Hi,
Am 22.02.2012 15:33, schrieb [email protected]:
Is it possible to simultaneously use MySql and LDAP authentication?
yes.
If so, how?
mix it in one configuration, it is an array of SOGoUserSources.
Beware of the order! First hit wins (I think), which means, SOGo
checks the first SOGoUserSource (i. e. MySQL-based), if there's a hit,
the user is authenticated against MySQL, if not SOGo tries the next
user source.
We are using three (!) Sources: the first for LDAP/AD auth, the second
for all accounts which are not stored in AD, the third only for an
addressbook - runs quit good.
Attached a example configuration (only SOGoUserSources and XML).
--
Greetings,
Martin Rabl
--
[email protected]
https://inverse.ca/sogo/lists
<key>SOGoUserSources</key>
<array>
<dict>
<key>CNFieldName</key>
<string>displayName</string>
<key>IDFieldName</key>
<string>cn</string>
<key>UIDFieldName</key>
<string>sAMAccountName</string>
<key>IMAPLoginFieldName</key>
<string>sAMAccountName</string>
<key>baseDN</key>
<string>CN=Users,DC=acme,DC=com</string>
<key>bindDN</key>
<string>CN=Groupware,OU=Systems,CN=Users,DC=acme,DC=com</string>
<key>bindFields</key>
<array>
<string>sAMAccountName</string>
</array>
<key>bindPassword</key>
<string>O1RnlPFg-i</string>
<key>canAuthenticate</key>
<string>YES</string>
<key>displayName</key>
<string>ad_auth</string>
<key>filter</key>
<string>(objectClass='person' AND
memberOf='CN=Groupware-Accounts,CN=Users,DC=acme,DC=com' AND
userAccountControl='66048')</string>
<key>hostname</key>
<string>ad.acme.com</string>
<key>id</key>
<string>ldap</string>
<key>isAddressBook</key>
<string>NO</string>
<key>port</key>
<string>389</string>
<key>scope</key>
<string>sub</string>
<key>type</key>
<string>ldap</string>
</dict>
<dict>
<key>canAuthenticate</key>
<string>YES</string>
<key>displayName</key>
<string>database_auth</string>
<key>id</key>
<string>database</string>
<key>isAddressBook</key>
<string>NO</string>
<key>type</key>
<string>sql</string>
<key>userPasswordAlgorithm</key>
<string>md5</string>
<key>viewURL</key>
<string>mysql://USER:PASSWORD@localhost:3306/mailserver/sogo_auth_view</string>
</dict>
<dict>
<key>canAuthenticate</key>
<string>NO</string>
<key>displayName</key>
<string>Adressen von SN</string>
<key>id</key>
<string>address_database</string>
<key>isAddressBook</key>
<string>YES</string>
<key>KindFieldName</key>
<string>kind</string>
<key>CNFieldNames</key>
<string>displayname</string>
<key>MailFieldNames</key>
<array>
<string>mail</string>
<string>additionalmail</string>
<string>userprincipalname</string>
</array>
<key>SearchFieldNames</key>
<array>
<string>sn</string>
<string>name</string>
<string>uid</string>
<string>additionalmail</string>
<string>mail</string>
<string>displayName</string>
<string>cn</string>
<string>ou</string>
<string>description</string>
<string>department</string>
</array>
<key>SOGoLDAPContactInfoAttribute</key>
<string>displayname</string>
<key>scope</key>
<string>base</string>
<key>type</key>
<string>sql</string>
<key>viewURL</key>
<string>mysql://USER:PASSWORD@localhost:3306/mailserver/sogo_addresses</string>
</dict>
</array>
