Ldap to Lotus Domino Directory

v7
accounts-provider
openldap

(Stephan) #1

NethServer Version: NethServer release 7.3.1611 (Final)
Module: LDAP

Hi there,

i’ve connected our Lotus Domino LDAP server.

When typing on centos console it works fine:

# ldapsearch -D ou=ag,o=yyy -h erll02.xxx.com

All users and groups are listed

On nethserver web console it looks like:

LDAP-Server
ldap://erll02.xxx.com:389

DN
o=yyy

USER-DN
ou=ag,o=yyy

GROUP-DN
ou=ag,o=yyy

No errors, but no users and groups.

I also tried with empty user and group-dn, same result.

Can anyone help? What kind of entry is excepted from nethserver?

thank you!


(Michael Träumner) #2

How did you configure the binding?


(Stephan) #3

does not matter if anonymous or with a binding user. works both.
anonymous is allowed - but same result - no users or groups are shown.


(Michael Träumner) #4

No, I mean the search string for users and groups. I can’t simulate it at this time, because my nethserver is my ad. At 6.8 I’ve tested with a Windows ad and there I could configure the ad accounts branch.


(Stephan) #5

hi michael,

i defined nothing, i just installed nethserver and added the credentials as mentioned.

afterwards i’ve clicked on “users and groups” and it’s empty.

see below:


(Stephan) #6


(Marc) #7

Could it be the ldap schema in use?

According to its manual, Nethserver expects a Remote LDAP server with RFC2307 schema.

While lotus domino / IBM Domino provides:

The Domino LDAP schema
The default Domino LDAP schema includes:

  • Domino-specific schema elements defined by the default forms in the Domino Directory

  • All LDAP-standard schema elements defined in RFCs 2252, 2256, 2798, 2247, and 2739. The LDAP service uses the file LSCHEMA.LDIF to build these elements in the default schema.

  • Which RFC’s does Domino LDAP support


Connect a Lotus Domino Directory with LDAP
(Stephan) #8

hi Marc,

yes, maybe this is the reason.

But I do not think I can teach notes the 2307 scheme. So the reverse path? Do you think it is possible to bring the nethserver to a domino schema?


(Marc) #9

Maybe it’s possible to map users and groups from Domino’s LDAP attributes, or make Nethserver support additional remote LDAP schemes, but I don’t know much about it or how feasible it is.

cc/ @Christian @dev_team


(Giacomo Sanchietti) #10

Yes, SSSD is flexible enough to allow any schema.
Take a look at: man sssd-ldap.

Basically, you need to create a template-custom for sssd.conf: https://github.com/NethServer/nethserver-sssd/tree/master/root/etc/e-smith/templates/etc/sssd/sssd.conf

Edit: but you will never see the list of available users and groups from the web interface.


(Stephan) #11

never? even not on an active directory ldap? or is it lotus domino specific that i can not see available users in the web interface?

@giacomo


(Giacomo Sanchietti) #12

Of course you can see users from an Active Directory or LDAP RFC 2307 schema :slight_smile:

But you can’t see users from Lotus, even if sssd/pam will work. So this is only a cosmetic issue.
If you really want to display Lotus users, you will need a little on hacking on this: https://github.com/NethServer/nethserver-sssd/blob/master/root/usr/libexec/nethserver/list-users


(Stephan) #13

Now I am as smart as before :slight_smile: @giacomo

can you give me some tips how to start / how to go on to see my domino ldap users in the web interface?
i fear I’ve to spend many time to reach my target…

thank you again.


Connect a Lotus Domino Directory with LDAP
(Davide Principi) #14

A post was merged into an existing topic: Connect a Lotus Domino Directory with LDAP