Results 1 to 4 of 4

Thread: LDAP groups and LDAP authentication

  1. #1
    opichon is offline Member
    Join Date
    Jul 2008
    Posts
    11
    Rep Power
    7

    Default LDAP groups and LDAP authentication

    We use LDAP to authenticate users to various servers: subversion, dokuwiki, webdav. Since ZCS includes an LDAP server, it seems logical to try and use that ZCS LDAp server to authenticate users of these other servers against it.

    Some of the users of the other servers are 'internal' users, and will have a ZCS account. Authenticating a non-ZCS server against these is presumably feasible. My concern is with other users, who don't need such an account in a ZCS-managed domain. They certainly won't need an email address in one of our domains. In our current (non-ZCS) setup, we enter them as LDAP inetOrgPerson entries, put them in a groupOfUniqueNames, and give that group the appropriate access rights.

    I am trying to replicate this approach, by entering these users as contacts in an address book, then creating an LDAP group. However, I don't see where and how I can create a group in the ZCS LDAP server, not can I see the filter to reach the cotnacts in the ZCS address books. Even dumping the LDAP data into an ldif file doesn't show the address book entries ! Where are these entries ?

    Any help would be appreciated.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,566
    Rep Power
    57

    Default

    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    opichon is offline Member
    Join Date
    Jul 2008
    Posts
    11
    Rep Power
    7

    Default

    Thanks, but not quite. I am trying to authenticate users of external systems (e.g. svn) against address book entries, not zimbra user accounts. Authenticating users on external servers against zimbra accounts via ldap looks definitely feasible.

    However, I am concerned about users who do not have a zimbra account and don't really need one (and we don't want to incur the expense of a licence for an account that they would never use). Such users might be 3rd-party developers allowed to access our subversion repository, or our auditors allowed to access our corporate wiki.

    The idea (based on our current openldap installation) is to enter these individuals as contacts in an address book. Since presumably zimbra address book contacts are stored in ldap (where exactly?), if we can access these ldap records we can use ldap tp authenticate these individuals on whatever server that allows it.

    In addition, the ability to create groups (goupOfUniqueNames) would be a much appreciated convenience, for the same purpose. We could then simply give a given group the appropriate rights on our subversion server, and simply add this or that address book contact to the group.

    The basic question underlying this is: where are address book contacts stored? In the LDAP directory ? Under what path ?

    I can read the zimbra LDAP dir with phpldapadmin but all I see is the 'ou=people' sub-tree, which contains no address book data. Dumping the ldap dir to ldif shows no address book data either.

  4. #4
    opichon is offline Member
    Join Date
    Jul 2008
    Posts
    11
    Rep Power
    7

    Default

    Using zindus, I can read the address book entries in Thunderbird. So it looks like zimbra address book entries are definitely accessible via ldap? But where are they ?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] ldap can't connect
    By thwint in forum Installation
    Replies: 3
    Last Post: 08-18-2012, 02:54 PM
  2. [SOLVED] Zimbra logwatch.
    By nishith in forum Administrators
    Replies: 5
    Last Post: 06-10-2009, 04:42 PM
  3. CENTOS LDAP Admin GUI problems
    By jharish in forum Installation
    Replies: 2
    Last Post: 08-27-2007, 10:20 PM
  4. Replies: 0
    Last Post: 06-06-2007, 12:42 PM
  5. Replies: 2
    Last Post: 05-24-2006, 10:01 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •