sbre
(Stephan)
July 5, 2017, 9:45am
1
NethServer Version: NethServer release 7.3.1611 (Final)
Module: LDAP
Hi there,
i’ve connected our Lotus Domino LDAP server.
When typing on centos console it works fine:
# ldapsearch -D ou=ag,o=yyy -h erll02.xxx.com
All users and groups are listed
On nethserver web console it looks like:
LDAP-Server
ldap://erll02.xxx.com:389
DN
o=yyy
USER-DN
ou=ag,o=yyy
GROUP-DN
ou=ag,o=yyy
No errors, but no users and groups.
I also tried with empty user and group-dn, same result.
Can anyone help? What kind of entry is excepted from nethserver?
thank you!
How did you configure the binding?
1 Like
sbre
(Stephan)
July 5, 2017, 11:05am
3
does not matter if anonymous or with a binding user. works both.
anonymous is allowed - but same result - no users or groups are shown.
No, I mean the search string for users and groups. I can’t simulate it at this time, because my nethserver is my ad. At 6.8 I’ve tested with a Windows ad and there I could configure the ad accounts branch.
sbre
(Stephan)
July 6, 2017, 4:55am
5
hi michael,
i defined nothing, i just installed nethserver and added the credentials as mentioned.
afterwards i’ve clicked on “users and groups” and it’s empty.
see below:
dnutan
(Marc)
July 6, 2017, 7:39am
7
Could it be the ldap schema in use?
According to its manual, Nethserver expects a Remote LDAP server with RFC2307 schema.
While lotus domino / IBM Domino provides:
The Domino LDAP schema
The default Domino LDAP schema includes:
Domino-specific schema elements defined by the default forms in the Domino Directory
All LDAP-standard schema elements defined in RFCs 2252, 2256, 2798, 2247, and 2739. The LDAP service uses the file LSCHEMA.LDIF to build these elements in the default schema.
Which RFC’s does Domino LDAP support
1 Like
sbre
(Stephan)
July 6, 2017, 9:43am
8
hi Marc,
yes, maybe this is the reason.
But I do not think I can teach notes the 2307 scheme. So the reverse path? Do you think it is possible to bring the nethserver to a domino schema?
dnutan
(Marc)
July 6, 2017, 5:21pm
9
Maybe it’s possible to map users and groups from Domino’s LDAP attributes, or make Nethserver support additional remote LDAP schemes, but I don’t know much about it or how feasible it is.
cc/ @Christian @dev_team
giacomo
(Giacomo Sanchietti)
July 7, 2017, 7:10am
10
Yes, SSSD is flexible enough to allow any schema.
Take a look at: man sssd-ldap
.
Basically, you need to create a template-custom for sssd.conf: nethserver-sssd/root/etc/e-smith/templates/etc/sssd/sssd.conf at master · NethServer/nethserver-sssd · GitHub
Edit: but you will never see the list of available users and groups from the web interface.
sbre
(Stephan)
July 7, 2017, 7:16am
11
never? even not on an active directory ldap? or is it lotus domino specific that i can not see available users in the web interface?
@giacomo
giacomo
(Giacomo Sanchietti)
July 7, 2017, 7:26am
12
Of course you can see users from an Active Directory or LDAP RFC 2307 schema
But you can’t see users from Lotus, even if sssd/pam will work. So this is only a cosmetic issue.
If you really want to display Lotus users, you will need a little on hacking on this: nethserver-sssd/root/usr/libexec/nethserver/list-users at master · NethServer/nethserver-sssd · GitHub
1 Like
sbre
(Stephan)
July 10, 2017, 9:03am
13
Now I am as smart as before @giacomo
can you give me some tips how to start / how to go on to see my domino ldap users in the web interface?
i fear I’ve to spend many time to reach my target…
thank you again.
davidep
(Davide Principi)
Split this topic
July 10, 2017, 12:32pm
14
A post was merged into an existing topic: Connect a Lotus Domino Directory with LDAP