External server getting users from LDAP???

[vshaulsk]

Good Day,

I have zentyal 2.2 running with almost all modules installed.  Inside my network I also have an Alfresco and Subsonic server running.

Is it possible to setup LDAP authentication between those servers and Zentyal??  I know when Subsonic is installed on the same server as Zentyal you can make it use LDAP authentication, but in this case it is a separate server.  Also since I don't have a master slave architecture I do not know if this is possible.

If all I want is just user authentication should I just open the LDAP port on Zentyal and then just Point Subsonic or Alfresco to it?? 

Any direction would be great !!!

Thank you !!

[christian]

with Zentyal 2.2, you can access Zentyal LDAP server on port 389 (std ldap port).
Be sure this port is open in Zentyal FW 

[vshaulsk]

Thanks...

I just was not sure if it would work because I know for the standard master slave architecture on zentyal 2.2 you can't have any other modules on the master LDAP server.  If you do have user modules the system does not sync, but I was not sure if that applied to authentication only.

[christian]

Well, be sure you access master LDAP server. Before 3.0, LDAP design was... a bit specific. Starting from 3.0, I don't understand yet 

[vshaulsk]

I only have one Zentyal server and not a master slave setup.... this is why I was asking if I can still authenticate against LDAP from an external server.  My zentyal runs user and file sharing modules so it is a standalone install. 

The Alfresco and subsonic servers are seperate systems running in my LAN ...... I guess I will just have to try and see if it works

[christian]

Your configuration is, I believe what more than 75% Zentyal users have, meaning Zentyal at the border between LAN and internet and some existing servers running inside but prone to benefit from Zentyal infrastructure and account management 

[jsalamero]

Zentyal 3.0 doesn't have any limitation about modules installed in the master. OpenLDAP listens on 389, but on 390 if Samba4 is installed, because Samba4 has its own LDAP. You can do an anonymous bind against both.

[christian]

Zentyal 3.0 doesn't have any limitation about modules installed in the master. OpenLDAP listens on 389, but on 390 if Samba4 is installed, because Samba4 has its own LDAP. You can do an anonymous bind against both.

In addition to this statement, what would be even more interesting is to understand if, aside anonymous binding (which permit to read public attributes and search entries), authentication can be done against both LDAP servers when Kerberos is not used or can't be used 

[jsalamero]

I'm not sure now about Samba4 LDAP, but OpenLDAP only allows anonymous bind (no search), for read only access you need to use zentyalro user.

[christian]

Anonymous bind with no visibility on any entry is:
1 - pretty useless except if goal is to read rootDSE
2 - against standard LDAP best practices that require to allow anonymous search on [uid] attribute in order to retrieve DN and then bind.

What is the purpose of such design?