Hi I'm looking to run an external directory server on the Scalix server as SAMAB an various other services run on the same machine. I have looked over previous postings and discovered that the SAC, SWA and other Scalix web based apps were not capable of looking at a port other than 389. Has this now been fixed or is there another workaround?
Many thanks
Mike v
Running external LDAP Directory services on the Scalix serve
Moderators: ScalixSupport, admin
-
mikevl
- Scalix Star
- Posts: 596
- Joined: Mon Feb 02, 2004 8:32 pm
- Location: New Zealand
-
ScalixSupport
- Scalix
- Posts: 5503
- Joined: Thu Mar 25, 2004 8:15 pm
Hi Mikevl,
If you don't want to use SAC you can configure Scalix LDAP to run on a different port by modifing the port number parameter in /var/opt/scalix/sys/slapd.conf. To have SWA find LDAP on a different port modify the port number parameter in /etc/opt/scalix/webmail/partner.xml.
SAC is not figurable for any other port than 389.
Regards,
Don
If you don't want to use SAC you can configure Scalix LDAP to run on a different port by modifing the port number parameter in /var/opt/scalix/sys/slapd.conf. To have SWA find LDAP on a different port modify the port number parameter in /etc/opt/scalix/webmail/partner.xml.
SAC is not figurable for any other port than 389.
Regards,
Don
-
sutton.ryan
- Posts: 28
- Joined: Mon Nov 14, 2005 6:14 pm
Mike,
I have a test Centos server running Fedora Directory Server on port 390 (MS recommends this port for alt ldap port for exchange)...FDS also is configured for 636 for all ldap auth for clients. I don't know what it takes to get scalix to use 636 with FDS, but since I have FDS on the same server, it simply uses port 390 on the localhost, therefore, the communication does not go over the wire, securing internal locahost communication is not necessary.
Regarding Samba, I have imported the samba ldif and configued samba for ldap lookup against FDS. FDS is very nice in that it will replicate (using 636) all samba stuff with ldap replication. Instead of using Microsoft domain membership, I use pGina to authenticate logins for Windows PCs. pGina uses port 636 and it can be configured to allow a user to be a local "user" or a "administrator". Using LDAP instead of samba (domain membership) allows all users (Linux, mac, windows) to exist as LDAP users in FDS. Only windows users get the samba schema added to their account by using smbpasswd -a (on the centos server). Only complaint I have so far is samba passwords have to be changed using usermin (hosted on Centos) and are seperate (not in sync) with the LDAP passwords. Also, samba can see all my posix users in LDAP, but it does not see the FDS groups....I have to create local groups on Centos and add FDS Ldap users to the groups. This requires keeping all uid and guids straight across servers. Regarldess, I have created single username/password environment to provide login, file server, print server, scalix email, ddns, ftp, http, without any Microsoft Server/Network products....(excluding XP clients).
Ryan
I have a test Centos server running Fedora Directory Server on port 390 (MS recommends this port for alt ldap port for exchange)...FDS also is configured for 636 for all ldap auth for clients. I don't know what it takes to get scalix to use 636 with FDS, but since I have FDS on the same server, it simply uses port 390 on the localhost, therefore, the communication does not go over the wire, securing internal locahost communication is not necessary.
Regarding Samba, I have imported the samba ldif and configued samba for ldap lookup against FDS. FDS is very nice in that it will replicate (using 636) all samba stuff with ldap replication. Instead of using Microsoft domain membership, I use pGina to authenticate logins for Windows PCs. pGina uses port 636 and it can be configured to allow a user to be a local "user" or a "administrator". Using LDAP instead of samba (domain membership) allows all users (Linux, mac, windows) to exist as LDAP users in FDS. Only windows users get the samba schema added to their account by using smbpasswd -a (on the centos server). Only complaint I have so far is samba passwords have to be changed using usermin (hosted on Centos) and are seperate (not in sync) with the LDAP passwords. Also, samba can see all my posix users in LDAP, but it does not see the FDS groups....I have to create local groups on Centos and add FDS Ldap users to the groups. This requires keeping all uid and guids straight across servers. Regarldess, I have created single username/password environment to provide login, file server, print server, scalix email, ddns, ftp, http, without any Microsoft Server/Network products....(excluding XP clients).
Ryan
-
heupink
- Posts: 146
- Joined: Thu Jul 15, 2004 9:36 am
- Location: netherlands
- Contact:
Could you have samba talk to openldap via UNIX domain sockets? That way, all regular ldap ports would be available for scalix.
(and then choose a random port to connect to the openldap server to add users, etc. I guess you have to tell linux about this random port also, for it to be able to lookup the users)
mj
(and then choose a random port to connect to the openldap server to add users, etc. I guess you have to tell linux about this random port also, for it to be able to lookup the users)
mj
Who is online
Users browsing this forum: No registered users and 9 guests