Re: SSO and LDAP on mailpiler docker
Hello Patrick, the docker image features nginx, which is an excellent web server, however, its sso support is not that great. So if you want sso against AD, then your best bet is to build a new docker image with apache, and apply the hints Alex suggested. Janos On 2023-06-28 12:31, patrick.we...@rgi.net wrote: Hello Janos! At the moment i am trying to configure my mailpiler docker solution to use SSO. I am using your instruction on https://www.mailpiler.org/wiki/current:single-sign-on [1], but I am not sure if this will work for the docker solution. My server contains of 3 dockers (piler, mysql, memcached). The piler docker runs the nginx webserver, the piler (version 1.4.4) and manticore. Samba and winbind is not installed. My best guest is, that i have to install samba and winbind in the piler docker instead of installing it on the host. Am I right? - Patrick
Re: SSO and LDAP on mailpiler docker
Hi Patrick, I am using Apache in a Piler container with mod_auth_gssapi (https://github.com/gssapi/mod_auth_gssapi) I contributed this setup to the .htaccess here https://bitbucket.org/jsuto/piler/src/master/webui/.htaccess In this setup you don't need any winbind. Just setup Kerberos as explained in the .htaccess The cool thing about this is the fact that Apache simply sets the Authenticated-User once the Kerberos authentication was successful. Piler will then use this env as the username. Additionally I set: // enable single sign-on (disabled by default) $config['ENABLE_SSO_LOGIN'] = 1; $config['PASSWORD_CHANGE_ENABLED'] = 0; $config['STRIP_DOMAIN_NAME_FROM_USERNAME'] = 0; Note that Kerberos expects the Domain part to be capitalized. If you login "manually" without SSO you will have to use "username@YOUR.KERBEROS.DOMAIN" (There's some more documentation on Kerberos and mod_auth_gssapi on my Blog - in German :( https://blog.loetzimmer.de/2021/04/activedirectory-sso-mit-apache.html) Alex Am 28.06.2023 12:31, schrieb patrick.we...@rgi.net: Hello Janos! At the moment i am trying to configure my mailpiler docker solution to use SSO. I am using your instruction on https://www.mailpiler.org/wiki/current:single-sign-on [1], but I am not sure if this will work for the docker solution. My server contains of 3 dockers (piler, mysql, memcached). The piler docker runs the nginx webserver, the piler (version 1.4.4) and manticore. Samba and winbind is not installed. My best guest is, that i have to install samba and winbind in the piler docker instead of installing it on the host. Am I right? - Patrick Links: -- [1] https://www.mailpiler.org/wiki/current:single-sign-on
SSO and LDAP on mailpiler docker
Hello Janos! At the moment i am trying to configure my mailpiler docker solution to use SSO. I am using your instruction on https://www.mailpiler.org/wiki/current:single-sign-on, but I am not sure if this will work for the docker solution. My server contains of 3 dockers (piler, mysql, memcached). The piler docker runs the nginx webserver, the piler (version 1.4.4) and manticore. Samba and winbind is not installed. My best guest is, that i have to install samba and winbind in the piler docker instead of installing it on the host. Am I right? - Patrick