Ldap/ldaps - Remote Bind - Applications #darkcoffe

Support
,
2

Hi @Zwordi,

I think if you want to connect to LDAP you need port 389 and activate TLS and maybe you need some ldap search filter. You may also try to connect with a user instead of ldapservice. Did you compare your bind password with the result of “account-provider-test dump”?

[root@testserver ~]# account-provider-test dump
{
   "BindDN" : "cn=ldapservice,dc=directory,dc=nh",
   "LdapURI" : "ldap://127.0.0.1",
   "StartTls" : "",
   "port" : 389,
   "host" : "127.0.0.1",
   "isAD" : "",
   "isLdap" : "1",
   "UserDN" : "ou=People,dc=directory,dc=nh",
   "GroupDN" : "ou=Groups,dc=directory,dc=nh",
"BindPassword" : "***********************",
   "BaseDN" : "dc=directory,dc=nh",
   "LdapUriDn" : "ldap:///dc%3Ddomain%2Cdc%3Dlocal"
}

Here are some config examples of my remote ldap server:

My Sogo.conf:

/* 45 ldap authentication */
    SOGoUserSources =(
     {
        id = groups;
        type = ldap;
        CNFieldName = cn;
        UIDFieldName = cn;
        IDFieldName = cn;
        baseDN = "ou=Groups,dc=directory,dc=nh";
        bindDN = "cn=ldapservice,dc=directory,dc=nh";
        bindPassword = "***********************";
        scope = ONE;
        canAuthenticate = YES;
        MailFieldNames = ("mail");
        displayName = "nethvm2 groups";
        hostname = ldap://192.168.1.187:389;
        isAddressBook = NO;
     },
     {
        id = users;
        type = ldap;
        CNFieldName = cn;
        UIDFieldName = uid;
        IDFieldName = mail;
        bindFields = (
                mail,
                uid
            );
        IMAPLoginFieldName = mail;
        baseDN = "ou=People,dc=directory,dc=nh";
        bindDN = "cn=ldapservice,dc=directory,dc=nh";
        bindPassword = "**********************";
        scope = ONE;
        MailFieldNames = ("mail");
        canAuthenticate = YES;
        displayName = "nethvm2 users";
        hostname = ldap://192.168.1.187:389;
        isAddressBook = YES;
     }
    );

My roundcube config as example (/etc/roundcubemail/config.php):

$config['ldap_public']['public'] = array(
    'name'                   => 'Public LDAP Addressbook',
    'hosts'                  => array('ldap://192.168.1.187:389'),
    'port'                   => 389,
    'use_tls'                => true,
    'user_specific'          => false,
    'base_dn'                => 'ou=People,dc=directory,dc=nh',
    'bind_dn'                => 'cn=ldapservice,dc=directory,dc=nh',
    'bind_pass'              => '******************',
    'scope'                  => 'sub',
    'referrals'              => 0,
    'filter'                 => '(objectClass=inetOrgPerson)',
    'search_fields'          => array('mail','cn'),
    'fuzzy_search'           => true,
    'groups'                 => array(
        'base_dn'            => '',
        'filter'             => '(objectClass=posixGroup)',
        'object_classes'     => array("top", "posixGroup"),
        'member_attr'        => 'uid',
  ),
  'fieldmap' => array(
    'name'         => 'cn',
    'surname'      => 'sn',
    'firstname'    => 'givenName',
    'jobtitle'     => 'title',
    'email'        => 'mail:*',
    'locality'     => 'l',
    'organization' => 'o',
    'department'   => 'ou',
    'phone'        => 'telephoneNumber',
    'street'       => 'street',
  ),
);

Don’t know anything about racktables, but they have some docs about ldap:

https://wiki.racktables.org/index.php/LDAP

My Nextcloud LDAP config:

grafik.png748×462 17.8 KB

grafik.png729×629 22.8 KB

grafik.png746×560 19.1 KB

grafik.png738×515 18.1 KB

2 Likes