Synchronisation using LDAP
in [Samba]
|
From: tms3 on 2 Jul 2010 08:40 SNIP > > I am trying to set up a sync between google apps professional and > samba4, we > are currently in the fase to use samba4 instead of our current windows > 2008 > AD. However, I can't seem to browse the internal LDAP server. I use yee olde reliable LDAP browser and connect the same way I do to M$. IP Addy: Base DN: DC=<mydomain>,DC=<extension> User DN: CN=Administrator,CN=Users (append base DN). Do note, that for M$ and for Samba4 the caps ARE necessary. Cheers, > > > I am using the alpha12. Whenever I try to connect, I recieve no such > attribute. > > Please advise on how to connect properly. > > -- > Jorijn Schrijvershof > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Jorijn Schrijvershof on 2 Jul 2010 09:00 Hi, Thanks for replying, altough I tried several ways to connect, it still gives me the no such attribute. Is there a way to test the connection from localhost to check database integrity? Jorijn On Fri, Jul 2, 2010 at 2:37 PM, <tms3(a)tms3.com> wrote: > > > SNIP > > > I am trying to set up a sync between google apps professional and samba4, > we > are currently in the fase to use samba4 instead of our current windows 2008 > AD. However, I can't seem to browse the internal LDAP server. > > I use yee olde reliable LDAP browser and connect the same way I do to M$. > > IP Addy: > Base DN: DC=<mydomain>,DC=<extension> > User DN: CN=Administrator,CN=Users (append base DN). > > Do note, that for M$ and for Samba4 the caps ARE necessary. > > Cheers, > > > > > > I am using the alpha12. Whenever I try to connect, I recieve no such > attribute. > > Please advise on how to connect properly. > > -- > Jorijn Schrijvershof > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > > -- Jorijn Schrijvershof T: +31 (0)616666481 W: http://jorijn.com/ E: jorijn(a)jorijn.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Michael Wood on 5 Jul 2010 03:10 Hi Sorry, I accidentally did not send my initial reply to the list. On 5 July 2010 08:26, Jorijn Schrijvershof <jorijn(a)jorijn.com> wrote: > On Fri, Jul 2, 2010 at 3:53 PM, Michael Wood <esiotrot(a)gmail.com> wrote: >> >> For a start just try: >> $ ldapsearch -x -h localhost >> >> That should print out a whole bunch of stuff. >> >> You can also restrict your search to a certain part of the tree like this: >> >> $ ldapsearch -x -h localhost -b CN=Users,DC=samba,DC=example,DC=com >> >> (assuming your realm is samba.example.com.) >> >> And if you just want their Windows login name, try: >> >> $ ldapsearch -x -h localhost -b CN=Users,DC=samba,DC=example,DC=com >> sAMAccountName >> >> If you want to try authenticating to the LDAP server, try: >> >> ldapsearch -x -h localhost -b CN=Users,DC=samba,DC=example,DC=com -D >> CN=Administrator,CN=Users,DC=samba,DC=example,DC=com -W sAMAccountName >> >> or like this: >> >> $ sudo apt-get install libsasl2-modules-gssapi-heimdal >> (or libsasl2-modules-gssapi-mit) >> $ kinit Administrator >> $ ldapsearch -Y gssapi -h localhost -b >> CN=Users,DC=samba,DC=example,DC=com sAMAccountName >> >> I hope that helps. > > Thank you all, this helped a lot. I am able to connect and browse the > internal ldap server now. Now for the passwords; > Google supports sha1, md5 and plaintext passwords during synchronisation, > where are these located, and if not supported, how to make them supported? > Thanks a lot :-) I am not sure this will be possible unless you use plain text passwords because I believe Windows uses its own hashing algorithms. I don't know anything about Google's LDAP server/schema, but if you authenticate as an admin user I think you should be able to access the passwords. You might need to fiddle with the access control settings if you have access to that. -- Michael Wood <esiotrot(a)gmail.com> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Jorijn Schrijvershof on 5 Jul 2010 03:30 Hi, On Mon, Jul 5, 2010 at 9:03 AM, Michael Wood <esiotrot(a)gmail.com> wrote: > Hi > > Sorry, I accidentally did not send my initial reply to the list. > > I am not sure this will be possible unless you use plain text > passwords because I believe Windows uses its own hashing algorithms. > I don't know anything about Google's LDAP server/schema, but if you > authenticate as an admin user I think you should be able to access the > passwords. You might need to fiddle with the access control settings > if you have access to that. > > -- > Michael Wood <esiotrot(a)gmail.com> > Thanks for your reply, I don't mind using plain text passwords, I tend to protect the database carefully and syncronisation is a must, since we're deploying google apps to all our users. When logging in with the built in administrator the passwords attributes seems empty (userPassword, unicodePwd, etc.). Any ideas? -- Jorijn Schrijvershof -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Ryan Bair on 5 Jul 2010 12:20 It looks like the new sync module also supports SHA1 and MD5 hashed passwords. "To synchronize passwords from LDAP, you will need an LDAP attribute that stores passwords in plain text, MD5 or SHA1 format. " Not sure if Samba4 stores in these formats or not though... On Mon, Jul 5, 2010 at 3:28 AM, Jorijn Schrijvershof <jorijn(a)jorijn.com> wrote: > Hi, > > On Mon, Jul 5, 2010 at 9:03 AM, Michael Wood <esiotrot(a)gmail.com> wrote: > >> Hi >> >> Sorry, I accidentally did not send my initial reply to the list. >> >> I am not sure this will be possible unless you use plain text >> passwords because I believe Windows uses its own hashing algorithms. >> I don't know anything about Google's LDAP server/schema, but if you >> authenticate as an admin user I think you should be able to access the >> passwords. You might need to fiddle with the access control settings >> if you have access to that. >> >> -- >> Michael Wood <esiotrot(a)gmail.com> >> > > Thanks for your reply, I don't mind using plain text passwords, I tend to > protect the database carefully and syncronisation is a must, since we're > deploying google apps to all our users. When logging in with the built in > administrator the passwords attributes seems empty (userPassword, > unicodePwd, etc.). Any ideas? > > -- > Jorijn Schrijvershof > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Next
|
Last
Pages: 1 2 Prev: [Samba] Synchronisation using LDAP Next: [Samba] WG: Synchronisation using LDAP |