En/3.0/Directory Service (LDAP)

From Zentyal Linux Small Business Server
Jump to: navigation, search

Zentyal integrates OpenLDAP(3) as a directory service, with Samba(4) to implement the domain controller functionality of Windows and also file and printer sharing.


Configuration of an LDAP server with Zentyal

LDAP configuration options

Going to Users and Groups ‣ LDAP Settings you can check the current LDAP configuration and perform some adjustments related to the configuration of PAM authentication on the system.

In the upper part, you can see the LDAP Information:

LDAP configuration in Zentyal

Base DN:Base of the domain names in this server.

Root DN:Domain name of the server root.

Password:The password of other services and applications that want to use this LDAP server. If you want to configure a Zentyal server as a slave of this server, this is the password that will be used.

Users DN:Domain name of the users' directory.

Groups DN:Domain name of the groups' directory.

In the lower part you can establish some PAM settings

PAM Settings in Zentyal.

Enabling PAM, you will allow the users managed by Zentyal to also act as normal system users, making possible to start sessions in the server (for example SSH and SFTP).

In this section you also specify the default command interpreter for your users. This option is initially configured as nologin, blocking the users from starting sessions. Changing this options will not modify the existing users in the system, and will only be applied to the users created after the change.

Creating users and groups

You can create users by going to Users and Groups‣ Users menu and filling the following information:

Adding a user to Zentyal

User name:Name of the user on the system, it will be the name used in the authentication processes.

Name:Name of the user.

Surname:Surname of the user.

Comment:Additional information about the user.

Password:Password that will be used in the authentication processes. This information will have to be typed twice to avoid typing errors.

Group:Is possible to add the user to a group during the creation process.

From Users and Groups ‣ Users you can obtain a list of the users, edit or delete them.

List of users in Zentyal

While editing a user, you can change all the details, except the user name and the information that is associated with the installed Zentyal modules. These contain some specific configuration details assigned to users. You can also modify the list of groups that contain this user.

Editing a user

Editing a user you can:

  • Create an account for the jabber server.
  • Create an account for the filesharing or PDC with a personalised quota.
  • Create an e-mail account for the user and alias for it.
  • Assign a telephone extension for the user.
  • Enable or disable the user account for Zarafa and check if it has

administrator rights.

You can create a group from the Users and groups ‣ Groups menu. A group will be identified by its name, and can also contain a description.

Adding a group to Zentyal

Going to Users and groups ‣ Groups you can see all the existing groups, edit or delete them.

While you are editing a group, you can choose the users that belong to the group, and also the information associated with the modules in Zentyal that have some specific configuration associated with user groups.

Editing a group

Among other things, with users groups is possible to:

  • Have a directory shared between the members of the group.
  • Create an alias for a mail address that will forward to all the users of a group.
  • Assign access permissions of different groupware applications to the users of a group.

User's corner

User editable data

The user's data can only be modified by the Zentyal administrator, which can be inefficient when the number of users to be managed becomes too big. Administration tasks like changing the password of a user can be very time consuming. For this reason, you need the User's corner. This corner is a Zentyal service designed to allow the users to change their own data. This functionality has to be enabled like the rest of the modules. The user's corner is listening on another port different to other processes to enhance the system security.

Configure user's corner port

The user can access the User corner using the URL:

[https:/ https:/]/<Zentyal_ip>:<usercorner_port>/

Once the user enters his/her name and password, he/she can perform changes in his personal configuration. User's corner offers the following functionality:

  • Change the current password.
  • Configure the voice mail for the user.
  • Configure an external personal account to retrieve the mail and

synchronise it with the content of the mail server in Zentyal.

Change the current password in user's corner
Personal tools


Zentyal Wiki

Zentyal Doc