Getting started with LDAP

Robin_Bowes · January 31, 2006, 10:00pm

Hi,

I’'ve got Wildfire 2.4.2 server running nicely on FC4.

However, we’‘d like to consolidate authentication for various service (jabber, trac, svn, shell logins, etc.) and so I’'m beginning to look into using LDAP, probably using OpenLDAP.

Can anyone point me at a “Getting Started” guide to integrate Wildfire with LDAP, e.g. What I need to do in the LDAP directory, how to configure Wildfire, etc. etc.

Thanks,

R.

dave_mankoff · February 1, 2006, 1:16am

http://www.jivesoftware.org/builds/wildfire/docs/latest/documentation/ldap-guide .html

found under the documentation link

Robin_Bowes · February 1, 2006, 1:24am

Aha! I knew there must be something like that but couldn’'t find it.

Thanks.

Do I need to do anything special with LDAP, or will it just use any users it finds in there?

What if I want to only allow certain users to have access to Wildfire?

R.

Jay · February 1, 2006, 2:03pm

Nothing fancy needs to be done to get OpenLDAP to work. You may want to enabled clientSideSorting, though, as OpenLDAP dosnt do server side sorting.

If you want to limit the users, you will need a searchFilter. I have a search filter like this:

Where ahpcrcAccount is a custom objectClass we created to represent certain users. The ou attribute should be present on any organizationalPerson objects, which if you set your users up as inetOrgPerson (as many HOWTO’‘s suggest) you will have also. Since ou is kind of free form, we just dedided that you must have an attribute ou=Jabber to connect (multiple ou’'s are allowed, so you can use it for other purposes too)

VinayakLV · February 5, 2006, 7:09am

Here is how I did it…

host: I used the AD domain name (e.g. domain.com), which should resolve to any domain controller. You can also enter a specific domain controller (dc1.domain.com).

port: 389

usernameField: sAMAccountName

nameField: I used displayName, but you can also use the container name field (CN).

emailField: mail

baseDN: The distinguished name of the container that user searches will be performed on. For example, to include all users in your AD, use DC=domain,DC=com. To include only the users in the “Users” container, use CN=Users,DC=yourdomain,DC=com.

adminDN: The distinguished name of the user with permissions to perform directory operations (e.g. CN=Administrator,CN=Users,DC=domain,DC=com). I would recommend creating an account just for this situation and assigning the minimum amount of permissions needed (which I haven’'t determined yet).

authorizedUsernames: the container name of the adminDN user (e.g. Administrator).

Reg/ Vinayak

Robin_Bowes · February 5, 2006, 12:01pm

Thanks all.

R.