[Freeipa-users] Primary mail address possible ?

Matt . yamakasi.014 at gmail.com
Fri Nov 21 23:42:50 UTC 2014 

Hi Dimitri,

All I can say about that is that it's configured and uses ldap this
this added to ldap:

[root at kolab roundcubemail]# ldapsearch -x -h localhost -D
"cn=Directory Manager" -w Welcome2KolabSystems -b "cn=kolab,cn=config"
# extended LDIF
#
# LDAPv3
# base <cn=kolab,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# kolab, config
dn: cn=kolab,cn=config
objectClass: top
objectClass: extensibleobject
cn: kolab

# example.org, kolab, config
dn: associateddomain=example.org,cn=kolab,cn=config
objectClass: top
objectClass: domainrelatedobject
objectClass: inetdomain
associatedDomain: example.org
associatedDomain: dc=internal,dc=local
inetDomainBaseDN: dc=internal,dc=local

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2


kolab_auth.inc.php

<?php

    // The id of the LDAP address book (which refers to the
rcmail_config['ldap_public'])
    // or complete addressbook definition array.
    $config['kolab_auth_addressbook'] = Array(
        'name'                      => 'Kolab Auth',
        'hosts'                     => Array('172.16.xx.xx'),
        'port'                      => 389,
        'use_tls'                   => false,
        'user_specific'             => false,
        'base_dn'                   => 'cn=accounts,dc=domain,dc=local',
        'bind_dn'                   =>
'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
        'bind_pass'                 => 'xxxxxx',
        'writable'                  => false,
        'ldap_version'              => 3,       // using LDAPv3
        'fieldmap'                  => Array(
                'name'              => 'displayname',
                'email'             => 'mail',
                'email:alias'       => 'alias',
                'role'              => 'nsroledn',
            ),
        'sort'                      => 'displayname',
        'scope'                     => 'sub',
        'filter'                    => '(objectClass=*)',
        'fuzzy_search'              => true,
        'sizelimit'                 => '0',
        'timelimit'                 => '0',
        'groups'                    => Array(
                'base_dn'           => 'cn=groups,dc=domain,dc=local',
                'filter'            =>
'(|(objectclass=groupofuniquenames)(objectclass=groupofurls))',
                'object_classes'    => Array('top', 'groupOfUniqueNames'),
                'member_attr'       => 'uniqueMember',
            ),
    );


    // This will overwrite defined filter
    $config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' .
'(|(uid=%u)(mail=%fu)(alias=%fu)))';

    // Use this fields (from fieldmap configuration) to get authentication ID
    $config['kolab_auth_login'] = 'email';

    // Use this fields (from fieldmap configuration) for default identity
    $config['kolab_auth_name']  = 'name';
    $config['kolab_auth_alias'] = 'alias';
    $config['kolab_auth_email'] = 'email';

    if (preg_match('/\/helpdesk-login\//', $_SERVER["REQUEST_URI"]) ) {

        // Login and password of the admin user. Enables "Login As" feature.
        $config['kolab_auth_admin_login']    = 'admin';
        $config['kolab_auth_admin_password'] = 'xxxxxx';

        $config['kolab_auth_auditlog'] = true;
    }

    // Administrative role field (from fieldmap configuration) which
must be filled with
    // specified value which adds privilege to login as another user.
    $config['kolab_auth_role']       = 'role';
    $config['kolab_auth_role_value'] = 'cn=kolab-admin,dc=domain,dc=local';

    // Administrative group name to which user must be assigned to
    // which adds privilege to login as another user.
    $config['kolab_auth_group'] = 'Kolab Helpdesk';

    if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
'/' . basename(__FILE__))) {
        include_once(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
'/' . basename(__FILE__));
    }

?>

Does this help you some ?




2014-11-22 0:31 GMT+01:00 Dmitri Pal <dpal at redhat.com>:
> On 11/21/2014 06:04 PM, Matt . wrote:
>>
>> Hi Dimitri,
>>
>> What do you mean by how ? Can you be more specific what you want to know ?
>
>
> How Kolab is connecting to IPA?
> LDAP ? Kerberos? Direcly from Kolab? Using SSO? Using SSSD and Apache module
> integration like this http://www.freeipa.org/page/Web_App_Authentication?
> In some other way?
>
> What is the configuration?
>
> How the second mail addressed is supposed to be used?
> What are the applications that need to see/access it?
> How are they configured? LDAP? SSSD?
>
>
>
>>
>>
>>
>> 2014-11-21 23:42 GMT+01:00 Dmitri Pal <dpal at redhat.com>:
>>>
>>> On 11/20/2014 09:15 PM, Matt . wrote:
>>>>
>>>> Hi Guys,
>>>>
>>>> For authenticating a user in Kolab I need uid at sub.domain.local as
>>>> emailaddress, but as my user needs also name at domain.tld I need to add
>>>> this as extra mail address.
>>>
>>>
>>> User needs it where?
>>> How Kolab integration is configured?
>>>
>>>> When I add this second email address I cannot login to Kolab anymore
>>>> as it will use user at domain.tld in the kolab logs. When I remove it it
>>>> can login again.
>>>>
>>>> Removing uid at sub.domain.local and only having name at domain.tld doesn't
>>>> work either.
>>>>
>>>> Anyone an idea how I can set uid at sub.domain.local bind a primary ?
>>>>
>>>> Cheers,
>>>>
>>>> Matt
>>>>
>>> --
>>> Thank you,
>>> Dmitri Pal
>>>
>>> Sr. Engineering Manager IdM portfolio
>>> Red Hat, Inc.
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go To http://freeipa.org for more info on the project
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>

More information about the Freeipa-users mailing list