Link to home
Create AccountLog in
Avatar of Richard Quadling
Richard QuadlingFlag for United Kingdom of Great Britain and Northern Ireland

asked on

I need a quick talkthrough getting HTTPS and LDAP user authentication working on Sambar Server.

Hi.

I'm really stuck.

I need to have a secure login page into our internal web app (PHP and MS SQL based) (https with LDAP authentication).

Once secured, I will create a DB token as part of a normal session and this can then travel with the user outside of https.

But I don't know enough about SSL or LDAP.

I have Sambar Server running with multiple Vhosts. Each host is currently unsecured. They are all going to be re-engineered to have a single site.

Basically the sites are internal only and provide a LOT of data about he company.

One of our ex-employees took it upon themselves to do things they shouldn't have.

So now I've got to make it secure. 3 years and it had all been fine.

From my understanding ...

I have to use HTTPS as the start to allow for the username/password to be sent encrypted as a packet sniffer can see Basic authentication and Digest is reversible.

I want to use LDAP as this holds all the usernames and passwords for our users and they already have procedures in place when they forget their password.



I can start with a virgin setup, so absolutely nothing configured it that helps.


A step by step process would be nice. When it is working, then I can find out how it works.

Absolutely ANY help would be appreciated.


Please!

Richard Quadling.
ASKER CERTIFIED SOLUTION
Avatar of Kevin Hays
Kevin Hays
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Richard Quadling

ASKER

Aha! I see. One of the things that seem to be missing from the Sambar setup is the authentication of the webserver to LDAP.

Not sure if that is correct though. It may be that the user supplied details are the always used to connect/bind.

SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
But I don't think Sambar has this.

I think it just uses the users credentials.

Using Wireshark shows this, but it doesn't work.

Also, the uid value =uid, whereas I think this should be (like you suggest) sAMAccountName.

I think I need someone with Sambar knowledge.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Ha. Been there. I do have Sambar installed. What is missing from the doc is there is another setting of ...

LDAP uid = uid

This setting doesn't make things work.

Nor does changing it to ...

LDAP uid = sAMAccountName

I choose sAMAccountName because that is the only element shown via LDP which matches my account name when I login to windows. As it does for all users. It is also the primary email address (with the @domain.tld part).
What makes this situation worse is that Sambar is now terminated. No more development. I suppose I have to move to Apache or IIS.

Apache justs seems too big.
IIS is MS and makes no sense from 1 version to the next.

In the end I may just have to get one of our infrastructure guys to do it and let them bother with it all (they have to support it anyway).

But waiting for them to do things is a nightmare and doing it ourselves means we know it is working as we want.

SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Thanks for the points.  Hope all is going well for you :)

Kevin
Ha. Sambar Server is now dead. Moving over to IIS, but may try and get Apache working instead.
Ahh, I see.  Good luck as either one of those are good services to work with.