[Freeipa-users] Primary mail address possible ?
Dmitri Pal
dpal at redhat.com
Fri Nov 21 23:51:25 UTC 2014
On 11/21/2014 06:42 PM, Matt . wrote:
> Hi Dimitri,
>
> All I can say about that is that it's configured and uses ldap this
> this added to ldap:
>
> [root at kolab roundcubemail]# ldapsearch -x -h localhost -D
> "cn=Directory Manager" -w Welcome2KolabSystems -b "cn=kolab,cn=config"
> # extended LDIF
> #
> # LDAPv3
> # base <cn=kolab,cn=config> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # kolab, config
> dn: cn=kolab,cn=config
> objectClass: top
> objectClass: extensibleobject
> cn: kolab
>
> # example.org, kolab, config
> dn: associateddomain=example.org,cn=kolab,cn=config
> objectClass: top
> objectClass: domainrelatedobject
> objectClass: inetdomain
> associatedDomain: example.org
> associatedDomain: dc=internal,dc=local
> inetDomainBaseDN: dc=internal,dc=local
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 3
> # numEntries: 2
>
>
> kolab_auth.inc.php
>
> <?php
>
> // The id of the LDAP address book (which refers to the
> rcmail_config['ldap_public'])
> // or complete addressbook definition array.
> $config['kolab_auth_addressbook'] = Array(
> 'name' => 'Kolab Auth',
> 'hosts' => Array('172.16.xx.xx'),
> 'port' => 389,
> 'use_tls' => false,
> 'user_specific' => false,
> 'base_dn' => 'cn=accounts,dc=domain,dc=local',
> 'bind_dn' =>
> 'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
> 'bind_pass' => 'xxxxxx',
> 'writable' => false,
> 'ldap_version' => 3, // using LDAPv3
> 'fieldmap' => Array(
> 'name' => 'displayname',
> 'email' => 'mail',
Here you can use uid instead of mail.
Then user will be able to login into Kolab with a simple name instead of
the longer mail.
Then you would be able to put name at domain.tld into the mail attribute.
It seems that Kolab assumes that mail is a single valued attribute in
the directory while in general it is not the case.
So the best would be to use come other attribute for login.
HTH.
> 'email:alias' => 'alias',
> 'role' => 'nsroledn',
> ),
> 'sort' => 'displayname',
> 'scope' => 'sub',
> 'filter' => '(objectClass=*)',
> 'fuzzy_search' => true,
> 'sizelimit' => '0',
> 'timelimit' => '0',
> 'groups' => Array(
> 'base_dn' => 'cn=groups,dc=domain,dc=local',
> 'filter' =>
> '(|(objectclass=groupofuniquenames)(objectclass=groupofurls))',
> 'object_classes' => Array('top', 'groupOfUniqueNames'),
> 'member_attr' => 'uniqueMember',
> ),
> );
>
>
> // This will overwrite defined filter
> $config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' .
> '(|(uid=%u)(mail=%fu)(alias=%fu)))';
>
> // Use this fields (from fieldmap configuration) to get authentication ID
> $config['kolab_auth_login'] = 'email';
>
> // Use this fields (from fieldmap configuration) for default identity
> $config['kolab_auth_name'] = 'name';
> $config['kolab_auth_alias'] = 'alias';
> $config['kolab_auth_email'] = 'email';
>
> if (preg_match('/\/helpdesk-login\//', $_SERVER["REQUEST_URI"]) ) {
>
> // Login and password of the admin user. Enables "Login As" feature.
> $config['kolab_auth_admin_login'] = 'admin';
> $config['kolab_auth_admin_password'] = 'xxxxxx';
>
> $config['kolab_auth_auditlog'] = true;
> }
>
> // Administrative role field (from fieldmap configuration) which
> must be filled with
> // specified value which adds privilege to login as another user.
> $config['kolab_auth_role'] = 'role';
> $config['kolab_auth_role_value'] = 'cn=kolab-admin,dc=domain,dc=local';
>
> // Administrative group name to which user must be assigned to
> // which adds privilege to login as another user.
> $config['kolab_auth_group'] = 'Kolab Helpdesk';
>
> if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
> '/' . basename(__FILE__))) {
> include_once(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
> '/' . basename(__FILE__));
> }
>
> ?>
>
> Does this help you some ?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list