Feature #2000
SOGo: Active Directory integration
Status: | CLOSED | Start date: | 06/10/2013 | |
---|---|---|---|---|
Priority: | Normal | Due date: | 06/11/2013 | |
Assignee: | - | % Done: | 100% | |
Category: | nethserver-sogo | |||
Target version: | v6.4-beta2 | |||
Resolution: | NEEDINFO: | No |
Description
Configure SOGo to use Active Directory LDAP database as user and authentication source
Related issues
Associated revisions
sogo-config template (10user_source_active_directory): use Active Directory as user source when smb/ServerRole is ADS. Refs #2000
sogo-config template (10user_source_active_directory) disable AD integration if AdsCredentials prop is not set. Refs #2000
sogo-config template (10user_source_active_directory) use AdsLdapServer prop to override Active Directory LDAP connection parameters. Refs #2000
nethserver-samba-* events: update gnustep DB and restart SOGo. Refs #2000
History
#1 Updated by Davide Principi about 8 years ago
- Due date set to 06/11/2013
- Status changed from TRIAGED to ON_DEV
- Assignee set to Davide Principi
- Start date set to 06/10/2013
- % Done changed from 20 to 30
#2 Updated by Davide Principi about 8 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 70
Test case
- Join an Active Directory domain
- In AD, create a user (ie
sogoad
) with a non-expiring password (iePASSWORD
). This is needed by SOGo to browse AD LDAP. Choose a password that does not contain the percent%
symbol. - Save
sogoad
credentials in configuration DB:# config setprop sogod AdsCredentials 'sogoad%PASSWORD' # signal-event nethserver-sogo-update
To disable SOGo AD integration
# config setprop sogod AdsCredentials '' # signal-event nethserver-sogo-update
WARNING
In ADS mode SOGo uses simple LDAP binds on Active Directory LDAP, that means users' passwords are sent in clear text over the network.
If you find a way to set up an encrypted tunnel, the AdsLdapServer
prop can be set to override default LDAP AD settings:
# config setprop sogod AdsLdapServer <IPADDR>:<PORTNUMBER> # signal-event nethserver-sogo-update
#3 Updated by Davide Principi about 8 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Davide Principi) - % Done changed from 70 to 80
In nethserver-testing
:
nethserver-sogo-1.2.1-1.ns6.noarch.rpm
#4 Updated by Giacomo Sanchietti about 8 years ago
- Assignee set to Giacomo Sanchietti
#5 Updated by Giacomo Sanchietti about 8 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 80 to 100
Test case:
- created sogoad user on AD
- executed setprop and event for AdsCredentials
- User mario.rossi from AD can successfully access to SOGo (mail and other stuff)
We should add a simple web ui to configure AdsCredentials, maybe a tab under Windows Network section?
Marking as VERIFIED
#6 Updated by Davide Principi about 8 years ago
- Status changed from VERIFIED to CLOSED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 90 to 100
Moved to nethserver-updates repository