -> LDAP
By the way … a very good decision … once you got used to ecodms you will love it. It is my most favorite server at all. stable, robust, comfortable document management…
I tested it and could reproduce the issue.
I tried parts of the samba config of zentyal on Nethserver and some other smb options but no success.
I analyzed the network traffic and it’s similar but works with Zentyal and doesn’t work with Nethserver.
Giving up for today, but maybe ecodms has some log files that show more…
Markus,
I think I found a solution: ecoDMS ldap setting allows to configure as LDAP or as AD. Choosing LDAP with CN as the UID works. It solves the problem, but I still do not understand why sAMAccountName gives a result which can not be used.
In fact sAMAccountName ist an old legacy support while starting from Windows 2000 UserPrincipleName is “item of choice”.
I am happy - it works and I was able to take over the database with exactly the same system rights and assignments.
