<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hi Scott,<div class="">Good thing to check. It turns out (on Ubuntu at least) it does bind to the IP address.<div class=""><br class=""></div><div class="">I was able to use an LDAP browser tool (JXplorer) to navigate the tree and do some experiments, and I got it to work. The relevant settings are shown below:</div><div class=""><br class=""></div><div class=""><li class="">
<label for="dirAuthFilter" class=""><strong class="">Account Filter</strong></label>
<br class="">
<input name="dirAuthFilter" value="alias" size="40" type="text" class="">
(Defaults to <em class="">samAccountName</em>)
<br class="">
<em class="">What LDAP field should we search the username against to locate the user's profile after successful login?</em>
</li>
<li class="">
<label for="dirAuthAccountSuffix" class=""><strong class="">Account Suffix</strong></label>
<br class="">
<input name="dirAuthAccountSuffix" value="" size="40" type="text" class=""><br class="">
<em class="">Suffix to be automatically appended to the username if desired. e.g. @<a href="http://domain.com" class="">domain.com</a></em><br class="">
<strong class="">NOTE:</strong> Changing this value will cause your existing directory users to have new accounts created the next time they login.
</li>
<li class="">
<label for="dirAuthBaseDn" class=""><strong class="">Base DN</strong></label>
<br class="">
<input name="dirAuthBaseDn" value="ou=People,dc=ev,dc=ithaca,dc=ny,dc=us" size="40" type="text" class=""><br class="">
<em class="">The base DN for carrying out LDAP searches.</em>
</li>
<li class="">
<label for="dirAuthPreBindUser" class=""><strong class="">Bind DN</strong></label>
<br class="">
<input name="dirAuthPreBindUser" value="uid=gilmore,ou=People,dc=ev,dc=ithaca,dc=ny,dc=us" size="40" type="text" class=""><br class="">
<em class="">Enter a valid user account/DN to
pre-bind with if your LDAP server does not allow anonymous profile
searches, or requires a user with specific privileges to search.</em>
</li><div class=""><br class=""></div></div><div class=""><br class=""></div><div class="">I had to provide a valid user DN (shown as XXX above) and password in the Blind DN field, so apparently anonymous searches are disabled. To confirm successful authentication, I used the field “alias” to be compared to the user string provided through Wordpress.</div><div class=""><br class=""></div><div class="">Jeff</div><div class=""><br class=""></div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Dec 4, 2014, at 5:12 PM, Scott Damron <<a href="mailto:scott.damron@damronhouse.net" class="">scott.damron@damronhouse.net</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div class=""><div data-html-editor-font-wrapper="true" style="font-family: arial, sans-serif; font-size: 13px;" class="">I don't remember if it is explicitly true, but I believe the LDAP server only binds to localhost (127.0.0.1) You may need to do a netstat to see and change it to bind to your IP address that you want it to listen on.<br class=""><br class="">
Scott<br class=""><br class="">
December 4 2014 4:09 PM, "Jeff Gilmore" <<a href="mailto:%22Jeff%20Gilmore%22%20<jeff@thegilmores.net>" tabindex="-1" target="_blank" class="">jeff@thegilmores.net</a>> wrote:
<blockquote class=""><div class=""> <br class="webkit-block-placeholder"></div>
<div class="">
<div style="word-wrap: break-word;-webkit-nbsp-mode: space;-webkit-line-break: after-white-space" class="">Hi all,
<div class="">I’m experimenting with setting up Kolab along with an instance of Wordpress to provide both groupware and additional web functionality. I’m hoping to allow the LDAP user store in Kolab to provide user authentication for the Wordpress stuff. Am I crazy, or is this a reasonable thing to expect to work?</div>
<div class=""> </div>
<div class="">I’m using a Wordpress plugin called WPDirAuth to make this connection, but I’m a newbie with Kolab and not terribly experienced with LDAP. Would anyone be willing to review the settings from this plugin shown below and take a first stab at what values might make sense?</div>
<div class=""> </div>
<div class="">The primary (and only) domain under which Kolab was setup is “<a href="http://ev.ithaca.ny.us/" rel="external" tabindex="-1" target="_blank" class="">ev.ithaca.ny.us</a>”.</div>
<div class=""> </div>
<div class="">Any help will be greatly appreciated.</div>
<div class=""> </div>
<div class="">
<ul class=""><li class=""><label for="dirAuthControllers" class=""><strong class="">Directory Servers (Domain Controllers)</strong></label><br class=""><input name="dirAuthControllers" size="40" tabindex="-1" type="text" value="eviweb.ev.ithaca.ny.us:389" class=""><br class=""><em class="">The DNS name or IP address of the directory server(s).</em></li>
<li class=""><strong class="">NOTE:</strong> Separate multiple entries by a comma and/or alternate ports with a colon (eg: <a href="http://my.server1.org/" rel="external" tabindex="-1" target="_blank" class="">my.server1.org</a>, <a href="http://my.server2.edu/" rel="external" tabindex="-1" target="_blank" class="">my.server2.edu</a>:387). Unfortunately, alternate ports will be ignored when using LDAP/SSL, because of <a href="http://ca3.php.net/ldap_connect" rel="external" tabindex="-1" target="_blank" class="">the way</a> PHP handles the protocol.</li>
<li class=""><label for="dirAuthFilter" class=""><strong class="">Account Filter</strong></label><br class=""><input name="dirAuthFilter" size="40" tabindex="-1" type="text" value="samAccountName" class=""> (Defaults to <em class="">samAccountName</em>)<br class=""><em class="">What LDAP field should we search the username against to locate the user's profile after successful login?</em></li>
<li class=""><label for="dirAuthAccountSuffix" class=""><strong class="">Account Suffix</strong></label><br class=""><input name="dirAuthAccountSuffix" size="40" tabindex="-1" type="text" value="" class=""><br class=""><em class="">Suffix to be automatically appended to the username if desired. e.g. @<a href="http://domain.com/" rel="external" tabindex="-1" target="_blank" class="">domain.com</a></em><br class=""><strong class="">NOTE:</strong> Changing this value will cause your existing directory users to have new accounts created the next time they login.</li>
<li class=""><label for="dirAuthBaseDn" class=""><strong class="">Base DN</strong></label><br class=""><input name="dirAuthBaseDn" size="40" tabindex="-1" type="text" value="ou=People,dc=ev, dc=ithaca, dc=ny, dc=us" class=""><br class=""><em class="">The base DN for carrying out LDAP searches.</em></li>
<li class=""><label for="dirAuthPreBindUser" class=""><strong class="">Bind DN</strong></label><br class=""><input name="dirAuthPreBindUser" size="40" tabindex="-1" type="text" value="" class=""><br class=""><em class="">Enter a valid user account/DN to pre-bind with if your LDAP server does not allow anonymous profile searches, or requires a user with specific privileges to search.</em></li>
<li class=""><label for="dirAuthPreBindPassword" class=""><strong class="">Bind Password</strong></label><br class=""><input name="dirAuthPreBindPassword" size="40" tabindex="-1" type="password" value="" class=""><br class=""><em class="">Enter a password for the above Bind DN if a value is needed.</em><br class=""><strong class="">Note 1</strong>: this value will be stored in clear text in your WordPress database.<br class=""><strong class="">Note 2</strong>: Simply clear the Bind DN value if you wish to delete the stored password altogether.</li>
<li class=""><label for="dirAuthPreBindPassCheck" class=""><strong class="">Confirm Password</strong></label><br class=""><input name="dirAuthPreBindPassCheck" size="40" tabindex="-1" type="password" value="" class=""><br class=""><em class="">Confirm the above Bind Password if you are setting a new value.</em></li>
<li class=""><label for="dirAuthGroups" class=""><strong class="">Authentication Groups</strong></label><br class=""><input name="dirAuthGroups" size="40" tabindex="-1" type="text" value="" class=""><br class=""><em class="">Enter each group CN that the user must be a member of in order to authenticate.</em><br class=""><strong class="">NOTE:</strong> Separate multiple CNs by a comma.</li>
</ul><div class=""> </div>
</div>
</div>
</div><div class=""> <br class="webkit-block-placeholder"></div>
</blockquote>
</div></div>
</div></blockquote></div><br class=""></div></div></body></html>