Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - LDAP Authentication
  FAQ FAQ  Forum Search   Register Register  Login Login

LDAP Authentication

 Post Reply Post Reply
Author
yapadu View Drop Down
Senior Member
Senior Member


Joined: 12 May 2005
Status: Offline
Points: 297
Post Options Post Options   Thanks (0) Thanks(0)   Quote yapadu Quote  Post ReplyReply Direct Link To This Post Topic: LDAP Authentication
    Posted: 01 March 2009 at 10:07pm
I am looking at using Open LDAP to support user authentication for SF.  The instructions on setting it up are a bit thin.

I see the search mask, which will locate the user (by email address?) but how does the password validation work?

How do we have to store the password in the LDAP server, what type of hash etc?
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 02 March 2009 at 10:54pm
yapadu,

In LDAP, you can search objects using various attributes, for example by uid or cn. SpamFilter by default will lookup a "username" in the sAMAccountName, the uid, and the UserPrincipalName attributes. The "username" is whatever you decide to use as a key to identify users in your LDAP installation. If you wish to use a different attribute, such as "mail" for example, you can just add:
(mail=%0:s)
to the list of attributes being searched by SpamFilter when performing the LDAP query.

Once SpamFilter locates the user (for which the credentials - username and password - are provided in the SMTP session) in LDAP, it will then try to authenticate such user with the above username/password on your LDAP server. If the authentication request is successful, the user is allowed to send mail.

There are no requirements in how passwords are stored in LDAP. You can use clear text, crypt, MD5, etc. There is no need to use reversible encryption, as SpamFilter is simply using the username/password provided in the SMTP session to attempt an authentication request to LDAP.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.133 seconds.