Univention Read-Only LDAP access


#1

Hi

I have a Xerox WorkCentre 7535 that can access an LDAP tree to retrieve staff’s email addresses so they won’t have to enter their entire address by hand every time they want to scan something… Under Zentyal 3.2,I could use the Read-only Root DN, the Read-only password and the Default Users DN information with the Xerox Machine to provide the e-mail addresses.

Where can I find the analogous information on Univention? I just need to retrieve staff mail addresses, nothing more.

Pic related, it’s the LDAP information pane on Zentyal.


#2

I do not exactly know what the Xerox does while trying an LDAP connect, but maybe the following link is helpful (it is a cool solution to connect an apache to UCS LDAP): http://wiki.univention.de/index.php?title=Cool_Solution_-_Connect_Apache_to_the_LDAP

For the readonly root DN you would need the “dn” of a user, that is allowed to access the ldap RO (same as in Zentyal). The path to the users depends on where they are in your environment. The LDAP rootdn is most likely “cn=admin,” but that also depends on your environment.


#3

Thank you for your quick reply.

I set up a user called xerox with the simple authentication account option enabled as hinted by the wiki page. However, it still gives me a logon failure error when trying to browse the LDAP tree (pic related).

What am I doing wrong? I am pretty new to LDAP and have, if any, only basic understanding of it (sorry).



#4

You can find additional information here: http://wiki.univention.de/index.php?title=Cool_Solution_-_LDAP_search_user

Try your search modified:

root@ucs-1380:~# ldapsearch -x -D uid=xerox,cn=users,$(/usr/sbin/ucr get ldap/base) -b $(/usr/sbin/ucr get ldap/base) -W uid=administrator dn

searches for the Administrator dn using the user xerox (assuming xerox is a simple auth user).


#5

Thanks again for the reply. Your suggestion works, however, only from localhost. Turns out that -H ldaps://localhost was the culprit, because, as soon as I try using SSL it apparently refuses the certificate.

I’ve copied the certificate to another machine and set the environment variable, but to no avail (pic related).

Any further hints?



#6

UPDATE: I figured it out. Turned out I was using the wrong port (389/636 instead of 7636/7389). Embarrassing, I know. Everything works just fine now. Thx for the help.