Private beta network
OpenLDAP - Welcome
The place to discuss the JumpBox for OpenLDAP.WHAT: The OpenLDAP JumpBox will help get you started doing centralized LDAP-based authentication, centralized contact sharing and provide other directory services. It includes the phpLDAPadmin web based LDAP management tool to simplify the task of managing your LDAP directory.
STATUS: The JumpBox for OpenLDAP is in an experimental state and is unsupported.
DESIRED FEEDBACK: We'd like to know the most common usage scenarios for this JumpBox. Is it useful in its current form? What would make it more useful? What's broken?
Download JumpBox
Replies to This Discussion
-
Permalink Reply by Gavin Henry on
-
Check your slapd logs after searching.
-
Permalink Reply by Jeff Olson on -
Ahahahah! A typo! I shouldn't try to help out with Tax stuff while doing IT work...the two don't mix.
I has looked at an example set up on the iPrism website, and their pics had "cn=" formatting, now I should have know better and relpaced the "cn=" with "ou=" but I didn't. So I was using cn=students,cn=users,o=directory for my search path. In reality it was ou=students,ou=users,o=directory. Now it works! Next will be putting this to heavier testing. I figure 90+ students using it should give a good test.
I'm quite pleased with how easy this was to set up, I've also been running tests on a linux box running OpenLDAP, but still don't have the set up, not all that great at Linux, always dabbled in it, but was never a job requirement. So the OpenLDAP JumpBox is a winner in my book.
-
-
We've seen customers with 150 Million+ users in OpenLDAP. 90+ is easy ;-)
-
Permalink Reply by Jeff Olson on
-
Well that's good to know, I'll have to remember that when I get my Evil Supervillian Empire in place, is there any open source Evil Empire Management software? Perhaps the next JumpBox...
Looks like the only problem I'm having now is the iPrism, althought it allows the users to loging and passes them along to the website, it does not recognize the usernames in the logfiles. So instead of showing accessed website http:// I get a [NonAuthenticated] accessed website http://. I'll have to check with their tech support. I've been using their directions on how to get the iPrism to authenticate to OSX Open Directory, the process is nearly identical.
-
Permalink Reply by Jeff Olson on
-
Alright! I have it working 100%
I am able to bulk import users using a script, the iPrism logs now show the sites the user visited, everything is great!
My next task: finding a web-based, self-service password reset tool. Basically, if a user knows their password they can login to the web tool, and change it on the LDAP server.
-
-
phpldapadmin allows you to make templats/wizards. You can easily knock up a password one.
-
Permalink Reply by Dennis Schmitz on -
I could not get it to work straight from the download. After the setup procedure to get the network set up, the phpLDAPadmin screen wouldn't let me in to the service. The only thing that didn't result in a bad login was getting using a blank DN and the admin password, but then the screen looped back to home.
For DN I tried "Manager" "admin" "Admin" "administrator" and "Administrator".
-
Permalink Reply by Dennis Schmitz on
-
nevermind. found it in the forum.
-
Permalink Reply by Genek on -
Hi, first of all thanks for having this available.
Out of the box it works great with little config requirements. There are some vital components missing from the openLDAP install. I was hoping I can get shell access so that I can try to add them on my build. The controls are used for querying and displaying directory users and groups. Without it you can establish a connection, but any attempt to bind to the tree and get a list of names fails.
If I can get this to work I'll be happy to share my notes on what I did. I just need a key so that I can get to the shell. :)
Thank you,
Gene
-
Permalink Reply by Kimbro Staken on
-
Keys are sent via email when you download. If you downloaded this prior to a few days ago just click the download link again and submit the form to get keys for all the proving grounds apps.
If for some reason you're not getting the email, then fill out our contact form and I'll send a key. http://www.jumpbox.com/contact
-
Permalink Reply by Genek on
-
Ok, just a quick update on what I tested.
I have an application that connects to openLDAP and queries the user names. It was configured to check for some sort and list controls that are defined but not available with openLDAP. From what I can find it appears that these controls may not even exist (even though they are defined). We changed the requirement so that they are no longer critical and the user list showed up.
Bottom line is that there is no modification needed on the Jumpbox to provide these controls. If anyone is connecting an application they just need to be aware that any query against the directory should not have a critical condition.
If anyone is interested, here are the controls:
#define LDAP_CONTROL_SORTREQUEST "1.2.840.113556.1.4.473"
#define LDAP_CONTROL_SORTRESPONSE "1.2.840.113556.1.4.474"
#define LDAP_CONTROL_VLVREQUEST "2.16.840.1.113730.3.4.9"
#define LDAP_CONTROL_VLVRESPONSE "2.16.840.1.113730.3.4.10"
-
-
There are various reasons why these controls are there, the major fact being the they are a bad design idea.
© 2008 Created by JumpBox
