1 Topic by karanahujax

  • karanahujax
  • Member
  • Offline
  • Registered: 2015-03-21
  • Posts: 3

Topic: authentication for ssh via iredmail ldap directory

==== Required information ====
- iRedMail version: 0.9.0
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Linux/BSD distribution name and version: CentOS 7
- Related log if you're reporting an issue:
====

I have 2 local servers, on one (Server 1) I have the ldap server and iredmail up and running, and on the other (Server 2) I have directories for my various linux users. What I want is the user to authenticate via ssh to the Server 1's ldap and then connect to server 2's home directory which he is allocated. Is it possible? Please help.

example:  suppose I created admin user for mail.xxx.yyy  domain then how should I enable ssh for admin
           
ssh admin@mail.xxx.yyy to point to his home directory in Server 2.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,790

Re: authentication for ssh via iredmail ldap directory

Configure your SSH to authenticate against LDAP, then it should be fine.
On Linux, as i can remember, it's configured in PAM. Maybe there's a better way.

3 Reply by karanahujax

  • karanahujax
  • Member
  • Offline
  • Registered: 2015-03-21
  • Posts: 3

Re: authentication for ssh via iredmail ldap directory

Yes PAM would do nicely, so would SSSD but I am looking for something in which I have to do minimal client configuration and as I mentioned it has to connect to a home directory on another server, not the one which has LDAP.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,790

Re: authentication for ssh via iredmail ldap directory

karanahujax wrote:

but I am looking for something in which I have to do minimal client configuration and as I mentioned it has to connect to a home directory on another server, not the one which has LDAP.

You make me confused, looks like you didn't understand how ldap authentication works in your case.

LDAP server stores the ssh account info (e.g. login username, password, and path to home directory), when you login to server 2, ssh (on server 2) performs authentication against server 1's ldap server and fetch username/password and path to home directory.