Hello everyone!
That would be great if the option to change password could work with
Microsoft Active Directory. I tried all tips that was suggested in the
last few mails, but none worked, I always end up with "Forbidden" and a
popup saying "Unhandled error response".
I guess that it is not possible to write in Microsoft AD, except
using some kind of paid protocol. I'm just wondering here, of course.
Note that I am running SOGo under a Ubuntu 14.04 TLS, that connects
to Microsoft AD to authenticate. The authentication works perfectly, but
the change password doesn't.
Cheers,
---
[1]
ALEX ZUOTOSKI
Tecnologia da Informação
Fones: +5541-3641-4250 / Ramal 229
E-mails: [email protected] / [email protected]
[1]
http://www.csmcalderaria.com.br [2]
Em 2017-01-31 18:30, Christoph Kreutzer escreveu:
> Hi Ralf, hi MJ,
>
> Thanks for the answers up to now!
>
> According to the docs [1] there is the following option for LDAP user
> sources:
>
> bindAsCurrentUser
>
> If set to YES, SOGo will always keep binding to the LDAP server using the DN
> of the currently authenticated user. If _bindFields_ is set, _bindDN_ and
> _bindPassword_ will still be required to find the proper DN of the user.
>
> In this case the user should be able to change it's own password via SOGo.
> For this to work, you either need bindFields set (for looking up the users
> DN) or IDFieldName (the attribute which builds the users' DN (like
> IDFieldName=<loginname>, baseDN).
>
> MJ, I don't know if that works in combination with SAML - since SOGo
> shouldn't know the users password, it probably binds using the given bindDN,
> which then would need the rights to change other users passwords.
>
> Ralf, I'm not sure what you're looking for. If you need a frontend for
> password self service, I would either go with the SOGo functionality built
> in, or with the already named LAM. In my use case I have an existing user
> management via a Zend Framework application, which allows that similarly to
> LAM (we use an admin user to set userPassword, setting a custom built
> crypt-hash using SHA512 with a nice number of rounds - should work with most
> Linux distros [2]).
> If you're asking regarding OpenLDAP ACLs to allow a user to change it's own
> password, you would find that here: [3]
> I don't really know much about the SOGo features itself, since I'm using SAML
> auth.
>
> Regards,
> Christoph
>
> [1]
> https://sogo.nu/files/docs/SOGoInstallationGuide.html#_authentication_using_ldap
>
> [2] https://en.m.wikipedia.org/wiki/Crypt_(C)#Support_in_operating_systems
> [3] http://www.openldap.org/lists/openldap-software/200212/msg00518.html
>
> Am 31.01.2017 um 14:52 schrieb lists ([email protected]) <[email protected]>:
>
> Hi
>
> we are looking for a password change machanism for openldap. Can you please
> share your knowledge re. this? In active directory, end users are allowed to
> change their own passwords by default. This does require that the connection
> is make over ldapS.
>
> There is a tool called ldap-account-manager (lam) that we used in the past.
> It included an end-user password change portal.
> (https://www.ldap-account-manager.org/)
>
> We are also looking currently testing RedHat's keycloak (SAML/oauth Idp) that
> will prompt users to change their ldap passwords as well, if they have
> expired.
> (http://www.keycloak.org/)
>
> And you're right: Perhaps better to take this offlist if you have more
> questions. (and yes, I also realise that your question was actually aimed at
> Christoph)
>
> Best regards to all,
> MJ
> --
> [email protected]
> https://inverse.ca/sogo/lists
--
[email protected]
https://inverse.ca/sogo/lists
Links:
------
[1] http://www.csmcalderaria.com.br
[2] http://www.csmcalderaria.com.br/
--
[email protected]
https://inverse.ca/sogo/lists
