[OGo-Users] connection with LDAP

Adam Tauno Williams users@opengroupware.org
Wed, 22 Aug 2007 11:27:28 -0400 

--=-hIKkm9NHcZRVzowmVRTt
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

> >> I installed opengroupware-1.1 on Gentoo and i can't find documentation=
=20
> >> on internet for connecting with LDAP.
> >> My config in /usr/local/share/libFoundation/Defaults/NSGlobalDomain.pl=
ist :
> > Always access defaults via the Defaults command, not manually.  In this
> > case "Defaults read"
> >> {
> >>          Languages    =3D (English);
> >>          TimeZoneName =3D GMT;
> >>          LSAuthLDAPServer =3D "<my.server.com>";
> >>          LSAuthLDAPServerRoot =3D "ou=3Duser,ou=3Daccount,o=3Dldap";
> >>          LDAPInitialBindDN =3D "uid=3Dnss,ou=3Dadmin,ou=3Daccount,o=3D=
ldap";
> >>          LDAPInitialBindPW =3D password;
> >>          LDAPLoginAttributeName =3D uid;
> >> }
> >> Can anybody confirm that this is the right config?
> > Other than is "ou=3Duser,ou=3Daccount,o=3Dldap" your real server root? =
 That
> > naming convention doesn't correspond to X.500 or RFC2247.
> >> Actually it is not working. Sniffing the trafic with ethereal shows th=
at=20
> >> there is no connection to the ldap server. Can anybody help me there?
> > Is "<my.server.com>" literal?  If so the "<>" are wrong.  By no
> > connection do you mean no LDAP packets or no successful connection?  If
> > your DSA only supports protocol level 3 then you need to set
> > LDAPInitialBindSpecific (as described in the Authentication chapter of
> > WMOGAG -
> > http://docs.opengroupware.org/Members/whitemice/wmogag/file_view )  Als=
o
> > would be useful to set the LDAPDebugEnabled default. Both
> > LDAPDebugEnabled and LDAPInitialBindSpecific are boolean values;  set
> > then to YES or NO.
> Now I have another problem :
> The LDAP connection works fine when using port 389 but not on port 636=20
> using ldap/ssl
> This is the only parameter that I changed:
> LSAuthLDAPServerPort =3D 636;
> Did I miss someting?

That won't work; LDAP-over-SSL is outside the LDAP spec, it is *not* a
standard.  OpenLDAP and some clients support it through the use of LDAP
URLS ["ldaps://..."] but with the advent of pervasive TLS support use of
LDAPS should be considered obsolete.  I think you should be able to
configure the LDAP libraries themselves to negotiate TLS.  Otherwise see
- http://bugzilla.opengroupware.org/bugzilla/show_bug.cgi?id=3D119

--=-hIKkm9NHcZRVzowmVRTt
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQBGzFXgLRePpNle04MRAobQAJ46J+DtI9wbxGneOOzVjWsAh8RrKACfTJUk
wTzQYDLwxKCLAmzkH+hOpf8=
=hIuA
-----END PGP SIGNATURE-----

--=-hIKkm9NHcZRVzowmVRTt--