I’ve been running my nextcloud instance for quite some years now, and I finally decided to change its authentication from LDAP to SAML for a better single sign on experience. By using keycloak as IdP there’ll also be an option to enable multi factor authentication (MFA) for all connected applications at once. Where I come […]
Category: LDAP
The main challenge to do so, is to make this change permanent (as the OPNsense web frontend does not support that kind of config modification). So here’s a short wrap up of the things required: Now edit custom.users: Rebuild the template files and restart freeradius: And the tests results look like this: In my case […]
…or to be exact: the Samba version of it 🙂 So as an Open Source guy I obviously don’t run a Microsoft Active Directory. However since Samba version 4 this software does not only support file and print services, it also can act as an Active Directory. And guess what: That’s what I do. Unfortunately […]
While playing around with Apache web server authentication I was wondering: Is it possible to authenticate Apache against LDAP without requiring a proxy account to do the queries? At first glance this seems to require an LDAP server that allows anonymous bind and read access, however there’s another way: If a regular user (of the […]