Password for LDAP bind

ldap
v74

(Ralph) #1

WANTED !
Clear-text password for LDAP bind. Where?


Installing Horde Groupware
Installing Horde Groupware
(Giacomo Sanchietti) #2

You can use any users created from the web interface.
Some services create its own user, you can find related passwords inside /var/lib/nethserver/secrets


(Markus Neuberger) #3

You may try this one:


(Ralph) #4

“no such file or directory”

And no, for Horde I cannot use any user. Obviously it only works if the machine account binds to LDAP. But for this I need the machine password decrypted. Or I should be able to use anonymous bind. But how do I enable this?


(Stefano Zamboni) #5

ok, please, explain your problem, not your solution, thank you


(Ralph) #6

???
The problem is that I cannot bind to the Active Directory with the machine account beause the machine password is encrypted.
Didn’t I say that?


(Markus Neuberger) #7

What about the other files in /var/lib/nethserver/secrets?


(Ralph) #8

There is just one file “vmail”. This NS system works as mail server and is joined to the AD.


(Marc) #9

I’ve done a quick test with a user as Giacomo suggested (DOMAIN\binduser) and it worked, either with admin, administrator or a dedicated user. Following the horde howto, listing users didn’t work but domain users could login to horde.


(Markus Neuberger) #10

I tested it on my 7.4b1 testserver and came to the same result as @dnutan. I could login as domain user. I just followed the horde howto of @m.traeumner, using DOMAIN/admin.

Maybe you are missing the AD in front of your DOMAIN.LOCAL? Just a guess…

[root@testserver ~]# account-provider-test dump
...
   "LdapURI" : "ldaps://ad.domain.local",
   "BaseDN" : "dc=ad,dc=domain,dc=local",

(Michael Träumner) #11

The BindPassword you can get with

account-provider-test dump

I used this for binding my Horde Installation.


(Ralph) #12

Well, Markus, a domain user can login. But the horde log says “DN for the user xy not found”. And as soon as the user switches to addressbook or calendar, Horde crashes.


(Ralph) #13

Which NS version? The BindPassword is encrypted, that’s the whole problem.


(Ralph) #14

!!! Merged from Installing Horde Groupware !!!

Hi Michael,

which BindDN do you use?
I moved from Univention UCS to a Nethserver AD and followed your Howto to reinstall Horde. But I always get “DN for user … not found”.
In UCS it worked with a machine account. But NS does not give me any machine passwords.
Any idea?


(Michael Träumner) #15

!!! Merged from Installing Horde Groupware !!!

You can get your BindDN with

account-provider-test dump


(Michael Träumner) #16

For me it has worked with 7.3 and now it works with 7.4.
I’ve copied the encrypted BindPassword and the BindDN to the configuration.

Can you post following files please

/etc/horde/conf.php
/etc/horde/hooks.local.php


(Markus Neuberger) #17

My horde.log has no “DN for the user xy not found” error. I use NS 7.4.b1. But I do not have calendar or webmail installed. Just for info.

...
2017-10-15T19:53:48+00:00 NOTICE: HORDE [horde] Login success for admin to horde (192.168.221.1) [pid 6495 on line 164 of "/usr/share/horde/login.php"]
2017-10-16T09:07:45+00:00 NOTICE: HORDE [horde] Login success for admin to horde (192.168.221.1) [pid 2794 on line 164 of "/usr/share/horde/login.php"]

(Giacomo Sanchietti) #18

Please bear in mind that the password is not encrypted, it’s just in binary form.

You can also create an ad-hoc user from the web interface and use it for Horde configuration.


(Ralph) #19

It works now. THANK YOU ALL!
The main mistake was that I had “cn=Administrator,dc=ad,…” as BindDN instead of “DOMAIN\User”. I did not think LDAP from the Samba side.


(Michael Träumner) #20

Could you mark the right answer as solution please