General discussion on installation and configuration of SOGo

Text archives Help


Re: [SOGo] Samba4 & anonymous bind


Chronological Thread 
  • From: Davor Vusir < >
  • To:
  • Subject: Re: [SOGo] Samba4 & anonymous bind
  • Date: Tue, 31 Dec 2013 07:21:12 +0100

On 2013-12-30 18:30, Ben wrote:
Can Samba4 + SOGo be configured for anonymous bind? Looking at the documentation in http://www.sogo.nu/files/docs/SOGo%20Native%20Microsoft%20Outlook%20Configuration.pdf the proceedure is to set an admin password for samba4 and then configure SOGo's SOGoUserSouces to bind to this Administrator account for doing logins, etc.

I'd rather not store the domain password in plaintext in a file (chmod 600 for root, but still). Can SOGo be configured to do an anonymous bind (as I currently do against my own ldap server, not using samba4 or openchange) when using Samba4? If not, can I have it bind as some less privileged user than Administarator?

Thanks,

Ben

You needn't use an account with administrative rights to bind to Samba 4 AD DC (or Microsoft AD DS). It is a common misconception (or plain laziness) that an administrator account has to be used for this kind of operations. It is perfectly good with an account that is a member of the Domain Users group (ordinary domain user account). However, I don't know whether the password changing ability is affected. If so, make the bind user account member of the Account Operators group. That way you give the account sufficient rights to manipulate S4 ADDC-accounts but the Administrator account. And maintain some level of security.

Regards
Davor



Archive powered by MHonArc 2.6.18.

Top of page