Hi
If i install scalix on a server with hostname scalix.uk.example.com and have mailnodes of scalixuk,local and headoffice,admin what would be the Base DN and Bind DN to access the LDAP directroy in Scalix.
Thx
MR
LDAP newbie
Moderators: ScalixSupport, admin
-
jch
- Scalix
- Posts: 202
- Joined: Thu Mar 25, 2004 10:25 am
The Scalix LDAP server's hierarchy isn't related to the mailnode hierarchy, at least not by default. All of what I'm about to say is configurable, but the details aren't likely to be of much interest!
All users live in a flat namespace under "o=Scalix" but you can search for them under the empty base string (for ldapsearch that's '-b o=Scalix' or '-b ""').
Basic searching works well with anonymous authentication (eg ldapsearch -xh localhost -b "" sn=smith) and the LDAP server is optimised for anonymous bind. Authenticated bind uses a DN based on the username, usually something like "cn=John Smith, o=Scalix" although you can often miss off the "cn=John Smith" and if there's more than one John Smith (on a different mailnode) you can change it to "cn=John Smith/scalixuk,local" (for example). Alternatively, and probably less confusingly, you can use the user's Internet address as the bind DN. For example this will prompt you for a password and search using the specified credentials: ldapsearch -xh localhost -b "" -WD mail=jsmith@scalix.uk.example.com sn=smith
Non-anonymous searching is useful in two cases: there are a few attributes that are only visible to admin users (I'm an admin user so I get to see them when I use an ldapsearch command like the one above) and the base "o=MyContacts" has a special meaning. The o=MyContacts "sub-tree" is mapped on to your Contacts folder rather than the directory. A search with "-b o=MyContacts' is a little slower than searching the directory (it's rather more complex) but this is a really useful feature which I'm hoping will be rendered obsolete once my favourite client can see and understand the vCards in my Contacts folder -- but someone needs to write some code!
jch
All users live in a flat namespace under "o=Scalix" but you can search for them under the empty base string (for ldapsearch that's '-b o=Scalix' or '-b ""').
Basic searching works well with anonymous authentication (eg ldapsearch -xh localhost -b "" sn=smith) and the LDAP server is optimised for anonymous bind. Authenticated bind uses a DN based on the username, usually something like "cn=John Smith, o=Scalix" although you can often miss off the "cn=John Smith" and if there's more than one John Smith (on a different mailnode) you can change it to "cn=John Smith/scalixuk,local" (for example). Alternatively, and probably less confusingly, you can use the user's Internet address as the bind DN. For example this will prompt you for a password and search using the specified credentials: ldapsearch -xh localhost -b "" -WD mail=jsmith@scalix.uk.example.com sn=smith
Non-anonymous searching is useful in two cases: there are a few attributes that are only visible to admin users (I'm an admin user so I get to see them when I use an ldapsearch command like the one above) and the base "o=MyContacts" has a special meaning. The o=MyContacts "sub-tree" is mapped on to your Contacts folder rather than the directory. A search with "-b o=MyContacts' is a little slower than searching the directory (it's rather more complex) but this is a really useful feature which I'm hoping will be rendered obsolete once my favourite client can see and understand the vCards in my Contacts folder -- but someone needs to write some code!
jch
Who is online
Users browsing this forum: No registered users and 32 guests