LDAP user database
-
- Contributor
- Posts: 323
- Joined: 02 Jan 2013, 04:56
- Has thanked: 11 times
- Been thanked: 105 times
LDAP user database
I'm no expert with LDAP, but I was considering converting my user database to an LDAP server, hoping to make it easier to transition from my 5.x server to 6.x once it's fully released (or possibly even while still in preview stages).
If I convert my users from the 5.x server into LDAP, will the 6.x server be able to read the same info without any issues?
Also, is there a way to convert the users from 5.x into LDAP?
If I convert my users from the 5.x server into LDAP, will the 6.x server be able to read the same info without any issues?
Also, is there a way to convert the users from 5.x into LDAP?
-
- Contributor
- Posts: 323
- Joined: 02 Jan 2013, 04:56
- Has thanked: 11 times
- Been thanked: 105 times
Re: LDAP user database
ok, I've done a little experimentation, and come to the conclusion that I have no clue what I'm doing in regards to LDAP.
I've managed to get it installed and running, along with the initial configuration, but that's as far as I've gotten.
Issues I have come across so far:
1) Can't locate the option to enable LDAP authentication on my 5.x server.
2) Can't figure out how to configure LDAP to include a group called "Madsonic", with sub-groups for each of the access levels specified currently in the Madsonic database. (ie. "ALL", "LIMITED", "FRIENDS", "FAMILY", etc...
3) Don't know what else to do after all of the above is complete.
Can anyone point me in the right direction?
Thanks!
I've managed to get it installed and running, along with the initial configuration, but that's as far as I've gotten.
Issues I have come across so far:
1) Can't locate the option to enable LDAP authentication on my 5.x server.
2) Can't figure out how to configure LDAP to include a group called "Madsonic", with sub-groups for each of the access levels specified currently in the Madsonic database. (ie. "ALL", "LIMITED", "FRIENDS", "FAMILY", etc...
3) Don't know what else to do after all of the above is complete.
Can anyone point me in the right direction?
Thanks!
Re: LDAP user database
Did you check the help page?
http://beta.madsonic.org/pages/ldap.jsp#3.1
If not, start there. it should give you a basis.
However, here's what I used for my personal config:
LDAP URL: ldaps://landsraad.local:636/dc=LANDSRAAD,dc=local
LDAP search filter: (&(sAMAccountName={0})(&(objectCategory=user)(!(userAccountControl=514))(memberof=CN=SubsonicUsers,CN=Users,DC=LANDSRAAD,DC=local)))
LDAP group searchBase: ou=groups
LDAP group filter: (member={0})
LDAP group role attribute: ou
LDAP manager DN (Optional): cn=drashna,ou=users,dc=landsraad,dc=local
I also created a bunch of Security groups in the "Users" section for the madsonic role stuff. And I added a "SubsonicUsers" security group as well.
I also disable the "autoamtically create users in Madsonic" option, as there STILL is no "ignore case" option. Microsoft Active Directory is not case sensitive, but *NIX LDAP is... so for Windows User is the same as user. In linux, that's two different accounts. So leaving it enabled will leave you with a bunch of different user names, depending on how your users log in.
Just manually add the accounts and enable the "authenticat in LDAP" option, and you're set.
Also, using ldaps://someurl:636/ is more secure and will prevent BPA or health warnings (in essentials) from appearing (it complains about unsecure queries).
http://beta.madsonic.org/pages/ldap.jsp#3.1
If not, start there. it should give you a basis.
However, here's what I used for my personal config:
LDAP URL: ldaps://landsraad.local:636/dc=LANDSRAAD,dc=local
LDAP search filter: (&(sAMAccountName={0})(&(objectCategory=user)(!(userAccountControl=514))(memberof=CN=SubsonicUsers,CN=Users,DC=LANDSRAAD,DC=local)))
LDAP group searchBase: ou=groups
LDAP group filter: (member={0})
LDAP group role attribute: ou
LDAP manager DN (Optional): cn=drashna,ou=users,dc=landsraad,dc=local
I also created a bunch of Security groups in the "Users" section for the madsonic role stuff. And I added a "SubsonicUsers" security group as well.
I also disable the "autoamtically create users in Madsonic" option, as there STILL is no "ignore case" option. Microsoft Active Directory is not case sensitive, but *NIX LDAP is... so for Windows User is the same as user. In linux, that's two different accounts. So leaving it enabled will leave you with a bunch of different user names, depending on how your users log in.
Just manually add the accounts and enable the "authenticat in LDAP" option, and you're set.
Also, using ldaps://someurl:636/ is more secure and will prevent BPA or health warnings (in essentials) from appearing (it complains about unsecure queries).
Re: LDAP user database
And from what I can tell, there is no way to match domain groups with madsonic user groups.
I may be wrong (if I am, could it be actually documented in the above link?), but it would be nice if there was a way to do so, without having to manually set it per user.
I may be wrong (if I am, could it be actually documented in the above link?), but it would be nice if there was a way to do so, without having to manually set it per user.
- troycarpenter
- Posts: 138
- Joined: 03 Dec 2013, 19:16
- Has thanked: 28 times
- Been thanked: 50 times
Re: LDAP user database
I didn't think the LDAP feature was active in the 5.x servers. From what I remember, it was in the 4.x series, but disabled in 5 due to compatibility issues, and re-enabled in 6.xgurutech wrote:ok, I've done a little experimentation, and come to the conclusion that I have no clue what I'm doing in regards to LDAP.
I've managed to get it installed and running, along with the initial configuration, but that's as far as I've gotten.
Issues I have come across so far:
1) Can't locate the option to enable LDAP authentication on my 5.x server.
2) Can't figure out how to configure LDAP to include a group called "Madsonic", with sub-groups for each of the access levels specified currently in the Madsonic database. (ie. "ALL", "LIMITED", "FRIENDS", "FAMILY", etc...
3) Don't know what else to do after all of the above is complete.
Can anyone point me in the right direction?
Thanks!
Re: LDAP user database
Has anyone else had any luck with LDAP auto mapping groups as described on the LDAP support page?
http://beta.madsonic.org/pages/ldap.jsp#3.1
I am able to successfully authenticate and have Madsonic automatically create users based on LDAP but it creates them without any rights at all.
http://beta.madsonic.org/pages/ldap.jsp#3.1
I am able to successfully authenticate and have Madsonic automatically create users based on LDAP but it creates them without any rights at all.
- troycarpenter
- Posts: 138
- Joined: 03 Dec 2013, 19:16
- Has thanked: 28 times
- Been thanked: 50 times
Re: LDAP user database
I played with it in the past, but don't remember if it worked correctly. I don't have it set up in LDAP right now, although the checkbox is checked in Madsonic. I think in reality, this doesn't quite expose all the possible settings, and the most important one I would like to see is the "User is locked" flag so I can disable people in LDAP and not need to modify that through Madsonic. I think I'll go add a suggestion for that.frank2228 wrote:Has anyone else had any luck with LDAP auto mapping groups as described on the LDAP support page?
http://beta.madsonic.org/pages/ldap.jsp#3.1
I am able to successfully authenticate and have Madsonic automatically create users based on LDAP but it creates them without any rights at all.
- These users thanked the author troycarpenter for the post (total 2):
- Madsonic • frank2228
- Rating: 15.38%
Re: LDAP user database
I ended up having to set up the default user with all the settings that I want people to start with (inside Madsonic), afterwards LDAP users were created with those settings. It works for me since the only thing I am really authenticating with LDAP is madsonic or madsonic related services (aka all LDAP users should be enabled in madsonic) but it would be nice to see the security groups work out at some point.
- troycarpenter
- Posts: 138
- Joined: 03 Dec 2013, 19:16
- Has thanked: 28 times
- Been thanked: 50 times
Re: LDAP user database
That sounds right. See this thread where I discuss with Mad about it:
http://forum.madsonic.org/viewtopic.php?f=31&t=1530
http://forum.madsonic.org/viewtopic.php?f=31&t=1530
- These users thanked the author troycarpenter for the post:
- frank2228
- Rating: 7.69%