LDAP Integration
766 views
Skip to first unread message
Andyrue
Jan 11, 2012, 11:43:13 AM1/11/12
to Resara Server
I already have an existing LDAP user database that I would like to
keep as my main user store, but really like a lot of features with
Resara and would like to use it to replace my existing SAMBA server.
Is it possible to configure Resara to use my external LDAP server as
its user backend? Would it be similar to how you configure SAMBA +
LDAP on a regular Ubuntu server? Any tips? Much appreciated.
keep as my main user store, but really like a lot of features with
Resara and would like to use it to replace my existing SAMBA server.
Is it possible to configure Resara to use my external LDAP server as
its user backend? Would it be similar to how you configure SAMBA +
LDAP on a regular Ubuntu server? Any tips? Much appreciated.
Brendan Powers
Jan 11, 2012, 4:40:27 PM1/11/12
to resara...@googlegroups.com
Unfortunately, you cannot use another LDAP server as a backend. You may be able to add your custom LDAP data to the integrated LDAP server though.--
-----------------------
Brendan Powers
Resara LLC
1.888.357.9195
www.resara.com
-----------------------
Brendan Powers
Resara LLC
1.888.357.9195
www.resara.com
Andyrue
Jan 11, 2012, 4:57:00 PM1/11/12
to Resara Server
Bummer. What if I installed Resara on my Ubuntu 10.04 LDAP server
using the PPA, any chance that could work?
On Jan 11, 4:40 pm, Brendan Powers <bren...@resara.com> wrote:
> Unfortunately, you cannot use another LDAP server as a backend. You may be
> able to add your custom LDAP data to the integrated LDAP server though.
>
using the PPA, any chance that could work?
On Jan 11, 4:40 pm, Brendan Powers <bren...@resara.com> wrote:
> Unfortunately, you cannot use another LDAP server as a backend. You may be
> able to add your custom LDAP data to the integrated LDAP server though.
>
Brendan Powers
Jan 11, 2012, 6:29:07 PM1/11/12
to resara...@googlegroups.com
I don't think that would solve your problem. Resara Server would install fine, but you couldn't run the two servers at the same time.
Andyrue
Jan 12, 2012, 10:20:06 AM1/12/12
to Resara Server
I see. But you do think it's possible for me to pull my custom LDAP
data into Resara's LDAP server? We would still be able to
authenticate web services with the LDAP server and connect to the LDAP
server from an LDAP manager if we so chose? Do you guys just use a
fashion of openldap? Thanks for your help.
data into Resara's LDAP server? We would still be able to
authenticate web services with the LDAP server and connect to the LDAP
server from an LDAP manager if we so chose? Do you guys just use a
fashion of openldap? Thanks for your help.
Brendan Powers
Jan 12, 2012, 10:25:07 AM1/12/12
to resara...@googlegroups.com
I guess it depends on what kind of data you need to import. We use samba4's built in LDAP server. Schema extensions work like a Microsoft Active Directory server. As far as authentication, most web applications can authenticate against the LDAP server without needing to be modified.
Andyrue
Jan 12, 2012, 12:29:19 PM1/12/12
to Resara Server
We don't really have very specialized needs, basic user profile info
that you already handle with the only extra field I can find is we
store forwarding email addresses for some of our users, but in the
past we've just stuck that in an unused existing LDAP field like
"CarLicense" or something silly. I think this could work...what is
the bind dn to login as Administrator to the ldap server? I looked
online and found cn=Administrator,cn=Users, dc=info for connecting
with SAMBA4 LDAP, but I get "Simple Bind Failed:
NT_STATUS_LOGON_FAILURE" I'm confident I'm using the correct password,
do I have the dn right? Thanks
that you already handle with the only extra field I can find is we
store forwarding email addresses for some of our users, but in the
past we've just stuck that in an unused existing LDAP field like
"CarLicense" or something silly. I think this could work...what is
the bind dn to login as Administrator to the ldap server? I looked
online and found cn=Administrator,cn=Users, dc=info for connecting
with SAMBA4 LDAP, but I get "Simple Bind Failed:
NT_STATUS_LOGON_FAILURE" I'm confident I'm using the correct password,
do I have the dn right? Thanks
Brendan Powers
Jan 12, 2012, 12:32:26 PM1/12/12
to resara...@googlegroups.com
It depends on your domain name. So if your domain name was test.lan, the DN would be CN=Administrator,CN=Users,DC=test,DC=lan
You can also sometimes get away with "test.lan\Administrator"
Andyrue
Jan 12, 2012, 1:53:37 PM1/12/12
to Resara Server
Right, sorry...that's what I meant to say I was trying. I've also
tried with SSL/TLS and No security but keep getting the same error.
Is it the same password as I use to login as Administrator to the
Resara Admin Console, or does it get set somewhere else?
tried with SSL/TLS and No security but keep getting the same error.
Is it the same password as I use to login as Administrator to the
Resara Admin Console, or does it get set somewhere else?
Andyrue
Jan 12, 2012, 3:02:43 PM1/12/12
to Resara Server
Ok, I figured out what I was doing wrong. I must have put my domain
name in wrong when configuring the server, as the dn was needing to be
dc=resara,dc=test,dc=lan. I was able to login anonymously to find
this. Thanks for your help, I'll poke around more and can hopefully
make this work for us.
name in wrong when configuring the server, as the dn was needing to be
dc=resara,dc=test,dc=lan. I was able to login anonymously to find
this. Thanks for your help, I'll poke around more and can hopefully
make this work for us.
Andyrue
Jan 17, 2012, 12:23:40 PM1/17/12
to Resara Server
I'm working on importing my users into the Resara LDAP and can't seem
to find where the password attributes are stored for the users. Mine
are set in the DN of the user but I can't find any attribute in the
Resara LDAP for the password.
P.S.
Congrats on the release of 1.1
to find where the password attributes are stored for the users. Mine
are set in the DN of the user but I can't find any attribute in the
Resara LDAP for the password.
P.S.
Congrats on the release of 1.1
Brendan Powers
Jan 18, 2012, 10:00:19 AM1/18/12
to resara...@googlegroups.com
The password hashes are not visible in the Resara LDAP server. The password hashes are also stored in the NT format, so they are not compatible with most other LDAP servers. You will need to set the users password in clear text.
Here is some info on doing this. http://technet.microsoft.com/en-us/magazine/ff848710.aspx
I know I've found better resources before, but I can't seem to find them now. You could also use this command
/usr/local/samba/sbin/samba-tool user setpassword <username> --newpassword=<password>
Andyrue
Jan 19, 2012, 9:00:20 AM1/19/12
to Resara Server
Hmm, is the password still stored in the LDAP though even if it's not
visible and are they accessible in any way? I'm going to need a way
to update it externally through LDAP commands. We already have the
passwords stored in NT format as well as a couple others, but none of
which are clear text, so I would need to be able to insert the NT hash
directly.
On Jan 18, 10:00 am, Brendan Powers <bren...@resara.com> wrote:
> The password hashes are not visible in the Resara LDAP server. The password
> hashes are also stored in the NT format, so they are not compatible with
> most other LDAP servers. You will need to set the users password in clear
> text.
>
> Here is some info on doing this.http://technet.microsoft.com/en-us/magazine/ff848710.aspx
visible and are they accessible in any way? I'm going to need a way
to update it externally through LDAP commands. We already have the
passwords stored in NT format as well as a couple others, but none of
which are clear text, so I would need to be able to insert the NT hash
directly.
On Jan 18, 10:00 am, Brendan Powers <bren...@resara.com> wrote:
> The password hashes are not visible in the Resara LDAP server. The password
> hashes are also stored in the NT format, so they are not compatible with
> most other LDAP servers. You will need to set the users password in clear
> text.
>
Brendan Powers
Jan 19, 2012, 11:03:05 AM1/19/12
to resara...@googlegroups.com
The passwords are stored in the LDAP database, and I think It's possible to directly insert the hashes if you have them in the right format. However, I don't actually know how to do this. I would suggest asking on the samba-technical mailing list or IRC room. The current version of samba that is shipped with Resara Server 1.1 is Alpha17.
Andyrue
Jan 19, 2012, 12:11:50 PM1/19/12
to Resara Server
Great, thanks Brendan, I'll do that and report back if I get a good
response. :-)
response. :-)
Reply all
Reply to author
Forward
0 new messages