Hi Stephane,
I’ve configured Samba, but at Domain Accounts it says LDAP port: 389
Can you or perhaps another one explain it.
It is a fully updated ns7 with nethserver-dc installed ?
@giacomo just to be sure…ldaps is on the port 636 ?
Yes it is.
account-provider-test dump gives the following
{
"startTls" : "",
"bindUser" : "GROUPWAREBACKUP$",
"userDN" : "dc=MyDomain,dc=de",
"port" : 636,
"isAD" : "1",
"host" : "jonas.de",
"groupDN" : "dc=MyDomain,dc=de",
"isLdap" : "",
"ldapURI" : "ldaps://MyDomain.de",
"baseDN" : "dc=MyDomain,dc=de",
"bindPassword" : "SystemPassword",
"bindDN" : "MyDomain\\GROUPWAREBACKUP$"
}
Authentication by ldap is hard and really tricky sometime…you need to test it unfortunately
Yes, it is
nmap reports both ports to be open:
also from nmap (first 2000 ports):
anon bind o.k.? really?
Here is an overview about samba ports.
If I try to connecto with TLS and port 636 I get the following error:
Unable to start TLS and unable to fetch rootDSE entry to see if TLS is supported: Can’t contact LDAP server Parameters: Base: Filter: (objectClass=*) Scope: base
By chance or by accident these settings worked (LDAP is not my thing so corrections may apply). Connection worked on port 389, it didn’t on 636 (local host).
$conf['ldap']['hostspec'] = array('local.neth.eu');
$conf['ldap']['port'] = 389;
$conf['ldap']['tls'] = false;
// ...
$conf['ldap']['binddn'] = 'LOCAL\TEST1$';
$conf['ldap']['bindpw'] = 'xxxxxxxxxxx';
$conf['ldap']['user']['basedn'] = 'cn=users,dc=local,dc=neth,dc=eu';
$conf['ldap']['user']['uid'] = 'samaccountname';
$conf['ldap']['user']['filter'] = '(objectClass=user)';
$conf['ldap']['user']['filter_type'] = 'filter';
// ...
$conf['auth']['params']['basedn'] = 'dc=local,dc=neth,dc=eu';
$conf['auth']['params']['scope'] = 'sub';
$conf['auth']['params']['ad'] = true;
$conf['auth']['params']['uid'] = 'samaccountname';
$conf['auth']['params']['encryption'] = 'ssha';
$conf['auth']['params']['newuser_objectclass'] = array('shadowAccount', 'inetOrgPerson');
$conf['auth']['params']['filter'] = '(objectclass=Person)';
// ...
$conf['auth']['driver'] = 'ldap';
Groups still not showing.
Hi Marc,
thanks for testing. With your settings I can login, but I don’t see any users. This is my config, could you compare it with yours please. I can’t find my error.
$conf['sql']['username'] = 'hordeuser';
$conf['sql']['password'] = 'SQLUserPassword';
$conf['sql']['hostspec'] = 'GroupwareBackup.MyDomain.de';
$conf['sql']['port'] = 3306;
$conf['sql']['protocol'] = 'tcp';
$conf['sql']['database'] = 'horde5';
$conf['sql']['charset'] = 'utf-8';
$conf['sql']['ssl'] = false;
$conf['sql']['splitread'] = false;
$conf['sql']['phptype'] = 'mysqli';
$conf['nosql']['phptype'] = false;
$conf['ldap']['hostspec'] = array('IP of Samba Container');
$conf['ldap']['port'] = 389;
$conf['ldap']['tls'] = false;
$conf['ldap']['timeout'] = 5;
$conf['ldap']['version'] = 3;
$conf['ldap']['binddn'] = 'MyDomain\\GROUPWAREBACKUP$';
$conf['ldap']['bindpw'] = 'System Password';
$conf['ldap']['user']['basedn'] = 'cn=users,dc=jonas,dc=de';
$conf['ldap']['user']['uid'] = 'samaccountname';
$conf['ldap']['user']['filter'] = '(objectClass=user)';
$conf['ldap']['user']['filter_type'] = 'filter';
$conf['ldap']['bindas'] = 'admin';
$conf['ldap']['useldap'] = true;
$conf['auth']['admins'] = array('admin');
$conf['auth']['checkip'] = true;
$conf['auth']['checkbrowser'] = true;
$conf['auth']['resetpassword'] = true;
$conf['auth']['alternate_login'] = false;
$conf['auth']['redirect_on_logout'] = false;
$conf['auth']['list_users'] = 'list';
$conf['auth']['params']['basedn'] = 'dc=MyDomain,dc=de';
$conf['auth']['params']['scope'] = 'sub';
$conf['auth']['params']['ad'] = true;
$conf['auth']['params']['uid'] = 'samaccountname';
$conf['auth']['params']['encryption'] = 'ssha';
$conf['auth']['params']['newuser_objectclass'] = array('shadowAccount', 'inetOrgPerson');
$conf['auth']['params']['filter'] = '(objectclass=Person)';
$conf['auth']['params']['password_expiration'] = 'no';
$conf['auth']['params']['driverconfig'] = 'horde';
$conf['auth']['driver'] = 'ldap';
$conf['auth']['params']['count_bad_logins'] = false;
$conf['auth']['params']['login_block'] = false;
$conf['auth']['params']['login_block_count'] = 5;
$conf['auth']['params']['login_block_time'] = 5;
And you explain where did you get the values for
$conf[‘ldap’][‘user’][‘filter’] = ‘(objectClass=user)’;
and for
$conf[‘auth’][‘params’][‘filter’] = ‘(objectclass=Person)’;
Thanks for your work
Hi Mark, great shot!
I’ve the same problem like @m.traeumner . I can login now, but no users are shown.
Are you using AD or openladap? I ask because of [quote=“dnutan, post:68, topic:5679”]
$conf[‘ldap’][‘hostspec’] = array(‘local.neth.eu’);
[/quote]
In my config only the nsdc-machine.domain.tld works.
same by me, or the ip of samba container
Got it! This config works at my side:
$conf['nosql']['phptype'] = false;
$conf['ldap']['hostspec'] = array('nsdc-hordetest.ns7.lan');
$conf['ldap']['port'] = 389;
$conf['ldap']['tls'] = false;
$conf['ldap']['timeout'] = 5;
$conf['ldap']['version'] = 3;
$conf['ldap']['binddn'] = 'NS7\HORDETEST$';
$conf['ldap']['bindpw'] = 'xxxxxxxx';
$conf['ldap']['user']['basedn'] = 'cn=users,dc=ns7,dc=lan';
$conf['ldap']['user']['uid'] = 'samaccountname';
$conf['ldap']['user']['filter'] = '(objectClass=user)';
$conf['ldap']['user']['filter_type'] = 'filter';
$conf['ldap']['bindas'] = 'admin';
$conf['ldap']['useldap'] = true;
$conf['auth']['admins'] = array('admin');
$conf['auth']['checkip'] = true;
$conf['auth']['checkbrowser'] = true;
$conf['auth']['resetpassword'] = true;
$conf['auth']['alternate_login'] = false;
$conf['auth']['redirect_on_logout'] = false;
$conf['auth']['list_users'] = 'list';
$conf['auth']['params']['basedn'] = 'cn=users,dc=ns7,dc=lan';
$conf['auth']['params']['scope'] = 'sub';
$conf['auth']['params']['ad'] = true;
$conf['auth']['params']['uid'] = 'sAMAccountName';
$conf['auth']['params']['encryption'] = 'ssha';
$conf['auth']['params']['newuser_objectclass'] = array('shadowaccount','inetOrgPerson');
$conf['auth']['params']['filter'] = '(objectClass=Person)';
$conf['auth']['params']['password_expiration'] = 'no';
$conf['auth']['params']['driverconfig'] = 'horde';
$conf['auth']['driver'] = 'ldap';
$conf['auth']['params']['count_bad_logins'] = false;
$conf['auth']['params']['login_block'] = false;
$conf['auth']['params']['login_block_count'] = 5;
$conf['auth']['params']['login_block_time'] = 5;
EDIT: But no groups.
Using AD
OK, changed
$conf[‘auth’][‘params’][‘basedn’] = ‘dc=MyDomain,dc=de’;
to
$conf[‘auth’][‘params’][‘basedn’] = ‘cn=users,dc=MyDomain,dc=de’;
and it works too.
For groups there is an extra tab at the configuration, but at this time I try to find the right settings.
I found a filter to display also the groups, but only in the users panel. Groupspanel is still empty, but I think this is a problem of the ldap-schema of NS itself.
$conf[‘ldap’][‘user’][‘filter’] = ‘(|(objectClass=user)(objectClass=group))’;
$conf[‘auth’][‘params’][‘filter’] = ‘(|(objectClass=user)(objectClass=group))’;
then I get:
The groups only have 2 objectclasses: top and group, so I don’t know how to split them more detailed.
Trial and error based on the Kanboard howto I did earlier. Too late… should have looked at Active Directory Syntax Filters
Found it!
$conf['group']['params']['basedn'] = 'dc=local,dc=neth,dc=eu';
$conf['group']['params']['scope'] = 'sub';
$conf['group']['params']['gid'] = 'cn';
$conf['group']['params']['memberuid'] = 'memberUid';
$conf['group']['params']['user']['basedn'] = 'cn=users,dc=local,dc=neth,dc=eu';
$conf['group']['params']['user']['uid'] = 'samaccountname';
$conf['group']['params']['user']['filter'] = '(objectCategory=group)(objectClass=user)';
$conf['group']['params']['user']['filter_type'] = 'filter';
$conf['group']['params']['attrisdn'] = true;
$conf['group']['params']['newgroup_objectclass'] = array('posixGroup', 'hordeGroup');
$conf['group']['params']['search']['filter'] = '(objectClass=group)';
$conf['group']['params']['search']['filter_type'] = 'filter';
$conf['group']['params']['driverconfig'] = 'horde';
$conf['group']['driver'] = 'Ldap';
(Apply additional corrections/filters if necessary)
Yes I got it, thanks for your help.
Next days I’ll try to install and configure php-horde-horde-imp for webmail
Sorry for the late response Michael.
Did you resolve your issue?