Antwort: Re: Antwort: Re: SSO and LDAP on mailpiler docker
Hello Janos, thank you for your help. I managed to get LDAP working. I am currently working on SSO. If I run into any problems, I will leave a message. - Patrick Von:"Janos SUTO" An: "Piler User" Datum: 30.06.2023 19:16 Betreff: Re: Antwort: Re: SSO and LDAP on mailpiler docker Hello Patrick, check out the docs: https://www.mailpiler.org/wiki/current:ldap-authentication Janos On 2023-06-30 17:02, patrick.we...@rgi.net wrote: > Hello Janos, > > thank you for your help. > I think i have changed my priority. The first thing I have to make > sure is, that LDAP is working with the docker. > SSO comes second. I am still not sure how I can do it with my current > configuration (nginx, docker piler 1.4.4). > > - Patrick > > Von:"Janos SUTO" > An:"Piler User" > Datum:28.06.2023 16:14 > Betreff:Re: SSO and LDAP on mailpiler docker > > - > > Hello Patrick, > > the docker image features nginx, which is an excellent web server, > however, its sso support is not that great. So if you want sso against > AD, then your best bet is to build a new docker image with apache, and > apply the hints Alex suggested. > > Janos > > On 2023-06-28 12:31, patrick.we...@rgi.net wrote: >> Hello Janos! >> >> At the moment i am trying to configure my mailpiler docker solution > to >> use SSO. >> I am using your instruction on >> https://www.mailpiler.org/wiki/current:single-sign-on [1] [1], but I > am >> not sure >> if this will work for the docker solution. >> My server contains of 3 dockers (piler, mysql, memcached). The piler >> docker runs the nginx webserver, the piler (version 1.4.4) and >> manticore. >> Samba and winbind is not installed. My best guest is, that i have to >> install samba and winbind in the piler docker instead of installing > it >> on the host. Am I right? >> >> - Patrick >> > > > > Links: > -- > [1] https://www.mailpiler.org/wiki/current:single-sign-on
Re: Antwort: Re: SSO and LDAP on mailpiler docker
Hello Patrick, check out the docs: https://www.mailpiler.org/wiki/current:ldap-authentication Janos On 2023-06-30 17:02, patrick.we...@rgi.net wrote: Hello Janos, thank you for your help. I think i have changed my priority. The first thing I have to make sure is, that LDAP is working with the docker. SSO comes second. I am still not sure how I can do it with my current configuration (nginx, docker piler 1.4.4). - Patrick Von:"Janos SUTO" An:"Piler User" Datum:28.06.2023 16:14 Betreff:Re: SSO and LDAP on mailpiler docker - Hello Patrick, the docker image features nginx, which is an excellent web server, however, its sso support is not that great. So if you want sso against AD, then your best bet is to build a new docker image with apache, and apply the hints Alex suggested. Janos On 2023-06-28 12:31, patrick.we...@rgi.net wrote: Hello Janos! At the moment i am trying to configure my mailpiler docker solution to use SSO. I am using your instruction on https://www.mailpiler.org/wiki/current:single-sign-on [1] [1], but I am not sure if this will work for the docker solution. My server contains of 3 dockers (piler, mysql, memcached). The piler docker runs the nginx webserver, the piler (version 1.4.4) and manticore. Samba and winbind is not installed. My best guest is, that i have to install samba and winbind in the piler docker instead of installing it on the host. Am I right? - Patrick Links: -- [1] https://www.mailpiler.org/wiki/current:single-sign-on
Antwort: Re: SSO and LDAP on mailpiler docker
Hello Janos, thank you for your help. I think i have changed my priority. The first thing I have to make sure is, that LDAP is working with the docker. SSO comes second. I am still not sure how I can do it with my current configuration (nginx, docker piler 1.4.4). - Patrick Von:"Janos SUTO" An: "Piler User" Datum: 28.06.2023 16:14 Betreff:Re: SSO and LDAP on mailpiler docker Hello Patrick, the docker image features nginx, which is an excellent web server, however, its sso support is not that great. So if you want sso against AD, then your best bet is to build a new docker image with apache, and apply the hints Alex suggested. Janos On 2023-06-28 12:31, patrick.we...@rgi.net wrote: > Hello Janos! > > At the moment i am trying to configure my mailpiler docker solution to > use SSO. > I am using your instruction on > https://www.mailpiler.org/wiki/current:single-sign-on [1], but I am > not sure > if this will work for the docker solution. > My server contains of 3 dockers (piler, mysql, memcached). The piler > docker runs the nginx webserver, the piler (version 1.4.4) and > manticore. > Samba and winbind is not installed. My best guest is, that i have to > install samba and winbind in the piler docker instead of installing it > on the host. Am I right? > > - Patrick >
Re: SSO and LDAP on mailpiler docker
Hello Patrick, the docker image features nginx, which is an excellent web server, however, its sso support is not that great. So if you want sso against AD, then your best bet is to build a new docker image with apache, and apply the hints Alex suggested. Janos On 2023-06-28 12:31, patrick.we...@rgi.net wrote: Hello Janos! At the moment i am trying to configure my mailpiler docker solution to use SSO. I am using your instruction on https://www.mailpiler.org/wiki/current:single-sign-on [1], but I am not sure if this will work for the docker solution. My server contains of 3 dockers (piler, mysql, memcached). The piler docker runs the nginx webserver, the piler (version 1.4.4) and manticore. Samba and winbind is not installed. My best guest is, that i have to install samba and winbind in the piler docker instead of installing it on the host. Am I right? - Patrick
Re: SSO and LDAP on mailpiler docker
Hi Patrick, I am using Apache in a Piler container with mod_auth_gssapi (https://github.com/gssapi/mod_auth_gssapi) I contributed this setup to the .htaccess here https://bitbucket.org/jsuto/piler/src/master/webui/.htaccess In this setup you don't need any winbind. Just setup Kerberos as explained in the .htaccess The cool thing about this is the fact that Apache simply sets the Authenticated-User once the Kerberos authentication was successful. Piler will then use this env as the username. Additionally I set: // enable single sign-on (disabled by default) $config['ENABLE_SSO_LOGIN'] = 1; $config['PASSWORD_CHANGE_ENABLED'] = 0; $config['STRIP_DOMAIN_NAME_FROM_USERNAME'] = 0; Note that Kerberos expects the Domain part to be capitalized. If you login "manually" without SSO you will have to use "username@YOUR.KERBEROS.DOMAIN" (There's some more documentation on Kerberos and mod_auth_gssapi on my Blog - in German :( https://blog.loetzimmer.de/2021/04/activedirectory-sso-mit-apache.html) Alex Am 28.06.2023 12:31, schrieb patrick.we...@rgi.net: Hello Janos! At the moment i am trying to configure my mailpiler docker solution to use SSO. I am using your instruction on https://www.mailpiler.org/wiki/current:single-sign-on [1], but I am not sure if this will work for the docker solution. My server contains of 3 dockers (piler, mysql, memcached). The piler docker runs the nginx webserver, the piler (version 1.4.4) and manticore. Samba and winbind is not installed. My best guest is, that i have to install samba and winbind in the piler docker instead of installing it on the host. Am I right? - Patrick Links: -- [1] https://www.mailpiler.org/wiki/current:single-sign-on
SSO and LDAP on mailpiler docker
Hello Janos! At the moment i am trying to configure my mailpiler docker solution to use SSO. I am using your instruction on https://www.mailpiler.org/wiki/current:single-sign-on, but I am not sure if this will work for the docker solution. My server contains of 3 dockers (piler, mysql, memcached). The piler docker runs the nginx webserver, the piler (version 1.4.4) and manticore. Samba and winbind is not installed. My best guest is, that i have to install samba and winbind in the piler docker instead of installing it on the host. Am I right? - Patrick
