[Freeipa-users] Primary mail address possible ?
Dmitri Pal
dpal at redhat.com
Sat Nov 22 01:14:42 UTC 2014
On 11/21/2014 07:57 PM, Matt . wrote:
> I need to say, saslauth caches it, didn't restart that one actually as
> it's kinda late!
So when you restarted did it work or still no luck?
>
> 2014-11-22 1:55 GMT+01:00 Matt . <yamakasi.014 at gmail.com>:
>> HI,
>>
>> Yes and that doesn't let me login... that's the issue.
>>
>> 2014-11-22 1:45 GMT+01:00 Dmitri Pal <dpal at redhat.com>:
>>> On 11/21/2014 07:12 PM, Matt . wrote:
>>>> HI Dimitri,
>>>>
>>>> Thanks, but it seems following the kolab devs that if kolab cannot
>>>> determine the base dn, the other two do not matter.
>>>>
>>>> So what would you change exactly ?
>>>
>>> I assume you use IPA as an LDAP server.
>>> In the Kolab config I would change
>>>
>>> 'email' => 'mail',
>>>
>>> to
>>>
>>> 'email' => 'uid',
>>>
>>>
>>> In IPA I would use "name" in the uid and name at domain in email (as IPA
>>> creates) by default.
>>> and then try to log into Kolab using name.
>>>
>>> So for me it would look like this:
>>>
>>> In ipa:
>>> uid: dpal
>>> mail: dpal at mydomain.com
>>>
>>>
>>>> There might be need changed more.
>>>>
>>>> I hope we can get this fixed !
>>>>
>>>> Thanks,
>>>>
>>>> Matt
>>>>
>>>> 2014-11-22 0:51 GMT+01:00 Dmitri Pal <dpal at redhat.com>:
>>>>> On 11/21/2014 06:42 PM, Matt . wrote:
>>>>>> Hi Dimitri,
>>>>>>
>>>>>> All I can say about that is that it's configured and uses ldap this
>>>>>> this added to ldap:
>>>>>>
>>>>>> [root at kolab roundcubemail]# ldapsearch -x -h localhost -D
>>>>>> "cn=Directory Manager" -w Welcome2KolabSystems -b "cn=kolab,cn=config"
>>>>>> # extended LDIF
>>>>>> #
>>>>>> # LDAPv3
>>>>>> # base <cn=kolab,cn=config> with scope subtree
>>>>>> # filter: (objectclass=*)
>>>>>> # requesting: ALL
>>>>>> #
>>>>>>
>>>>>> # kolab, config
>>>>>> dn: cn=kolab,cn=config
>>>>>> objectClass: top
>>>>>> objectClass: extensibleobject
>>>>>> cn: kolab
>>>>>>
>>>>>> # example.org, kolab, config
>>>>>> dn: associateddomain=example.org,cn=kolab,cn=config
>>>>>> objectClass: top
>>>>>> objectClass: domainrelatedobject
>>>>>> objectClass: inetdomain
>>>>>> associatedDomain: example.org
>>>>>> associatedDomain: dc=internal,dc=local
>>>>>> inetDomainBaseDN: dc=internal,dc=local
>>>>>>
>>>>>> # search result
>>>>>> search: 2
>>>>>> result: 0 Success
>>>>>>
>>>>>> # numResponses: 3
>>>>>> # numEntries: 2
>>>>>>
>>>>>>
>>>>>> kolab_auth.inc.php
>>>>>>
>>>>>> <?php
>>>>>>
>>>>>> // The id of the LDAP address book (which refers to the
>>>>>> rcmail_config['ldap_public'])
>>>>>> // or complete addressbook definition array.
>>>>>> $config['kolab_auth_addressbook'] = Array(
>>>>>> 'name' => 'Kolab Auth',
>>>>>> 'hosts' => Array('172.16.xx.xx'),
>>>>>> 'port' => 389,
>>>>>> 'use_tls' => false,
>>>>>> 'user_specific' => false,
>>>>>> 'base_dn' =>
>>>>>> 'cn=accounts,dc=domain,dc=local',
>>>>>> 'bind_dn' =>
>>>>>> 'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
>>>>>> 'bind_pass' => 'xxxxxx',
>>>>>> 'writable' => false,
>>>>>> 'ldap_version' => 3, // using LDAPv3
>>>>>> 'fieldmap' => Array(
>>>>>> 'name' => 'displayname',
>>>>>> 'email' => 'mail',
>>>>>
>>>>> Here you can use uid instead of mail.
>>>>> Then user will be able to login into Kolab with a simple name instead of
>>>>> the
>>>>> longer mail.
>>>>> Then you would be able to put name at domain.tld into the mail attribute.
>>>>>
>>>>> It seems that Kolab assumes that mail is a single valued attribute in the
>>>>> directory while in general it is not the case.
>>>>> So the best would be to use come other attribute for login.
>>>>>
>>>>> HTH.
>>>>>
>>>>>> 'email:alias' => 'alias',
>>>>>> 'role' => 'nsroledn',
>>>>>> ),
>>>>>> 'sort' => 'displayname',
>>>>>> 'scope' => 'sub',
>>>>>> 'filter' => '(objectClass=*)',
>>>>>> 'fuzzy_search' => true,
>>>>>> 'sizelimit' => '0',
>>>>>> 'timelimit' => '0',
>>>>>> 'groups' => Array(
>>>>>> 'base_dn' => 'cn=groups,dc=domain,dc=local',
>>>>>> 'filter' =>
>>>>>> '(|(objectclass=groupofuniquenames)(objectclass=groupofurls))',
>>>>>> 'object_classes' => Array('top',
>>>>>> 'groupOfUniqueNames'),
>>>>>> 'member_attr' => 'uniqueMember',
>>>>>> ),
>>>>>> );
>>>>>>
>>>>>>
>>>>>> // This will overwrite defined filter
>>>>>> $config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' .
>>>>>> '(|(uid=%u)(mail=%fu)(alias=%fu)))';
>>>>>>
>>>>>> // Use this fields (from fieldmap configuration) to get
>>>>>> authentication ID
>>>>>> $config['kolab_auth_login'] = 'email';
>>>>>>
>>>>>> // Use this fields (from fieldmap configuration) for default
>>>>>> identity
>>>>>> $config['kolab_auth_name'] = 'name';
>>>>>> $config['kolab_auth_alias'] = 'alias';
>>>>>> $config['kolab_auth_email'] = 'email';
>>>>>>
>>>>>> if (preg_match('/\/helpdesk-login\//', $_SERVER["REQUEST_URI"]) )
>>>>>> {
>>>>>>
>>>>>> // Login and password of the admin user. Enables "Login As"
>>>>>> feature.
>>>>>> $config['kolab_auth_admin_login'] = 'admin';
>>>>>> $config['kolab_auth_admin_password'] = 'xxxxxx';
>>>>>>
>>>>>> $config['kolab_auth_auditlog'] = true;
>>>>>> }
>>>>>>
>>>>>> // Administrative role field (from fieldmap configuration) which
>>>>>> must be filled with
>>>>>> // specified value which adds privilege to login as another user.
>>>>>> $config['kolab_auth_role'] = 'role';
>>>>>> $config['kolab_auth_role_value'] =
>>>>>> 'cn=kolab-admin,dc=domain,dc=local';
>>>>>>
>>>>>> // Administrative group name to which user must be assigned to
>>>>>> // which adds privilege to login as another user.
>>>>>> $config['kolab_auth_group'] = 'Kolab Helpdesk';
>>>>>>
>>>>>> if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
>>>>>> '/' . basename(__FILE__))) {
>>>>>> include_once(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
>>>>>> '/' . basename(__FILE__));
>>>>>> }
>>>>>>
>>>>>> ?>
>>>>>>
>>>>>> Does this help you some ?
>>>>>
>>>>>
>>>>> --
>>>>> Thank you,
>>>>> Dmitri Pal
>>>>>
>>>>> Sr. Engineering Manager IdM portfolio
>>>>> Red Hat, Inc.
>>>>>
>>>
>>> --
>>> Thank you,
>>> Dmitri Pal
>>>
>>> Sr. Engineering Manager IdM portfolio
>>> Red Hat, Inc.
>>>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list