Changes between Initial Version and Version 1 of LDAP_AD

02/03/11 05:25:25 (7 years ago)

initial version



    v1 v1  
     1= Setting up LDAP = 
     2== Assumptions == 
     3 * The URI to your LDAP server `` 
     4 * A user name `mulberry` 
     6== HOWTO (specifically targeted at AD) == 
     7=== In the `Accounts` preferences === 
     8 * Create a new LDAP account called `company` 
     9 * `Server:` 
     10  * Possible port numbers typically are `389` (plain text authentication), `636` (SSL authentication) and `3268` (`global catalogue`). Only the latter needs to be specified manually. 389 and 636 are used automatically, depending on the authentication options selected. 
     11=== `Accounts` -> `Authenticate` === 
     12 * `User: mulberry`. 
     13  * When connecting to an AD server, the domain should be included with the user name, typically something like `company\mulberry`. 
     15=== `Accounts` -> `Attributes 1` === 
     16 * `Root: OU=com,DC=site,DC=company,DC=com` 
     17  * Note that the three DC (DC = domain component) arguments are (typically should be?) based on the domain name of the LDAP-server. The first OU (OU = organization unit) is then a branch at the root level of the LDAP tree. 
     18  * If the LDAP tree is big, more specific searches can be achieved by specifying the root in more detail, e.g., `Root: OU=department,OU=site,OU=com,DC=site,DC=company,DC=com` 
     19 * Typical values for `Name`and `Email` are `cn` and `mail`. 
     20  * You can map your own LDAP objects to Mulberry address book element. Find their label by browsing your LDAP tree with an LDAP browser and just take the `name` in the tree and insert in the field of your choice. 
     21   * [ LDAP browser for Windows] 
     24== Notes == 
     25 * In an LDAP context `bind` and `binding` mean what usually is referred to as `log in`. When you bind to an LDAP server you login/authenticate to it. 
     26 * Mulberry seems to have some limitations in its LDAP support, mainly `scope` and `referral chasing`. This means that if users are listed in both `DC=site,DC=company,DC=com` and `DC=site,DC=company,DC='''net'''` Mulberry needs two LDAP accounts with different roots (or is there a workaround for this situation? Please elaborate!). 
     27 * [ List of LDAP acronyms]