Ldap to Lotus Domino Directory

NethServer Version: NethServer release 7.3.1611 (Final)
Module: LDAP

Hi there,

i’ve connected our Lotus Domino LDAP server.

When typing on centos console it works fine:

# ldapsearch -D ou=ag,o=yyy -h erll02.xxx.com

All users and groups are listed

On nethserver web console it looks like:

LDAP-Server
ldap://erll02.xxx.com:389

DN
o=yyy

USER-DN
ou=ag,o=yyy

GROUP-DN
ou=ag,o=yyy

No errors, but no users and groups.

I also tried with empty user and group-dn, same result.

Can anyone help? What kind of entry is excepted from nethserver?

thank you!

How did you configure the binding?

1 Like

does not matter if anonymous or with a binding user. works both.
anonymous is allowed - but same result - no users or groups are shown.

No, I mean the search string for users and groups. I can’t simulate it at this time, because my nethserver is my ad. At 6.8 I’ve tested with a Windows ad and there I could configure the ad accounts branch.

hi michael,

i defined nothing, i just installed nethserver and added the credentials as mentioned.

afterwards i’ve clicked on “users and groups” and it’s empty.

see below:

Could it be the ldap schema in use?

According to its manual, Nethserver expects a Remote LDAP server with RFC2307 schema.

While lotus domino / IBM Domino provides:

The Domino LDAP schema
The default Domino LDAP schema includes:

  • Domino-specific schema elements defined by the default forms in the Domino Directory

  • All LDAP-standard schema elements defined in RFCs 2252, 2256, 2798, 2247, and 2739. The LDAP service uses the file LSCHEMA.LDIF to build these elements in the default schema.

  • Which RFC’s does Domino LDAP support

1 Like

hi Marc,

yes, maybe this is the reason.

But I do not think I can teach notes the 2307 scheme. So the reverse path? Do you think it is possible to bring the nethserver to a domino schema?

Maybe it’s possible to map users and groups from Domino’s LDAP attributes, or make Nethserver support additional remote LDAP schemes, but I don’t know much about it or how feasible it is.

cc/ @Christian @dev_team

Yes, SSSD is flexible enough to allow any schema.
Take a look at: man sssd-ldap.

Basically, you need to create a template-custom for sssd.conf: https://github.com/NethServer/nethserver-sssd/tree/master/root/etc/e-smith/templates/etc/sssd/sssd.conf

Edit: but you will never see the list of available users and groups from the web interface.

never? even not on an active directory ldap? or is it lotus domino specific that i can not see available users in the web interface?

@giacomo

Of course you can see users from an Active Directory or LDAP RFC 2307 schema :slight_smile:

But you can’t see users from Lotus, even if sssd/pam will work. So this is only a cosmetic issue.
If you really want to display Lotus users, you will need a little on hacking on this: https://github.com/NethServer/nethserver-sssd/blob/master/root/usr/libexec/nethserver/list-users

1 Like

Now I am as smart as before :slight_smile: @giacomo

can you give me some tips how to start / how to go on to see my domino ldap users in the web interface?
i fear I’ve to spend many time to reach my target…

thank you again.

A post was merged into an existing topic: Connect a Lotus Domino Directory with LDAP