Quick notes on configuring LDAP in Fishworks, gleaned from my experience working with the VMware simulator:
As I noted in my “quick walk” post’s comments, I had difficulty getting LDAP working initially on my corporate Active Directory network. The crux for me turned out to be getting the LDAP Schema Definitions correct. Here are the settings that worked correctly for me, authenticating against an AD instance with the schema extended by Microsoft’s Services for Unix add-on (other LDAP schemata will, of course, need different mappings):
USERS
Search descriptor: Don’t leave this blank - according to the Fishworks documentation this “sets the LDAP search descriptor, attribute mappings and object class mappings for users and groups. By default, the search descriptor for users is ou=people,dc=example,dc=com, and for groups is ou=group,dc=example,dc=com” - so what you enter will be site-specific.
Attribute mappings:
- uid=msSFU30Name
- uidNumber=msSFU30UidNumber
- gidNumber=msSFU30GidNumber
Object class mappings:
- posixAccount=User
GROUPS
Search descriptor: Again, don’t leave this blank - enter the appropriate value for your site.
Attribute mappings:
- gidNumber=msSFU30GidNumber
- uniqueMember=msSFU30PosixMember
Object class mappings:
- posixGroup=group
How did I know that the schema definition mappings were the problem? The logs gave it away: Maintenance -> Logs -> System, where I saw messages similar to the following: “libsldap: Status: 0 Mesg: Unable to set value: schema map already existed for ‘User’.”
How did I know that I had the schema definitions working? Share settings that I had created using numeric UIDs and GIDs automatically became mapped to the correct user and group names.
I’ll update this post if I find additional configuration that may be necessary.
Post a Comment