[Freeipa-users] Primary mail address possible ?
Matt .
yamakasi.014 at gmail.com
Sat Nov 22 00:57:57 UTC 2014
I need to say, saslauth caches it, didn't restart that one actually as
it's kinda late!
2014-11-22 1:55 GMT+01:00 Matt . <yamakasi.014 at gmail.com>:
> HI,
>
> Yes and that doesn't let me login... that's the issue.
>
> 2014-11-22 1:45 GMT+01:00 Dmitri Pal <dpal at redhat.com>:
>> On 11/21/2014 07:12 PM, Matt . wrote:
>>>
>>> HI Dimitri,
>>>
>>> Thanks, but it seems following the kolab devs that if kolab cannot
>>> determine the base dn, the other two do not matter.
>>>
>>> So what would you change exactly ?
>>
>>
>> I assume you use IPA as an LDAP server.
>> In the Kolab config I would change
>>
>> 'email' => 'mail',
>>
>> to
>>
>> 'email' => 'uid',
>>
>>
>> In IPA I would use "name" in the uid and name at domain in email (as IPA
>> creates) by default.
>> and then try to log into Kolab using name.
>>
>> So for me it would look like this:
>>
>> In ipa:
>> uid: dpal
>> mail: dpal at mydomain.com
>>
>>
>>>
>>> There might be need changed more.
>>>
>>> I hope we can get this fixed !
>>>
>>> Thanks,
>>>
>>> Matt
>>>
>>> 2014-11-22 0:51 GMT+01:00 Dmitri Pal <dpal at redhat.com>:
>>>>
>>>> On 11/21/2014 06:42 PM, Matt . wrote:
>>>>>
>>>>> Hi Dimitri,
>>>>>
>>>>> All I can say about that is that it's configured and uses ldap this
>>>>> this added to ldap:
>>>>>
>>>>> [root at kolab roundcubemail]# ldapsearch -x -h localhost -D
>>>>> "cn=Directory Manager" -w Welcome2KolabSystems -b "cn=kolab,cn=config"
>>>>> # extended LDIF
>>>>> #
>>>>> # LDAPv3
>>>>> # base <cn=kolab,cn=config> with scope subtree
>>>>> # filter: (objectclass=*)
>>>>> # requesting: ALL
>>>>> #
>>>>>
>>>>> # kolab, config
>>>>> dn: cn=kolab,cn=config
>>>>> objectClass: top
>>>>> objectClass: extensibleobject
>>>>> cn: kolab
>>>>>
>>>>> # example.org, kolab, config
>>>>> dn: associateddomain=example.org,cn=kolab,cn=config
>>>>> objectClass: top
>>>>> objectClass: domainrelatedobject
>>>>> objectClass: inetdomain
>>>>> associatedDomain: example.org
>>>>> associatedDomain: dc=internal,dc=local
>>>>> inetDomainBaseDN: dc=internal,dc=local
>>>>>
>>>>> # search result
>>>>> search: 2
>>>>> result: 0 Success
>>>>>
>>>>> # numResponses: 3
>>>>> # numEntries: 2
>>>>>
>>>>>
>>>>> kolab_auth.inc.php
>>>>>
>>>>> <?php
>>>>>
>>>>> // The id of the LDAP address book (which refers to the
>>>>> rcmail_config['ldap_public'])
>>>>> // or complete addressbook definition array.
>>>>> $config['kolab_auth_addressbook'] = Array(
>>>>> 'name' => 'Kolab Auth',
>>>>> 'hosts' => Array('172.16.xx.xx'),
>>>>> 'port' => 389,
>>>>> 'use_tls' => false,
>>>>> 'user_specific' => false,
>>>>> 'base_dn' =>
>>>>> 'cn=accounts,dc=domain,dc=local',
>>>>> 'bind_dn' =>
>>>>> 'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
>>>>> 'bind_pass' => 'xxxxxx',
>>>>> 'writable' => false,
>>>>> 'ldap_version' => 3, // using LDAPv3
>>>>> 'fieldmap' => Array(
>>>>> 'name' => 'displayname',
>>>>> 'email' => 'mail',
>>>>
>>>>
>>>> Here you can use uid instead of mail.
>>>> Then user will be able to login into Kolab with a simple name instead of
>>>> the
>>>> longer mail.
>>>> Then you would be able to put name at domain.tld into the mail attribute.
>>>>
>>>> It seems that Kolab assumes that mail is a single valued attribute in the
>>>> directory while in general it is not the case.
>>>> So the best would be to use come other attribute for login.
>>>>
>>>> HTH.
>>>>
>>>>> 'email:alias' => 'alias',
>>>>> 'role' => 'nsroledn',
>>>>> ),
>>>>> 'sort' => 'displayname',
>>>>> 'scope' => 'sub',
>>>>> 'filter' => '(objectClass=*)',
>>>>> 'fuzzy_search' => true,
>>>>> 'sizelimit' => '0',
>>>>> 'timelimit' => '0',
>>>>> 'groups' => Array(
>>>>> 'base_dn' => 'cn=groups,dc=domain,dc=local',
>>>>> 'filter' =>
>>>>> '(|(objectclass=groupofuniquenames)(objectclass=groupofurls))',
>>>>> 'object_classes' => Array('top',
>>>>> 'groupOfUniqueNames'),
>>>>> 'member_attr' => 'uniqueMember',
>>>>> ),
>>>>> );
>>>>>
>>>>>
>>>>> // This will overwrite defined filter
>>>>> $config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' .
>>>>> '(|(uid=%u)(mail=%fu)(alias=%fu)))';
>>>>>
>>>>> // Use this fields (from fieldmap configuration) to get
>>>>> authentication ID
>>>>> $config['kolab_auth_login'] = 'email';
>>>>>
>>>>> // Use this fields (from fieldmap configuration) for default
>>>>> identity
>>>>> $config['kolab_auth_name'] = 'name';
>>>>> $config['kolab_auth_alias'] = 'alias';
>>>>> $config['kolab_auth_email'] = 'email';
>>>>>
>>>>> if (preg_match('/\/helpdesk-login\//', $_SERVER["REQUEST_URI"]) )
>>>>> {
>>>>>
>>>>> // Login and password of the admin user. Enables "Login As"
>>>>> feature.
>>>>> $config['kolab_auth_admin_login'] = 'admin';
>>>>> $config['kolab_auth_admin_password'] = 'xxxxxx';
>>>>>
>>>>> $config['kolab_auth_auditlog'] = true;
>>>>> }
>>>>>
>>>>> // Administrative role field (from fieldmap configuration) which
>>>>> must be filled with
>>>>> // specified value which adds privilege to login as another user.
>>>>> $config['kolab_auth_role'] = 'role';
>>>>> $config['kolab_auth_role_value'] =
>>>>> 'cn=kolab-admin,dc=domain,dc=local';
>>>>>
>>>>> // Administrative group name to which user must be assigned to
>>>>> // which adds privilege to login as another user.
>>>>> $config['kolab_auth_group'] = 'Kolab Helpdesk';
>>>>>
>>>>> if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
>>>>> '/' . basename(__FILE__))) {
>>>>> include_once(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
>>>>> '/' . basename(__FILE__));
>>>>> }
>>>>>
>>>>> ?>
>>>>>
>>>>> Does this help you some ?
>>>>
>>>>
>>>>
>>>> --
>>>> Thank you,
>>>> Dmitri Pal
>>>>
>>>> Sr. Engineering Manager IdM portfolio
>>>> Red Hat, Inc.
>>>>
>>
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>>
More information about the Freeipa-users
mailing list