Thx for this. Just open a JIRA and upload any documentation or source
code you can. I am happy to review and commit them.
On 23/09/13 20:56, Robert Munn wrote:
Absolutely yes, I am happy to contribute. I am in the process of
implementing the <restriction > directive for groups and will share that
when it is working.
I have other configuration experiences/details I would like to contribute
to documentation as well. I have done a lot of testing with SSL settings
with various email clients and will share what I have learned.
I don't see anything in the LDAP source code related to LDAP over SSL. I
was wondering if anyone had implemented it. I looked at the source code and
it seems like code-wise you would have to add
SECURITY_PROTOCOL "ssl"
to the configuration. I am guessing there could be issues related to the
LDAP server certificate as well, given that the other SSL-related docs
specify having only one cert in the keystore in order for SSL to work
properly. My cert has entries for the LDAP server and the mail server, so
I am thinking I might be able to get it to work, but that isn't a good
generalized solution. Any suggestions in that direction would be great.
On Sun, Sep 22, 2013 at 9:34 PM, Eric Charles <[email protected]> wrote:
Thx for sharing this. If OK for you, I will take you config in the James
documentation.
On 23/09/13 00:20, Robert Munn wrote:
This message is a reply to an earlier message about LDAP authentication
failure. I have this working and thought I would share my config.
This is on Windows, FYI. I implemented a base Active Directory LDAP
instance with Users.LDIF. It creates a configuration from the root node
(cn=<host>,dc=<domain>,dc=com) that looks like this:
CN=LostAndFound
CN=NTDS Quotas
CN=Roles
CN=Users
I added a user (called admin below) at this level of the tree, which
looks
like this:
CN=LostAndFound
CN=NTDS Quotas
CN=Roles
CN=admin
I then added this user to the administrator Role in the tree:
1. select CN=Roles, then CN=Administrators
2, right-click CN=Administrators and selecting Properties
3. click members from the list of properties
4. click the Add DN button and add the DN of the admin
(cn=admin,cn=<host>,dc=<**domain>,dc=com)
5. Lastly, in the user's properties, set msDS-UserAccountDisabled = False.
<repository name="LocalUsers"
class="org.apache.james.user.**ldap.**ReadOnlyUsersLDAPRepository"
ldapHost="ldap://localhost:**389";
principal="cn=admin,cn=<host>,**dc=<domain>,dc=com"
credentials="<password>"
userBase="cn=Users,cn=<host>,**dc=<domain>,dc=com" userObjectClass="user"
userIdAttribute="cn"/>
Note the userIdAttribute, which is set to cn for the implementation above.
Also note the userBase starts with CN=Users. I add all the regular users
at
that level (one level below the admin).
In order to get this working, I worked out connecting to the LDAP store
using the ldp.exe directory browser on Windows.
------------------------------**------------------------------**---------
To unsubscribe, e-mail:
server-user-unsubscribe@james.**apache.org<[email protected]>
For additional commands, e-mail:
[email protected].**org<[email protected]>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
