Page MenuHomePhorge

Add SingleSignOn capabilitiy to kolab-saslauthd.
AcceptedPublic

Authored by tammus on Feb 6 2022, 1:09 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sep 7 2024, 6:15 AM
Unknown Object (File)
Aug 27 2024, 2:54 PM
Unknown Object (File)
Aug 22 2024, 1:40 PM
Unknown Object (File)
Aug 22 2024, 5:56 AM
Unknown Object (File)
Aug 21 2024, 10:55 PM
Unknown Object (File)
Aug 8 2024, 5:15 PM
Unknown Object (File)
Aug 7 2024, 12:12 AM
Unknown Object (File)
Aug 6 2024, 11:37 PM
Subscribers

Details

Reviewers
mollekopf
Summary

Authenticate against external LDAP server (e.g. AD). Sync Password from external to local LDAP Database.

Diff Detail

Repository
rP pykolab
Branch
master
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 38290
Build 15475: arc lint + arc unit

Event Timeline

tammus requested review of this revision.Feb 6 2022, 1:09 PM
tammus created this revision.
sicherha subscribed.

Thanks for the diff!

Assigning to the Apheleia IT team since I don't feel entitled to decide on the inclusion of new features without prior consultation.

Seems self-contained, so I don't mind if this goes in, but I'm not planning on working on it.

This revision is now accepted and ready to land.Aug 15 2024, 4:49 PM

Sorry, but this code looks like another service user account.
I think this is not a code issue, but a configuration issue.
Should be solved with howto doc, not with code on auth/ldap.

@tammus
did you tried to configure the kolab.conf with:

[ldap]
ldap_uri = <sso_uri>
service_base_dn = <sso_base_dn>
service_bind_dn = <sso_bind_dn>
service_bind_pw = <sso_bind_pw>
auth_attributes = mail, alias, uid, sAMAccountName

auth_attributes should do the trick for your sso_kolab_uid_attr sso_ext_uid_attr

Sync AD user and passwords directly with 389ds.
There are howto's for different use cases:

https://directory.fedoraproject.org/docs/389ds/howto/howto-windowssync.html
https://directory.fedoraproject.org/docs/389ds/howto/howto-one-way-active-directory-sync.html
https://directory.fedoraproject.org/docs/389ds/howto/howto-chaintoad.html
and some more howtos, also for windows/AD interaction
https://directory.fedoraproject.org/docs/389ds/documentation.html

finally you could extend/add user profile/s in Kolabwebadmin Interface -> Settings