Scalix Forums

Hi ,

I am running Scalix 11.0.0.2 & Novell eDirectory 8.8. Now I have to integrate these two
to achieve single sign on. Can anybody pls send me the detailed procedure to do i t.

Cheers,
Prosit

True Single-sign on (where you never enter a password) is only achievable with Kerberos.

However, you can do the following:

1) Set up the Scalix extensions to eDirectory (look in ~/sys for the openldap schema. That will tell you which ones to add)

2) Populate the added attributes in eDirectory for your users

3) Use omldapsync to set up a type 13 sync agreement, using the values from eDirectory

The above will give you the ability to populate your users from eDirectory to Scalix.

1) Choose an attribute in eDirectory that you want to autheticate against

2) Set up /etc/ldap.conf with the correct parameters as if you are doing PAM authenitcation (Novell has some docs describing this)

3) Modify the files in ~/sys/pam.d to reflect the new pam modules. Each file indicates one command or type of access.

The above will do the password sync for you.

I found that pam_ldap works better against eDirectory than om_ldap (at least it did in 10.0.0). You will need to change the module from om_ldap to pam_ldap, and add the auth ID. The following should give you an idea:

# LDAP authentication 2
auth required om_om2authid
auth required pam_ldap user_unknown=ignore
auth optional om_auth nullok use_first_pass

I have set this up before and it works, but it was a while ago so I can't tell you exactly how to do it.

Prosit,

I have configured Scalix 11.02 to authenticate against Novell eDirectory. It is not Single Sign on as Valerion stated, but I would be willing to share with you what I have learned. I have found that om_ldap performs well with less overhead (ie,,, less impact on processor performance) than pam_ldap. Send me PM with your contact information and I can try to answer some of your questions directly.

-Chris