The issue is that zarafa/kopano needs to use its own services (IMAP, SMTP ecc) and so it’s not an option
@flatspin: You’re right. I just joined in since so many other options popped up here. This is my last reply to stefano here since what he states is not entirely true: Kopano provides it’s own IMAP (gateway) service, but SMTP for example is perfectly switchable, whether it’s postfix, sendmail, exim, whatever. So now I Achmed myself now: Silence! Have fun with Horde!
Don’t get me wrong but you’d think about the fact that NS offers some features which are strongly integrate… Replace some services (even only IMAP) will request many modifications in many places, so, likely, possibile issues and bugs… This is not a good thing for an enterprise class distro.
Finally, you’re free to discuss here, if you decide not to partecipate don’t day it’s my fault
Hi Stephane,
in which repo I can find it?
A simple question, howto find out the unit of the users (ou=) in nethserver?
stephdl repo: http://wiki.nethserver.org/doku.php?id=stephdl_repository
nethserver-phpldapadmin: http://wiki.nethserver.org/doku.php?id=phpldapadmin
You can also use ldapadmin for windows:
works fine for me.
Thanks it works
Did you manage to bind horde at your ldap?
I get this error:
I followed this tutorial:
EDIT:
error is gone with: $conf[‘ldap’][‘users’][‘basedn’] = ‘cn=users,dc=domain,dc=tld’;
I still can’t authenticate. Always get “username or password wrong”.
Anybody an idea what could be wrong with this:
$conf['ldap']['hostspec'] = array('192.168.0.236');
$conf['ldap']['port'] = 389;
$conf['ldap']['tls'] = false;
$conf['ldap']['timeout'] = 5;
$conf['ldap']['version'] = 3;
$conf['ldap']['binddn'] = 'NS7\HORDETEST$';
$conf['ldap']['bindpw'] = '%bR.PnME,TU$%e';
$conf['ldap']['user']['basedn'] = 'cn=users,DC=ns7,DC=lan';
$conf['ldap']['user']['uid'] = 'uid';
$conf['ldap']['user']['objectclass'] = array('*');
$conf['ldap']['user']['filter_type'] = 'objectclass';
$conf['ldap']['bindas'] = 'user';
$conf['ldap']['useldap'] = true;
$conf['auth']['admins'] = array('hordeadmin');
$conf['auth']['checkip'] = true;
$conf['auth']['checkbrowser'] = true;
$conf['auth']['resetpassword'] = true;
$conf['auth']['alternate_login'] = false;
$conf['auth']['redirect_on_logout'] = false;
$conf['auth']['list_users'] = 'list';
$conf['auth']['params']['basedn'] = 'cn=users,dc=ns7,dc=lan';
$conf['auth']['params']['scope'] = 'sub';
$conf['auth']['params']['ad'] = true;
$conf['auth']['params']['uid'] = 'sAMAccountName';
$conf['auth']['params']['encryption'] = 'crypt-sha512';
$conf['auth']['params']['newuser_objectclass'] = array('person');
$conf['auth']['params']['filter'] = '(&(objectClass=users)(objectCategory=Person))';
$conf['auth']['params']['password_expiration'] = 'no';
$conf['auth']['params']['driverconfig'] = 'horde';
$conf['auth']['driver'] = 'ldap';
$conf['auth']['params']['count_bad_logins'] = false;
$conf['auth']['params']['login_block'] = false;
$conf['auth']['params']['login_block_count'] = 5;
$conf['auth']['params']['login_block_time'] = 5;
I’m not sure about the encrytion and the filter. I tried encrytion ssha, sha256 and sha512.
TIA.
you try to use the openldap, and I guess that you use samba4 AD do I’m right, this is an example for phpldapadmin
$servers->setValue('server','name','Samba4AD Server');
$servers->setValue('server','host','ldaps://stephdl.dyndns.org');
$servers->setValue('login','auth_type','cookie');
$servers->setValue('login','bind_id','STEPHDL\NS7DEV$');
$servers->setValue('login','bind_pass','#VyT7rRzCx:m8m');
$servers->setValue('login','attr','sAMAccountName');
$servers->setValue('server','base',array('dc=stephdl,dc=dyndns,dc=org'));
the port is not 389 because it is ldaps, so 636
and I’m really not sure about the basedn
Hi,
are you sure it’s sAMAccountName?
If you have a look at Domain Accounts at your webinterface, there is a name for sAMAccountName.
But I have to say, I have same problems.
I’m back at work at Tuesday and then I can test it. If I have a solution, I will post it of course.
Not really my skill, but for openldap the name of user is ‘uid’ for samba AD it is ‘sAMAccountName’
Hi Stephane,
I think he uses a samba active directory. The line
$conf[‘auth’][‘params’][‘ad’] = true;
expresses it. I did it with the same (wrong) port with the same errors. I’ll try at Tuesday with 636.
The link @flatspin posted says you have to add the organisation unit (ou=).
At this config they do it also.
are you french ?
The value is returned by NethServer::SSSD Perl module. Look at account-provider-test as an example!
Hi Stephane, yes I use nethserver-AD. I first tried to use port 636 because of
[root@hordetest ~]# /usr/sbin/account-provider-test dump
{
"startTls" : "",
"bindUser" : "HORDETEST$",
"userDN" : "dc=ns7,dc=lan",
"port" : 636,
"isAD" : "1",
"host" : "ns7.lan",
"groupDN" : "dc=ns7,dc=lan",
"isLdap" : "",
"ldapURI" : "ldaps://ns7.lan",
"baseDN" : "dc=ns7,dc=lan",
"bindPassword" : "xxxxxxxx",
"bindDN" : "NS7\\HORDETEST$"
}
but the I got “Ldap-server is unreacheable”, with port 389 it is.
And here it says port 389:
So I tried that.
Can you confirm the results, did it work properly with port 389?
When I use port 389 the the server is at least reachable, but authentication doesn’t work.
Hi Ralf,
same problem here, at 636 server isn’t reachable, with 389 binding works, but not the authentication.
If you do the following steps
- Log in before configuring AD binding (Don’t close the browser)
- Configure AD binding
- Look at Horde users
you can’t see any users, so I think the user search string is wrong.