I’'ve got Wildfire 2.4.2 server running nicely on FC4.
However, we’‘d like to consolidate authentication for various service (jabber, trac, svn, shell logins, etc.) and so I’'m beginning to look into using LDAP, probably using OpenLDAP.
Can anyone point me at a “Getting Started” guide to integrate Wildfire with LDAP, e.g. What I need to do in the LDAP directory, how to configure Wildfire, etc. etc.
Nothing fancy needs to be done to get OpenLDAP to work. You may want to enabled clientSideSorting, though, as OpenLDAP dosnt do server side sorting.
If you want to limit the users, you will need a searchFilter. I have a search filter like this:
Where ahpcrcAccount is a custom objectClass we created to represent certain users. The ou attribute should be present on any organizationalPerson objects, which if you set your users up as inetOrgPerson (as many HOWTO’‘s suggest) you will have also. Since ou is kind of free form, we just dedided that you must have an attribute ou=Jabber to connect (multiple ou’'s are allowed, so you can use it for other purposes too)
host: I used the AD domain name (e.g. domain.com), which should resolve to any domain controller. You can also enter a specific domain controller (dc1.domain.com).
port: 389
usernameField: sAMAccountName
nameField: I used displayName, but you can also use the container name field (CN).
emailField: mail
baseDN: The distinguished name of the container that user searches will be performed on. For example, to include all users in your AD, use DC=domain,DC=com. To include only the users in the “Users” container, use CN=Users,DC=yourdomain,DC=com.
adminDN: The distinguished name of the user with permissions to perform directory operations (e.g. CN=Administrator,CN=Users,DC=domain,DC=com). I would recommend creating an account just for this situation and assigning the minimum amount of permissions needed (which I haven’'t determined yet).
authorizedUsernames: the container name of the adminDN user (e.g. Administrator).