Trying to setup private Dropbox-like service in our company.
I chose the NextCloud for that, installed it on Ubuntu server as per documentation. Now I want to configure the LDAP authentication but that option is not available on the admin pages.
This is the first time I ever tried NextCloud. What am I missing, is that a paid-for feature?
Do you have the php ldap module? If not try something like apt-get install php5-ldap.
NextCloud should have a setup form for the LDAP integration. Then you just put in the server information and credentials for the ldap. A free test ldap that is available for testing at Btech Online ldap.
Related
I have two servers:
1st server: Odoo 9 application hosted in Amazon EC2
2nd server: LDAP server hosted in my Synology NAS which is in a local area network
Right now, I would like to authenticate all the Odoo users by the LDAP server.
Things that I have done
I have installed the Authentication via LDAP (auth_ldap) module in Odoo
Configured LDAP Parameters in Odoo. Note: Actual IP address and domain were altered due to security issue. Need someone to check if the configuration values are entered correctly.
Open the port 389 in my office network to public and forwarded it to the LDAP server.
Tested using ldapsearch command line in Amazon EC2 to ensure that both servers can communicate.
Somehow I am still not able to login using the LDAP user login in Odoo. What did I do wrong? Is there any other way to find out if Odoo is communicating with the LDAP server?
I have a little question w.r.t MFP Client
Does Mobilefirst Client (ie MFP CLI) has built-in LDAP configuration (or) if not can LDAP be included by any means ?
LDAP is a protocol: http://www.gracion.com/server/whatldap.html
It is not related to the CLI, which is just a bunch of command-line commands to make operations that are specific to MFP. LDAP is not specific to MFP.
You can integrate with LDAP. Read more here: http://www-01.ibm.com/support/knowledgecenter/search/ldap?scope=SSHS8R_7.1.0
We are running WebSphere Application Server v8.5 on AIX 7, which we configured to use ldap security. Everything is working fine, but project went halt for some time and our WAS was down. Now we see that ldap cerficates were expired, hence we are unable to connect to dmgr & admin console. Can somebody help to resolve it?
We know how to configure ldap on WAS, but dont no how to change expired ldap cerficate with new cerficates. (We received new non-expiry certificates from ldap team but dont no how to configure it on WAS).
You need to disable security, restart dmgr, replace certificates and reenable security.
To disable security:
stop/kill the dmgr
run the following from the dmgr\bin folder:
wsadmin -conntype NONE
At the wsadmin prompt, type securityoff and then type exit.
Restart your dmgr.
UPDATE
Do you have Federated or Standalone Ldap configured? You should have in LDAP configuration link to SSL configuration. There you will need to add your new certificate to the Signers store (this is very simplified description as I'm not sure which repository you are using).
I am starting to look into configuring an SVN server using Apache2 and mod_dav_svn on Red Hat Linux. I want Apache to handle authenticating the users that access the repository. Is there a way to have Apache authenticate against the user credentials maintained by the OS? This way I can allow all of my users on the server to use the same account to access SVN and to login to the system via SSH.
Previously our SVN server was hosted on a Windows server and we were able to use AuthType SSPI to perform our authentication against the Windows Active Directory server which will no longer be available to us. (Note: this is a restriction due to our network security and is not with my control)
Ultimately the solution I found to this problem was to configure mod-authnz_external to work with pwauth. Following the instructions on those two sites seems to have resulted in a working solution.
So I'm setting up a dedicated server using Debian 5 Lenny. I will be using some Atlassian Tools (JIRA, Confluence, Bamboo, and Fisheye). I want to use a local LDAP server to store information for the users that will be accessing these software titles, so that they can use one set of credentials to log in.
I also want webmail users to be configured using LDAP.
However, this is a small operation. Three people. That's why all of the software, including the ldap server, will all be on the same machine.
That said, is it safe to use LDAP to store user credentials (including passwords) in LDAP without using Kerberos? I'm confused as to when Kerberos should be used.
Hypothetically, let's say I had two servers on a subnet. Server A received requests from the outside world, for atlassian tools. Server a communicates to ldap server (internally) on server b. In that case, would I use kerberos?
When do I use Kerberos? When do I not?
I am not setting anything like "Active Directory" up. No Samba either. Users do not need to login to a domain (with access to files on the domain), they just need to login to webapps. But if I was doing LDAP on it's own dedicated machine, then I might want Kerberos?
:confuzzled: :(
-Sam
The simplest possible answer is yes, it is possible to store user names, user ids, and passwords without using Kerberos, and in fact directory services accessed via LDAP are an excellent tool for storing this sort of authentication and authorization information.
Update:
In my opinion, if you do choose an open source server, you will find OpenDS to be superior to OpenLDAP or Apache.
Basically, if you have Kerberos, you do not need any directory server. If you aren't in a corporate environment and are looking for an identity management store, you should definitively go for a directory server like OpenLDAP or Apache Directory. Kerberos require running a correctly set up DNS and NTP server. This might be way to much. Even if you do, those lazy morons from Atlassian still did not implement Kerberos support into their products. You can't even go with that.
I just noticed that there are only three of you, maybe a simple database setup with MySQL would suffice instead of running a full-blown directory server?