Absolutely yes, I am happy to contribute. I am in the process of implementing the <restriction > directive for groups and will share that when it is working.
I have other configuration experiences/details I would like to contribute to documentation as well. I have done a lot of testing with SSL settings with various email clients and will share what I have learned. I don't see anything in the LDAP source code related to LDAP over SSL. I was wondering if anyone had implemented it. I looked at the source code and it seems like code-wise you would have to add SECURITY_PROTOCOL "ssl" to the configuration. I am guessing there could be issues related to the LDAP server certificate as well, given that the other SSL-related docs specify having only one cert in the keystore in order for SSL to work properly. My cert has entries for the LDAP server and the mail server, so I am thinking I might be able to get it to work, but that isn't a good generalized solution. Any suggestions in that direction would be great. On Sun, Sep 22, 2013 at 9:34 PM, Eric Charles <e...@apache.org> wrote: > Thx for sharing this. If OK for you, I will take you config in the James > documentation. > > > On 23/09/13 00:20, Robert Munn wrote: > >> This message is a reply to an earlier message about LDAP authentication >> failure. I have this working and thought I would share my config. >> >> This is on Windows, FYI. I implemented a base Active Directory LDAP >> instance with Users.LDIF. It creates a configuration from the root node >> (cn=<host>,dc=<domain>,dc=com) that looks like this: >> >> CN=LostAndFound >> CN=NTDS Quotas >> CN=Roles >> CN=Users >> >> I added a user (called admin below) at this level of the tree, which >> looks >> like this: >> >> CN=LostAndFound >> CN=NTDS Quotas >> CN=Roles >> CN=admin >> >> I then added this user to the administrator Role in the tree: >> >> 1. select CN=Roles, then CN=Administrators >> 2, right-click CN=Administrators and selecting Properties >> 3. click members from the list of properties >> 4. click the Add DN button and add the DN of the admin >> (cn=admin,cn=<host>,dc=<**domain>,dc=com) >> 5. Lastly, in the user's properties, set msDS-UserAccountDisabled = False. >> >> <repository name="LocalUsers" >> class="org.apache.james.user.**ldap.**ReadOnlyUsersLDAPRepository" >> ldapHost="ldap://localhost:**389"; >> principal="cn=admin,cn=<host>,**dc=<domain>,dc=com" >> credentials="<password>" >> userBase="cn=Users,cn=<host>,**dc=<domain>,dc=com" userObjectClass="user" >> userIdAttribute="cn"/> >> >> Note the userIdAttribute, which is set to cn for the implementation above. >> >> Also note the userBase starts with CN=Users. I add all the regular users >> at >> that level (one level below the admin). >> >> In order to get this working, I worked out connecting to the LDAP store >> using the ldp.exe directory browser on Windows. >> >> > ------------------------------**------------------------------**--------- > To unsubscribe, e-mail: > server-user-unsubscribe@james.**apache.org<server-user-unsubscr...@james.apache.org> > For additional commands, e-mail: > server-user-help@james.apache.**org<server-user-h...@james.apache.org> > >
