[Freeipa-users] Primary mail address possible ?

Matt . yamakasi.014 at gmail.com
Sat Nov 22 00:12:31 UTC 2014 

HI Dimitri,

Thanks, but it seems following the kolab devs that if kolab cannot
determine the base dn, the other two do not matter.

So what would you change exactly ?

There might be need changed more.

I hope we can get this fixed !

Thanks,

Matt

2014-11-22 0:51 GMT+01:00 Dmitri Pal <dpal at redhat.com>:
> On 11/21/2014 06:42 PM, Matt . wrote:
>>
>> Hi Dimitri,
>>
>> All I can say about that is that it's configured and uses ldap this
>> this added to ldap:
>>
>> [root at kolab roundcubemail]# ldapsearch -x -h localhost -D
>> "cn=Directory Manager" -w Welcome2KolabSystems -b "cn=kolab,cn=config"
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <cn=kolab,cn=config> with scope subtree
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>>
>> # kolab, config
>> dn: cn=kolab,cn=config
>> objectClass: top
>> objectClass: extensibleobject
>> cn: kolab
>>
>> # example.org, kolab, config
>> dn: associateddomain=example.org,cn=kolab,cn=config
>> objectClass: top
>> objectClass: domainrelatedobject
>> objectClass: inetdomain
>> associatedDomain: example.org
>> associatedDomain: dc=internal,dc=local
>> inetDomainBaseDN: dc=internal,dc=local
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 3
>> # numEntries: 2
>>
>>
>> kolab_auth.inc.php
>>
>> <?php
>>
>>      // The id of the LDAP address book (which refers to the
>> rcmail_config['ldap_public'])
>>      // or complete addressbook definition array.
>>      $config['kolab_auth_addressbook'] = Array(
>>          'name'                      => 'Kolab Auth',
>>          'hosts'                     => Array('172.16.xx.xx'),
>>          'port'                      => 389,
>>          'use_tls'                   => false,
>>          'user_specific'             => false,
>>          'base_dn'                   => 'cn=accounts,dc=domain,dc=local',
>>          'bind_dn'                   =>
>> 'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
>>          'bind_pass'                 => 'xxxxxx',
>>          'writable'                  => false,
>>          'ldap_version'              => 3,       // using LDAPv3
>>          'fieldmap'                  => Array(
>>                  'name'              => 'displayname',
>>                  'email'             => 'mail',
>
>
> Here you can use uid instead of mail.
> Then user will be able to login into Kolab with a simple name instead of the
> longer mail.
> Then you would be able to put name at domain.tld into the mail attribute.
>
> It seems that Kolab assumes that mail is a single valued attribute in the
> directory while in general it is not the case.
> So the best would be to use come other attribute for login.
>
> HTH.
>
>>                  'email:alias'       => 'alias',
>>                  'role'              => 'nsroledn',
>>              ),
>>          'sort'                      => 'displayname',
>>          'scope'                     => 'sub',
>>          'filter'                    => '(objectClass=*)',
>>          'fuzzy_search'              => true,
>>          'sizelimit'                 => '0',
>>          'timelimit'                 => '0',
>>          'groups'                    => Array(
>>                  'base_dn'           => 'cn=groups,dc=domain,dc=local',
>>                  'filter'            =>
>> '(|(objectclass=groupofuniquenames)(objectclass=groupofurls))',
>>                  'object_classes'    => Array('top',
>> 'groupOfUniqueNames'),
>>                  'member_attr'       => 'uniqueMember',
>>              ),
>>      );
>>
>>
>>      // This will overwrite defined filter
>>      $config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' .
>> '(|(uid=%u)(mail=%fu)(alias=%fu)))';
>>
>>      // Use this fields (from fieldmap configuration) to get
>> authentication ID
>>      $config['kolab_auth_login'] = 'email';
>>
>>      // Use this fields (from fieldmap configuration) for default identity
>>      $config['kolab_auth_name']  = 'name';
>>      $config['kolab_auth_alias'] = 'alias';
>>      $config['kolab_auth_email'] = 'email';
>>
>>      if (preg_match('/\/helpdesk-login\//', $_SERVER["REQUEST_URI"]) ) {
>>
>>          // Login and password of the admin user. Enables "Login As"
>> feature.
>>          $config['kolab_auth_admin_login']    = 'admin';
>>          $config['kolab_auth_admin_password'] = 'xxxxxx';
>>
>>          $config['kolab_auth_auditlog'] = true;
>>      }
>>
>>      // Administrative role field (from fieldmap configuration) which
>> must be filled with
>>      // specified value which adds privilege to login as another user.
>>      $config['kolab_auth_role']       = 'role';
>>      $config['kolab_auth_role_value'] =
>> 'cn=kolab-admin,dc=domain,dc=local';
>>
>>      // Administrative group name to which user must be assigned to
>>      // which adds privilege to login as another user.
>>      $config['kolab_auth_group'] = 'Kolab Helpdesk';
>>
>>      if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
>> '/' . basename(__FILE__))) {
>>          include_once(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
>> '/' . basename(__FILE__));
>>      }
>>
>> ?>
>>
>> Does this help you some ?
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>

More information about the Freeipa-users mailing list