Print Page | Close Window

LDAP Authentication

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6622
Printed Date: 13 December 2017 at 2:23am


Topic: LDAP Authentication
Posted By: yapadu
Subject: LDAP Authentication
Date Posted: 01 March 2009 at 10:07pm
I am looking at using Open LDAP to support user authentication for SF.  The instructions on setting it up are a bit thin.

I see the search mask, which will locate the user (by email address?) but how does the password validation work?

How do we have to store the password in the LDAP server, what type of hash etc?



Replies:
Posted By: LogSat
Date Posted: 02 March 2009 at 10:54pm
yapadu,

In LDAP, you can search objects using various attributes, for example by uid or cn. SpamFilter by default will lookup a "username" in the sAMAccountName, the uid, and the UserPrincipalName attributes. The "username" is whatever you decide to use as a key to identify users in your LDAP installation. If you wish to use a different attribute, such as "mail" for example, you can just add:
(mail=%0:s)
to the list of attributes being searched by SpamFilter when performing the LDAP query.

Once SpamFilter locates the user (for which the credentials - username and password - are provided in the SMTP session) in LDAP, it will then try to authenticate such user with the above username/password on your LDAP server. If the authentication request is successful, the user is allowed to send mail.

There are no requirements in how passwords are stored in LDAP. You can use clear text, crypt, MD5, etc. There is no need to use reversible encryption, as SpamFilter is simply using the username/password provided in the SMTP session to attempt an authentication request to LDAP.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP



Print Page | Close Window