Comments (14)
That said, a cursory search mostly brings up sambda acting as a ldap server for linux, rather than the opposite. How are you trying to set it up?
I'm trying to set simple auth via LDAP. Like this (example from 'Samba with OpenLDAP' tutorials):
passdb backend = ldapsam:ldap://ldap_server:3890
ldap suffix = dc=domain,dc=tld
ldap admin dn = uid=bind_ro,ou=people,dc=domain,dc=tld
ldap ssl = no
ldap user suffix = ou=people
ldap group suffix = ou=groups
https://7thzero.com/blog/configure-centos-7-samba-server-use-secure-ldap-authentication
from lldap.
I think that topic is more complex (and completely unrelated to Samba). Briefly, though, I believe Synology uses SSSD to communicate with the LDAP server. SSSD can optionally cache passwords, and can also be used to change the password. If you don't do either, it shouldn't matter if it doesn't return the userPassword
attribute.
Once it's possible to get Samba attributes in, I might have a poke and see if I'm right about that.
from lldap.
I haven't looked into it, but I'd wager that sambda requires some non-lldap-default fields, which would be blocked by #67
But it's being (slowly) worked on!
That said, a cursory search mostly brings up sambda acting as a ldap server for linux, rather than the opposite. How are you trying to set it up?
from lldap.
For future reference, this seems to be the list of fields required by samba: https://serverfault.com/a/1051389
from lldap.
+1 for samba integration
same issue on qnap nas:
[2023/07/02 21:32:57.590384, 0] ../../source3/passdb/pdb_ldap_util.c:314(smbldap_search_domain_info)
smbldap_search_domain_info: Adding domain info for DOMAIN.NAME failed with NT_STATUS_UNSUCCESSFUL
[2023/07/02 21:32:57.590479, 0] ../../source3/passdb/pdb_ldap.c:6756(pdb_ldapsam_init_common)
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it.
[2023/07/02 21:32:57.590512, 0] ../../source3/passdb/pdb_interface.c:186(make_pdb_method_name)
pdb backend ldapsam:ldaps://LDAP.SERVER did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
from lldap.
I'd also like to see this. I'd like to use something simpler than OpenLDAP but my Synology NAS needs some amount of Samba stuff - I think just the password control portions of it, but not 100% sure.
from lldap.
@ipsi FWIW, I'm not sure that LLDAP will ever be compatible with Synology, even with Samba. Last time I looked, Synology was requesting the hashed password to be able to check the login locally. That's something we just can't do in LLDAP, by design (we don't store the hashed password, but instead we use a zero-knowledge protocol to verify the password)
from lldap.
Alright. Feel free to follow the progress at #67
If you're feeling exceptionally motivated, you can already create the fields and set the values directly in the database, and they'll be returned over LDAP, so you can directly check your assumptions. But I totally understand if you want to wait until I actually implement field creation/setting in the web UI :)
from lldap.
I think that topic is more complex (and completely unrelated to Samba). Briefly, though, I believe Synology uses SSSD to communicate with the LDAP server. SSSD can optionally cache passwords, and can also be used to change the password. If you don't do either, it shouldn't matter if it doesn't return the
userPassword
attribute.Once it's possible to get Samba attributes in, I might have a poke and see if I'm right about that.
Have you already tried something or have you had success with this? I am interested in this very thing.
from lldap.
By the way, #67 should be ready now, you can create custom attributes with https://github.com/Zepmann/lldap-cli
Who wants to give samba a try?
from lldap.
I would love to see this integration working.
from lldap.
@johnmmcgee we just need a volunteer to figure out the configuration. Want to give it a try?
from lldap.
sure. how would one create these fields? My ldap experience is not that great, so any direction would be welcome.
from lldap.
Usually that requires looking at the docs of the service to see what fields they expect (they sometimes provide an ldif file that outlines the schema they expect), and/or reverse engineering their expectations from the services' debug logs and LLDAP verbose mode.
Then using lldap-cli, you can create the user/group attributes required.
Feel free to head over to LLDAP's discord server if you have any questions.
from lldap.
Related Issues (20)
- [INTEGRATION] Trying to use LLDAP with etherpad (plus ep_ldapauth_ng plugin) HOT 6
- [BUG] subpath don't work with image lldap/lldap:2024-03-07-debian|alpine HOT 4
- [INTEGRATION] AMP by cubecoders HOT 5
- [BUG] Ldap query to filter user present in two groups is always empty
- [FEATURE REQUEST] Paranoid logging mode
- [BUG] `lldap_password_manager` role does not see other users in the web UI HOT 5
- [INTEGRATION] Stalwart Mailserver HOT 3
- Traefik's PathPrefix supported? HOT 1
- [FEATURE REQUEST] Helm chart implementation details HOT 6
- [FEATURE REQUEST] Include bootstrap.sh in Docker image HOT 2
- [INTEGRATION] Trying to use LLDAP with LAM (Ldap Account Manager)
- [BUG] password reset: mail server error discloses user email
- Nested groups HOT 1
- [BUG] Email through Starttls not working HOT 2
- [FEATURE REQUEST] Return schema in RootDSE for better compatibility with Apache Directory Studio Browser HOT 6
- [FEATURE REQUEST] File-only database HOT 1
- [BUG] LDAP groups not working with Nextcloud HOT 2
- [FEATURE REQUEST] modifyTimestamp
- [FEATURE REQUEST] One checkbox per user to temporarily deny/allow access HOT 1
- [INTEGRATION] uidNumber: missing on nslcd authentication HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lldap.