LDAP user database

Need help? Post your questions here.
gurutech
Contributor
Contributor
Posts: 323
Joined: 02 Jan 2013, 04:56
Has thanked: 11 times
Been thanked: 105 times

LDAP user database

Unread post by gurutech »

I'm no expert with LDAP, but I was considering converting my user database to an LDAP server, hoping to make it easier to transition from my 5.x server to 6.x once it's fully released (or possibly even while still in preview stages).

If I convert my users from the 5.x server into LDAP, will the 6.x server be able to read the same info without any issues?

Also, is there a way to convert the users from 5.x into LDAP?
These users thanked the author gurutech for the post:
Madsonic
Rating: 7.69%

gurutech
Contributor
Contributor
Posts: 323
Joined: 02 Jan 2013, 04:56
Has thanked: 11 times
Been thanked: 105 times

Re: LDAP user database

Unread post by gurutech »

ok, I've done a little experimentation, and come to the conclusion that I have no clue what I'm doing in regards to LDAP.

I've managed to get it installed and running, along with the initial configuration, but that's as far as I've gotten.

Issues I have come across so far:
1) Can't locate the option to enable LDAP authentication on my 5.x server.
2) Can't figure out how to configure LDAP to include a group called "Madsonic", with sub-groups for each of the access levels specified currently in the Madsonic database. (ie. "ALL", "LIMITED", "FRIENDS", "FAMILY", etc...
3) Don't know what else to do after all of the above is complete.

Can anyone point me in the right direction?

Thanks!

drashna
Posts: 10
Joined: 05 Jul 2013, 19:58
Has thanked: 0
Been thanked: 4 times

Re: LDAP user database

Unread post by drashna »

Did you check the help page?
http://beta.madsonic.org/pages/ldap.jsp#3.1

If not, start there. it should give you a basis.

However, here's what I used for my personal config:

LDAP URL: ldaps://landsraad.local:636/dc=LANDSRAAD,dc=local
LDAP search filter: (&(sAMAccountName={0})(&(objectCategory=user)(!(userAccountControl=514))(memberof=CN=SubsonicUsers,CN=Users,DC=LANDSRAAD,DC=local)))
LDAP group searchBase: ou=groups
LDAP group filter: (member={0})
LDAP group role attribute: ou
LDAP manager DN (Optional): cn=drashna,ou=users,dc=landsraad,dc=local


I also created a bunch of Security groups in the "Users" section for the madsonic role stuff. And I added a "SubsonicUsers" security group as well.
I also disable the "autoamtically create users in Madsonic" option, as there STILL is no "ignore case" option. Microsoft Active Directory is not case sensitive, but *NIX LDAP is... so for Windows User is the same as user. In linux, that's two different accounts. So leaving it enabled will leave you with a bunch of different user names, depending on how your users log in.
Just manually add the accounts and enable the "authenticat in LDAP" option, and you're set.



Also, using ldaps://someurl:636/ is more secure and will prevent BPA or health warnings (in essentials) from appearing (it complains about unsecure queries).
These users thanked the author drashna for the post (total 2):
Madsonicfrank2228
Rating: 15.38%

drashna
Posts: 10
Joined: 05 Jul 2013, 19:58
Has thanked: 0
Been thanked: 4 times

Re: LDAP user database

Unread post by drashna »

And from what I can tell, there is no way to match domain groups with madsonic user groups.

I may be wrong (if I am, could it be actually documented in the above link?), but it would be nice if there was a way to do so, without having to manually set it per user.

User avatar
troycarpenter
Posts: 136
Joined: 03 Dec 2013, 19:16
Has thanked: 24 times
Been thanked: 50 times

Re: LDAP user database

Unread post by troycarpenter »

gurutech wrote:ok, I've done a little experimentation, and come to the conclusion that I have no clue what I'm doing in regards to LDAP.

I've managed to get it installed and running, along with the initial configuration, but that's as far as I've gotten.

Issues I have come across so far:
1) Can't locate the option to enable LDAP authentication on my 5.x server.
2) Can't figure out how to configure LDAP to include a group called "Madsonic", with sub-groups for each of the access levels specified currently in the Madsonic database. (ie. "ALL", "LIMITED", "FRIENDS", "FAMILY", etc...
3) Don't know what else to do after all of the above is complete.

Can anyone point me in the right direction?

Thanks!
I didn't think the LDAP feature was active in the 5.x servers. From what I remember, it was in the 4.x series, but disabled in 5 due to compatibility issues, and re-enabled in 6.x

frank2228
Posts: 33
Joined: 23 Jul 2014, 00:59
Has thanked: 32 times
Been thanked: 11 times

Re: LDAP user database

Unread post by frank2228 »

Has anyone else had any luck with LDAP auto mapping groups as described on the LDAP support page?
http://beta.madsonic.org/pages/ldap.jsp#3.1
I am able to successfully authenticate and have Madsonic automatically create users based on LDAP but it creates them without any rights at all.

User avatar
troycarpenter
Posts: 136
Joined: 03 Dec 2013, 19:16
Has thanked: 24 times
Been thanked: 50 times

Re: LDAP user database

Unread post by troycarpenter »

frank2228 wrote:Has anyone else had any luck with LDAP auto mapping groups as described on the LDAP support page?
http://beta.madsonic.org/pages/ldap.jsp#3.1
I am able to successfully authenticate and have Madsonic automatically create users based on LDAP but it creates them without any rights at all.
I played with it in the past, but don't remember if it worked correctly. I don't have it set up in LDAP right now, although the checkbox is checked in Madsonic. I think in reality, this doesn't quite expose all the possible settings, and the most important one I would like to see is the "User is locked" flag so I can disable people in LDAP and not need to modify that through Madsonic. I think I'll go add a suggestion for that.
These users thanked the author troycarpenter for the post (total 2):
Madsonicfrank2228
Rating: 15.38%

frank2228
Posts: 33
Joined: 23 Jul 2014, 00:59
Has thanked: 32 times
Been thanked: 11 times

Re: LDAP user database

Unread post by frank2228 »

I ended up having to set up the default user with all the settings that I want people to start with (inside Madsonic), afterwards LDAP users were created with those settings. It works for me since the only thing I am really authenticating with LDAP is madsonic or madsonic related services (aka all LDAP users should be enabled in madsonic) but it would be nice to see the security groups work out at some point.

User avatar
troycarpenter
Posts: 136
Joined: 03 Dec 2013, 19:16
Has thanked: 24 times
Been thanked: 50 times

Re: LDAP user database

Unread post by troycarpenter »

That sounds right. See this thread where I discuss with Mad about it:

http://forum.madsonic.org/viewtopic.php?f=31&t=1530
These users thanked the author troycarpenter for the post:
frank2228
Rating: 7.69%

Post Reply