Jump to content
CG

LDAP, SSL, and eDirectory?

Recommended Posts

I'd like to setup Plastic to use LDAP authentication with SSL, connecting to Novell's eDirectory. There seem to be several issues with this.

First, I can't seem to get Plastic to connect using SSL to any LDAP (tried both the LDAP interface to Active Directory as well as eDirectory). Are SSL connections not supported? Trying to bind to LDAP while sending credentials information across the network unencrypted simply won't work anywhere where security is a priority.

Second, it seems that Plastic's implementation of "pure" LDAP is maybe lacking? I'm not sure. Does plastic truly support LDAP, or just the LDAP interface to Active Directory? On the configuration wizard for LDAP, I enter the host and domain for the eDirectory server. I then have tried several different ways of specifying the user, all to no avail. My normal user id in order to bind would be fully qualified, such as "uid=username,ou=orgunit,dc=subdomain,dc=topleveldomain". There simply seems no way for me to be able to get the "Test Connection" button to work. The response it gives is unhelpful, telling me the username, password, or domain is incorrect. I know the user and password are correct because I can bind using those credentials through an LDAP explorer. The thing I'm not so sure about is the domain. I've tried several different strings in that box, all to no avail. I've tried the host name, the "subdmian.topdomain", the "dc=subdomain,dc=topdomain" syntax, I even tried including the ou in that as well, all to no avail.

What am I missing here?

1) Does Plastic support connecting to LDAP over SSL?

2) Does Plastic support connecting to Novell's eDirectory? If so, how does one go about doing that? I have no problems connecting using other tools.

As an aside...would the developers of Plastic ever consider adding a plugin/extension capability for authentication? Many other unrelated products (such as Jira) do this, just defining an interface and allowing customer to implement their own mechanism. It would be nice, for example, to simply write a quick and dirty plugin that just forwards the credentials specified to our federated SSO provider.

Share this post


Link to post
Share on other sites

Hello CG,

right now the SSL support is not ready but we will try to have it soon since it seems than the change is not very big.

I'll try to get it running this week, I'll keep you inform.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...