Hi, there is some info about it: http://sourceforge.net/p/assp/wiki/LDAP/
Create a user to check against the AD in your AD (simply use for testing your user) Login ASSP as Root In ASSP I only set up my AD 2008 R2 Server(s) LDAP Host(s) (LDAPHost) LDAP Login (LDAPLogin) LDAP Password (LDAPPassword) LDAP Root container for Local Addresses (LDAPRoot) LDAP Filter for Local Addresses (LDAPFilter) -> Basic : (proxyaddresses=smtp:EMAILADDRESS) That's it. And under: Recipients/Local Domains Do LDAP lookup for valid local addresses (DoLDAP) "Check local addresses against an LDAP database before accepting the message. Note: Checking this requires filling in the other LDAP parameters below. This requires an installed Net::LDAP module in PERL." If you need a Info for your AD Account take software like this LDAP Browser: http://www.ldapadministrator.com/download.htm (LDAP Browser 4.5 it´s free) Hope it will working for you. Regards Martin -----Ursprüngliche Nachricht----- Von: Keith Mills [mailto:[email protected]] Gesendet: Freitag, 7. November 2014 22:34 An: ASSP development mailing list Betreff: Re: [Assp-test] LDAP and "Manage Admin Users!" Hi Martin. This thread has me interested in getting ASSP to verify email addresses from AD to stop all the attempts to send to made up addresses. Can you tell me what AD query setting you use that is allowing lookups from AD? I agree this a great project. Love ASSP even without AD working. Thanks Keith > On Nov 7, 2014, at 6:54 AM, Martin Voßloh <[email protected]> wrote: > > Hi, > > ok - now I understand and it works (Windows 2008R2), Thank you, but.... > in the first mask I could use objectclass or attributes and the are useless > in my infrastructure and I to search my error. Wrong way. > In the second screen it is now working for me with using the right "LDAP > Container" with the possibility to use the same "user name" from top or a > different name. Thx for the hint. > > Now my users name is 'Thomas Eckardt' and it works great :) > > Thx for your help again. > > Regards > Martin > > > -----Ursprüngliche Nachricht----- > Von: Thomas Eckardt [mailto:[email protected]] > Gesendet: Freitag, 7. November 2014 12:54 > An: ASSP development mailing list > Betreff: Re: [Assp-test] LDAP and "Manage Admin Users!" > >> but there is no LDAP Container Settings. (I think we need them there) > > You must specify them while creating the user, if it is required by your LDAP > server. > I can't reproduce an AD login - I don't use an AD. > My LDAP server is configured to allow contextless login using the common name > (cn). > > The 'LDAP Container Settings' (if defined) are used as 'user login string' > - the literal 'USER' is replaced by the assp user name. > So it is possible to define an assp user name like 'Thomas Eckardt' > (really nice :=)) and to define a different LDAP login account like: > > cn=theboss,dn=domain,dn=local > > In such a case, the user can login with his name, using the password of > another account, which is hard linked to the AD account inside assp (very > special). > > Another option for AD login is using the local emailaddress like : > [email protected] - IMHO this is accepted by AD for a user > login (I don't know if it works with AD LDAP) > > Every AD-controller has some tools on hand - also for LDAP login and browsing > - just play around if you have time. > > CN=USER,OU=IT Department,OU=Germany,DC=mhp,DC=com > CN=USER,OU=IT Department,OU=Germany,DC=mhp,DC=local > CN=USER,OU=DerKunde,OU=Kunden,OU=Germany,DC=mhp,DC=local > CN=USER,OU=Users,DC=mhp,DC=local > > How ever, this should be good examples for the 'LDAP Container Settings' > using AD and logon with the common name > >> LDAP bind/auth error: 48 > > looks like SSL is not enabled for LDAP or the user could not be found > ( LDAP Container Settings) > >> "-ResultSize Unlimite" > > type the user name via keyboard - if there are several thousand user > accounts, nobody knows what happens. > > > Thomas > > > > > Von: Martin Voßloh <[email protected]> > An: ASSP development mailing list <[email protected]> > Datum: 07.11.2014 12:00 > Betreff: Re: [Assp-test] LDAP and "Manage Admin Users!" > > > > Hi Thomas, > > thanks for your reply. -> Coolest software ever :) > > Ok, I have change the information "UID" to "sAMAccountName" and I see > only some entrys but not all. If I change the attribute to anything > other I only see some accounts and not all. Looks like a restriction. > "-ResultSize Unlimite" is for a big LDAP necessary - without it it > shows only the first > 1000 entrys. For eMail in ASSP checks its working but for the > authentication Admin Dialog not I think. > > Then I use a account I dont need but who is accessible for me. > I chose the account and it is displayed on "user name :" > "use LDAP / LDAP host :" is set with settings from the LDAP Setup > After continue I see more dialog but there is no LDAP Container Settings. > (I think we need them there) > The rest is normal for me with the part of user rights like local users. > ASSP version 2.4.4(14307) > In the End - no login for the new user is possible. > Nov-07-14 11:19:35 [Main_Thread] WebAuth: user admin10 - LDAP > bind/auth > error: 48 - No password, did you mean noauth or anonymous ? -- try > local password > > Is it right that the LDAP Container Settings will fill out by the > selected User ? > > Thanks for you and your work. > Regards > Martin > > > -----Ursprüngliche Nachricht----- > Von: Thomas Eckardt [mailto:[email protected]] > Gesendet: Freitag, 7. November 2014 09:03 > An: ASSP development mailing list > Betreff: Re: [Assp-test] LDAP and "Manage Admin Users!" > > What is not working? > > - select new user > - fill the select field with a part of the user name you are looking > for or leave it blank > - LDAP objectclass should be 'person' > - LDAP return attribute could be any, but 'uid' or 'cn' or 'mailaddress' > are usefull (what ever your LDAP/AD accepts for a userlogin) - > userPrincipalName seems to be also an option in AD > - click show > - you'll get a list of users below - if you used 'cn' as attribute and > you got a list , the LDAP server possibly supports contextless login > - click on a user, this fills the user name field with the right > content > - click continue > > The dialog has not to be used this way strictly. You may also define > the user name manualy (for example if you use a different LDAP server > for the > login) > > - now the dialog is the same like for local users - in addition the > LDAP section must be configured > - define the LDAP server - the field is prompted with the one from the > main config - if ports are not defined, the default ports are used > according to the next settings > - select the LDAP version to be used (eg. 3) > - LDAP container could be blank, if you used the cn (common name) > attribute as user name and the LDAP server supports contextless login > otherwise you need to define the LDAP location of the user (eg. > "cn=USER, o=org, c=country" or "cn=USER, dn=org, dn=country" - in AD > for example "cn=USER, cn=Users, dn=domain, dn=local") As a LDAP admin > you should know what to do! > - in most cases you have to use LDAP-SSL for user logins - most LDAP > servers don't accept plain text logins > - keep in mind, the AD handles user names not cases sensitive - ASSP > is doing it case sensitive! > > If you finished the user configuration, the user should be able to login. > > If there is anything wrong, you should see something like > > Nov-7-14 07:47:30 [Main_Thread] WebAuth: user xxxx - LDAP bind/auth error: > > 48 - Bind failed: Username / password binds not allowed -- try local > password > > in the log. Here 'LDAP-SSL' was not enabled for example > > Thomas > > > > > > Von: Martin Voßloh <[email protected]> > An: "[email protected]" > <[email protected]> > Datum: 06.11.2014 18:28 > Betreff: [Assp-test] LDAP and "Manage Admin Users!" > > > > > Hello, > > I use ASSP a long time with different Users. All admin users are local > ones because I don´t know how to configure for LDAP. > The "LDAP Setup" in ASSP ist working fine and I check all user email > adresses against the AD of Windows Server 2008 R2 but I couldn´t find > my problem for the admin users. > Does it exist some log informations for a bad try (debug)? > Any example or Wiki information? > > Thanks for help. > Regards > Martin > ---------------------------------------------------------------------- > -------- _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, > legally privileged and protected in law and are intended solely for > the use of the > > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > ---------------------------------------------------------------------- > -------- _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > ---------------------------------------------------------------------- > -------- _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, > legally privileged and protected in law and are intended solely for > the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > ---------------------------------------------------------------------- > -------- _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > ---------------------------------------------------------------------- > -------- _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
