LDAP integration problem

v7
openldap

(Riccardo Prandini) #1
  1. I have installed nethserver for test the best installation and configuration i have ever seen.

2)I need only a LDAP server with the possibility to edit value from remote no inside web gui

  1. to do so i have always used an administrative account

  2. looking indie nethserver i have a default config page.

but notthing seem standard

DAP URI: ldap://127.0.0.1
Base DN
dc=directory,dc=nh
User DN
ou=People,dc=directory,dc=nh
Group DN
ou=Groups,dc=directory,dc=nh
Bind DN
cn=ldapservice,dc=directory,dc=nh
Bind password
7DdCbVKsRkVp1DIn

Ok so i try to start with a simple tool LDAP Admin under windows and JXplorer under debian.

5)I change Host with my host (no SSL) put inside the base dn and Anonymous connection and I get in so I can see all grooups and user

  1. I try to add or edit something and OK is readonly

  2. I try with ssl and tls and I can connect and OK it’s readonly

  3. Now I try to edit the value TLS enabled and user + password
    uid=admin,ou=People,dc=drictory,dc=nh
    password his password

I get back the error wrong credentials…

So this is a big big problem. In OMV I have also to specify
Host -->ok
Port -->636
SSL–>enabled
Base DN–>dc=directory,dc=nh
RootBind DN–>???Specifies the distinguished name (DN) with which to bind to the directory server for lookups, e.g. ‘cn=manager,dc=example,dc=net’.
password=???
user suffix–>ou=People
groups suffix–>ou=Groups

But I don’t have luck


(Markus Neuberger) #2

Hi @Riccardo_Prandini,

I got it working with LDAP admin. To change values I had to use admin instead of ldapservice:

grafik

LDAP admin asks if it should connect because the certificate is self-signed but it works and one can change LDAP values.


(Riccardo Prandini) #3

OH thanks a lot my problem was port number i have the non secure port and connection was ok.


(Riccardo Prandini) #4

@mrmarkuz
Well ok your help is very useful i have finally digged the docs .

  1. Admin user has write acces you can add user groups and link them
  2. Any other user has not write power so you have to deal with ACL
  3. Looking at the doc http://docs.nethserver.org/projects/nethserver-devel/en/v7/nethserver-directory.html admin seems disabled(instead enabled by default)
    the only way to deal with is
    ldapmodify -Y EXTERNAL <<EOF dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcRootDN olcRootDN: uid=administrator,ou=People,dc=directory,dc=nh EOF

Infos about ACL are here.

another idea is to follow this