Feature #2000

SOGo: Active Directory integration

Added by Davide Principi about 8 years ago. Updated about 8 years ago.

Status:CLOSEDStart date:06/10/2013
Priority:NormalDue date:06/11/2013
Assignee:-% Done:

100%

Category:nethserver-sogo
Target version:v6.4-beta2
Resolution: NEEDINFO:No

Description

Configure SOGo to use Active Directory LDAP database as user and authentication source

Related issues

Related to NethServer 6 - Feature #1746: Samba: joining Active Directory domain CLOSED 03/29/2013 04/03/2013
Related to NethServer 6 - Feature #1747: Mail-server: IMAP access for AD users CLOSED 03/25/2013 03/27/2013

Associated revisions

Revision e5e5bf05
Added by Davide Principi about 8 years ago

sogo-config template (10user_source_active_directory): use Active Directory as user source when smb/ServerRole is ADS. Refs #2000

Revision 478d5744
Added by Davide Principi about 8 years ago

sogo-config template (10user_source_active_directory) disable AD integration if AdsCredentials prop is not set. Refs #2000

Revision 3088a48b
Added by Davide Principi about 8 years ago

sogo-config template (10user_source_active_directory) use AdsLdapServer prop to override Active Directory LDAP connection parameters. Refs #2000

Revision 20e119cd
Added by Davide Principi about 8 years ago

nethserver-samba-* events: update gnustep DB and restart SOGo. Refs #2000

History

#1 Updated by Davide Principi about 8 years ago

  • Due date set to 06/11/2013
  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Davide Principi
  • Start date set to 06/10/2013
  • % Done changed from 20 to 30

#2 Updated by Davide Principi about 8 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 70

Test case

  1. Join an Active Directory domain
  2. In AD, create a user (ie sogoad) with a non-expiring password (ie PASSWORD). This is needed by SOGo to browse AD LDAP. Choose a password that does not contain the percent % symbol.
  3. Save sogoad credentials in configuration DB: 
       # config setprop sogod AdsCredentials 'sogoad%PASSWORD'
   # signal-event nethserver-sogo-update

To disable SOGo AD integration

   # config setprop sogod AdsCredentials ''
   # signal-event nethserver-sogo-update

WARNING

In ADS mode SOGo uses simple LDAP binds on Active Directory LDAP, that means users' passwords are sent in clear text over the network.

If you find a way to set up an encrypted tunnel, the AdsLdapServer prop can be set to override default LDAP AD settings: 

   # config setprop sogod AdsLdapServer <IPADDR>:<PORTNUMBER>
   # signal-event nethserver-sogo-update

#3 Updated by Davide Principi about 8 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Davide Principi)
  • % Done changed from 70 to 80

In nethserver-testing:
nethserver-sogo-1.2.1-1.ns6.noarch.rpm

#4 Updated by Giacomo Sanchietti about 8 years ago

  • Assignee set to Giacomo Sanchietti

#5 Updated by Giacomo Sanchietti about 8 years ago

  • Status changed from ON_QA to VERIFIED
  • % Done changed from 80 to 100

Test case:

  • created sogoad user on AD
  • executed setprop and event for AdsCredentials
  • User mario.rossi from AD can successfully access to SOGo (mail and other stuff)

We should add a simple web ui to configure AdsCredentials, maybe a tab under Windows Network section?

Marking as VERIFIED

#6 Updated by Davide Principi about 8 years ago

  • Status changed from VERIFIED to CLOSED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 90 to 100

Moved to nethserver-updates repository

Also available in: Atom PDF