[Freeipa-users] Primary mail address possible ?

Sat Nov 22 00:45:15 UTC 2014

On 11/21/2014 07:12 PM, Matt . wrote:
> HI Dimitri,
>
> Thanks, but it seems following the kolab devs that if kolab cannot
> determine the base dn, the other two do not matter.
>
> So what would you change exactly ?

I assume you use IPA as an LDAP server.
In the Kolab config I would change

                  'email'             => 'mail',

to

                  'email'             => 'uid',

In IPA I would use "name" in the uid and name at domain in email (as IPA 
creates) by default.
and then try to log into Kolab using name.

So for me it would look like this:

In ipa:
uid: dpal
mail: dpal at mydomain.com

>
> There might be need changed more.
>
> I hope we can get this fixed !
>
> Thanks,
>
> Matt
>
> 2014-11-22 0:51 GMT+01:00 Dmitri Pal <dpal at redhat.com>:
>> On 11/21/2014 06:42 PM, Matt . wrote:
>>> Hi Dimitri,
>>>
>>> All I can say about that is that it's configured and uses ldap this
>>> this added to ldap:
>>>
>>> [root at kolab roundcubemail]# ldapsearch -x -h localhost -D
>>> "cn=Directory Manager" -w Welcome2KolabSystems -b "cn=kolab,cn=config"
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <cn=kolab,cn=config> with scope subtree
>>> # filter: (objectclass=*)
>>> # requesting: ALL
>>> #
>>>
>>> # kolab, config
>>> dn: cn=kolab,cn=config
>>> objectClass: top
>>> objectClass: extensibleobject
>>> cn: kolab
>>>
>>> # example.org, kolab, config
>>> dn: associateddomain=example.org,cn=kolab,cn=config
>>> objectClass: top
>>> objectClass: domainrelatedobject
>>> objectClass: inetdomain
>>> associatedDomain: example.org
>>> associatedDomain: dc=internal,dc=local
>>> inetDomainBaseDN: dc=internal,dc=local
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> # numResponses: 3
>>> # numEntries: 2
>>>
>>>
>>> kolab_auth.inc.php
>>>
>>> <?php
>>>
>>>       // The id of the LDAP address book (which refers to the
>>> rcmail_config['ldap_public'])
>>>       // or complete addressbook definition array.
>>>       $config['kolab_auth_addressbook'] = Array(
>>>           'name'                      => 'Kolab Auth',
>>>           'hosts'                     => Array('172.16.xx.xx'),
>>>           'port'                      => 389,
>>>           'use_tls'                   => false,
>>>           'user_specific'             => false,
>>>           'base_dn'                   => 'cn=accounts,dc=domain,dc=local',
>>>           'bind_dn'                   =>
>>> 'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
>>>           'bind_pass'                 => 'xxxxxx',
>>>           'writable'                  => false,
>>>           'ldap_version'              => 3,       // using LDAPv3
>>>           'fieldmap'                  => Array(
>>>                   'name'              => 'displayname',
>>>                   'email'             => 'mail',
>>
>> Here you can use uid instead of mail.
>> Then user will be able to login into Kolab with a simple name instead of the
>> longer mail.
>> Then you would be able to put name at domain.tld into the mail attribute.
>>
>> It seems that Kolab assumes that mail is a single valued attribute in the
>> directory while in general it is not the case.
>> So the best would be to use come other attribute for login.
>>
>> HTH.
>>
>>>                   'email:alias'       => 'alias',
>>>                   'role'              => 'nsroledn',
>>>               ),
>>>           'sort'                      => 'displayname',
>>>           'scope'                     => 'sub',
>>>           'filter'                    => '(objectClass=*)',
>>>           'fuzzy_search'              => true,
>>>           'sizelimit'                 => '0',
>>>           'timelimit'                 => '0',
>>>           'groups'                    => Array(
>>>                   'base_dn'           => 'cn=groups,dc=domain,dc=local',
>>>                   'filter'            =>
>>> '(|(objectclass=groupofuniquenames)(objectclass=groupofurls))',
>>>                   'object_classes'    => Array('top',
>>> 'groupOfUniqueNames'),
>>>                   'member_attr'       => 'uniqueMember',
>>>               ),
>>>       );
>>>
>>>
>>>       // This will overwrite defined filter
>>>       $config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' .
>>> '(|(uid=%u)(mail=%fu)(alias=%fu)))';
>>>
>>>       // Use this fields (from fieldmap configuration) to get
>>> authentication ID
>>>       $config['kolab_auth_login'] = 'email';
>>>
>>>       // Use this fields (from fieldmap configuration) for default identity
>>>       $config['kolab_auth_name']  = 'name';
>>>       $config['kolab_auth_alias'] = 'alias';
>>>       $config['kolab_auth_email'] = 'email';
>>>
>>>       if (preg_match('/\/helpdesk-login\//', $_SERVER["REQUEST_URI"]) ) {
>>>
>>>           // Login and password of the admin user. Enables "Login As"
>>> feature.
>>>           $config['kolab_auth_admin_login']    = 'admin';
>>>           $config['kolab_auth_admin_password'] = 'xxxxxx';
>>>
>>>           $config['kolab_auth_auditlog'] = true;
>>>       }
>>>
>>>       // Administrative role field (from fieldmap configuration) which
>>> must be filled with
>>>       // specified value which adds privilege to login as another user.
>>>       $config['kolab_auth_role']       = 'role';
>>>       $config['kolab_auth_role_value'] =
>>> 'cn=kolab-admin,dc=domain,dc=local';
>>>
>>>       // Administrative group name to which user must be assigned to
>>>       // which adds privilege to login as another user.
>>>       $config['kolab_auth_group'] = 'Kolab Helpdesk';
>>>
>>>       if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
>>> '/' . basename(__FILE__))) {
>>>           include_once(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
>>> '/' . basename(__FILE__));
>>>       }
>>>
>>> ?>
>>>
>>> Does this help you some ?
>>
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>>

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.