Am 02.07.2018 um 11:01 schrieb Rowland Penny via samba:> On Mon, 2 Jul 2018 10:19:29 +0200 > Jakob Lenfers via samba <samba at lists.samba.org> wrote:> You can extend the schema, Samba even supplies a script to turn > openldap schemas to Active directory ldifs and it has the imaginative > name of 'oLschema2ldif'Thanks, will check it out.>> - Is it feasible to authenticate and feed some user settings to >> services like dovecot and nextcloud with a Samba AD? > We have a wikipage for dovecot: > > https://wiki.samba.org/index.php/Authenticating_Dovecot_against_Active_DirectoryThanks, I'll probably use the ldap interface instead, since I need more than only authentication. Postfix needs to know email addresses and dovecot quota as well.> Try an internet search for 'nextcloud active directory' or 'nextcloud > kerberos'Nextcloud works out of the box, but if I want to manage quotas there, I'll need to use extra attributes...>> - How would I edit my attributes? I doubt there will be a tab in the >> windows dialog (dsa.msc) we use now... > No you cannot use windows tools, but you could write your own scripts, > or use something like Linux Account Manager (LAM)... which I need to configure somehow. Does anybody have good advice in that regard? GOsa seems to be dead (that's what we are using now, I fear it'll die with our last server supporting PHP5), LAM has to be rented, which I cannot do. Maybe I'll just use a general purpose LDAP client, then I'll be independent from that kind of developments. But if anybody is in a similar situation and has a good tool I missed, I would be grateful. I guess I'm leaving the lists topic, sorry for the noise. Thanks, Jakob
On Mon, 2 Jul 2018 14:24:03 +0200 Jakob Lenfers <lenfers at bigsss-bremen.de> wrote:> Am 02.07.2018 um 11:01 schrieb Rowland Penny via samba: > > >> - Is it feasible to authenticate and feed some user settings to > >> services like dovecot and nextcloud with a Samba AD? > > We have a wikipage for dovecot: > > > > https://wiki.samba.org/index.php/Authenticating_Dovecot_against_Active_Directory > > Thanks, I'll probably use the ldap interface instead, since I need > more than only authentication. Postfix needs to know email addresses > and dovecot quota as well.You really need to speak to Louis about email, but I think he would suggest investigating Kopano.> > > Try an internet search for 'nextcloud active directory' or > > 'nextcloud kerberos' > > Nextcloud works out of the box, but if I want to manage quotas there, > I'll need to use extra attributes...Is there a schema available ?> > >> - How would I edit my attributes? I doubt there will be a tab in > >> the windows dialog (dsa.msc) we use now... > > No you cannot use windows tools, but you could write your own > > scripts, or use something like Linux Account Manager (LAM) > > ... which I need to configure somehow. Does anybody have good advice > in that regard? GOsa seems to be dead (that's what we are using now, > I fear it'll die with our last server supporting PHP5), LAM has to be > rented, which I cannot do.There is a free version of LAM, but there are some restrictions.>Maybe I'll just use a general purpose LDAP > client, then I'll be independent from that kind of developments. But > if anybody is in a similar situation and has a good tool I missed, I > would be grateful.Wouldn't we all ;-) Have considered writing your own scripts around ldapsearch etc ?> > I guess I'm leaving the lists topic, sorry for the noise.No, it is a valid topic, using 'things' with a Samba AD DC will always be valid, provided it doesn't clash with a Samba provided tool. Rowland
Am 02.07.2018 um 15:13 schrieb Rowland Penny via samba:> You really need to speak to Louis about email, but I think he would > suggest investigating Kopano.I like it and checked it out in the past, but I cannot rent software, I can only buy. And nightly builds in the CE aren't my cup of tea.>> Nextcloud works out of the box, but if I want to manage quotas there, >> I'll need to use extra attributes... > Is there a schema available ?Not that I know of, but you can configure Nextcloud to use any attribute, so we created our own attribute in our schema for nextcloud:> attributetype ( 1.3.6.1.4.1.35502.1.2.3.1 NAME 'owncloudQuota' > DESC 'Quota for ownCloud' > EQUALITY integerMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 > SINGLE-VALUE )>> ... which I need to configure somehow. Does anybody have good advice >> in that regard? GOsa seems to be dead (that's what we are using now, >> I fear it'll die with our last server supporting PHP5), LAM has to be >> rented, which I cannot do. > There is a free version of LAM, but there are some restrictions.As far as I understood, it also restricts managing your own attributes, which would be necessary for me.>> Maybe I'll just use a general purpose LDAP >> client, then I'll be independent from that kind of developments. But >> if anybody is in a similar situation and has a good tool I missed, I >> would be grateful. > Wouldn't we all ;-) > > Have considered writing your own scripts around ldapsearch etc ?Sure, but I prefer tested solutions. But if I don't find anything suitable, maybe we'll really do a simple web interface... I got another hint off list, GOsa was forked into Fusion Directory. Will check this out as well. Thanks, this shows me at least that I didn't miss anything obvious. Best, Jakob
Mandi! Jakob Lenfers via samba In chel di` si favelave...> it'll die with our last server supporting PHP5), LAM has to be rented, > which I cannot do. Maybe I'll just use a general purpose LDAP client,AFAI've seen using it, LAM cover effectively most of the features in ''free'' mode, and have also a ''tree browser'' mode that clearly work as every generic ldap browser out there. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Hi Marco, On 04.07.2018 18:38, Marco Gaiarin via samba wrote:>> it'll die with our last server supporting PHP5), LAM has to be rented, >> which I cannot do. Maybe I'll just use a general purpose LDAP client, > > AFAI've seen using it, LAM cover effectively most of the features in > ''free'' mode, and have also a ''tree browser'' mode that clearly work > as every generic ldap browser out there.Samba and Unix etc. are all part of free version. In case you want to manage Nextcloud quota with a custom schema then the Pro version offers support for it. Same if you want to provide an interface for your users to edit their own data. You can also manage the quota via tree browser in free version. Best regards Roland -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20180704/e4759a69/signature.sig>