[Freeipa-users] Primary mail address possible ?
Matt .
yamakasi.014 at gmail.com
Sat Nov 22 01:36:39 UTC 2014
Hi,
OK got it working by changing the mailadres to uid at domain.tld
Actually no IPA question, but you might know, my email is not
delivered in one file /var/mail/uid instead of the maildir format it
should do.
At least it arrives well! Thanks
2014-11-22 2:23 GMT+01:00 Matt . <yamakasi.014 at gmail.com>:
> Hi that wasn't quite clear from me, yes I can login thanks for that!
>
> But now I get an error on the associated domain:
>
> postmap: dict_ldap_connect: Cached connection handle for LDAP source
> /etc/postfix/ldap/mydestination.cf
> postmap: dict_ldap_lookup: /etc/postfix/ldap/mydestination.cf:
> Searching with filter (&(associatedDomain=user at domain.tld))
> postmap: dict_ldap_get_values[1]: Search found 0 match(es)
> postmap: dict_ldap_get_values[1]: Leaving dict_ldap_get_values
> postmap: dict_ldap_lookup: Search returned nothing
> postmap: dict_ldap_close: Closed connection handle for LDAP source
> /etc/postfix/ldap/mydestination.cf
>
> But when I do a postmap check on this cf with domain.tld that gives a
> match, as it should...
>
> So that might need some modification ?
>
> 2014-11-22 2:14 GMT+01:00 Dmitri Pal <dpal at redhat.com>:
>> On 11/21/2014 07:57 PM, Matt . wrote:
>>>
>>> I need to say, saslauth caches it, didn't restart that one actually as
>>> it's kinda late!
>>
>>
>> So when you restarted did it work or still no luck?
>>
>>
>>>
>>> 2014-11-22 1:55 GMT+01:00 Matt . <yamakasi.014 at gmail.com>:
>>>>
>>>> HI,
>>>>
>>>> Yes and that doesn't let me login... that's the issue.
>>>>
>>>> 2014-11-22 1:45 GMT+01:00 Dmitri Pal <dpal at redhat.com>:
>>>>>
>>>>> On 11/21/2014 07:12 PM, Matt . wrote:
>>>>>>
>>>>>> HI Dimitri,
>>>>>>
>>>>>> Thanks, but it seems following the kolab devs that if kolab cannot
>>>>>> determine the base dn, the other two do not matter.
>>>>>>
>>>>>> So what would you change exactly ?
>>>>>
>>>>>
>>>>> I assume you use IPA as an LDAP server.
>>>>> In the Kolab config I would change
>>>>>
>>>>> 'email' => 'mail',
>>>>>
>>>>> to
>>>>>
>>>>> 'email' => 'uid',
>>>>>
>>>>>
>>>>> In IPA I would use "name" in the uid and name at domain in email (as IPA
>>>>> creates) by default.
>>>>> and then try to log into Kolab using name.
>>>>>
>>>>> So for me it would look like this:
>>>>>
>>>>> In ipa:
>>>>> uid: dpal
>>>>> mail: dpal at mydomain.com
>>>>>
>>>>>
>>>>>> There might be need changed more.
>>>>>>
>>>>>> I hope we can get this fixed !
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Matt
>>>>>>
>>>>>> 2014-11-22 0:51 GMT+01:00 Dmitri Pal <dpal at redhat.com>:
>>>>>>>
>>>>>>> On 11/21/2014 06:42 PM, Matt . wrote:
>>>>>>>>
>>>>>>>> Hi Dimitri,
>>>>>>>>
>>>>>>>> All I can say about that is that it's configured and uses ldap this
>>>>>>>> this added to ldap:
>>>>>>>>
>>>>>>>> [root at kolab roundcubemail]# ldapsearch -x -h localhost -D
>>>>>>>> "cn=Directory Manager" -w Welcome2KolabSystems -b
>>>>>>>> "cn=kolab,cn=config"
>>>>>>>> # extended LDIF
>>>>>>>> #
>>>>>>>> # LDAPv3
>>>>>>>> # base <cn=kolab,cn=config> with scope subtree
>>>>>>>> # filter: (objectclass=*)
>>>>>>>> # requesting: ALL
>>>>>>>> #
>>>>>>>>
>>>>>>>> # kolab, config
>>>>>>>> dn: cn=kolab,cn=config
>>>>>>>> objectClass: top
>>>>>>>> objectClass: extensibleobject
>>>>>>>> cn: kolab
>>>>>>>>
>>>>>>>> # example.org, kolab, config
>>>>>>>> dn: associateddomain=example.org,cn=kolab,cn=config
>>>>>>>> objectClass: top
>>>>>>>> objectClass: domainrelatedobject
>>>>>>>> objectClass: inetdomain
>>>>>>>> associatedDomain: example.org
>>>>>>>> associatedDomain: dc=internal,dc=local
>>>>>>>> inetDomainBaseDN: dc=internal,dc=local
>>>>>>>>
>>>>>>>> # search result
>>>>>>>> search: 2
>>>>>>>> result: 0 Success
>>>>>>>>
>>>>>>>> # numResponses: 3
>>>>>>>> # numEntries: 2
>>>>>>>>
>>>>>>>>
>>>>>>>> kolab_auth.inc.php
>>>>>>>>
>>>>>>>> <?php
>>>>>>>>
>>>>>>>> // The id of the LDAP address book (which refers to the
>>>>>>>> rcmail_config['ldap_public'])
>>>>>>>> // or complete addressbook definition array.
>>>>>>>> $config['kolab_auth_addressbook'] = Array(
>>>>>>>> 'name' => 'Kolab Auth',
>>>>>>>> 'hosts' => Array('172.16.xx.xx'),
>>>>>>>> 'port' => 389,
>>>>>>>> 'use_tls' => false,
>>>>>>>> 'user_specific' => false,
>>>>>>>> 'base_dn' =>
>>>>>>>> 'cn=accounts,dc=domain,dc=local',
>>>>>>>> 'bind_dn' =>
>>>>>>>> 'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
>>>>>>>> 'bind_pass' => 'xxxxxx',
>>>>>>>> 'writable' => false,
>>>>>>>> 'ldap_version' => 3, // using LDAPv3
>>>>>>>> 'fieldmap' => Array(
>>>>>>>> 'name' => 'displayname',
>>>>>>>> 'email' => 'mail',
>>>>>>>
>>>>>>>
>>>>>>> Here you can use uid instead of mail.
>>>>>>> Then user will be able to login into Kolab with a simple name instead
>>>>>>> of
>>>>>>> the
>>>>>>> longer mail.
>>>>>>> Then you would be able to put name at domain.tld into the mail attribute.
>>>>>>>
>>>>>>> It seems that Kolab assumes that mail is a single valued attribute in
>>>>>>> the
>>>>>>> directory while in general it is not the case.
>>>>>>> So the best would be to use come other attribute for login.
>>>>>>>
>>>>>>> HTH.
>>>>>>>
>>>>>>>> 'email:alias' => 'alias',
>>>>>>>> 'role' => 'nsroledn',
>>>>>>>> ),
>>>>>>>> 'sort' => 'displayname',
>>>>>>>> 'scope' => 'sub',
>>>>>>>> 'filter' => '(objectClass=*)',
>>>>>>>> 'fuzzy_search' => true,
>>>>>>>> 'sizelimit' => '0',
>>>>>>>> 'timelimit' => '0',
>>>>>>>> 'groups' => Array(
>>>>>>>> 'base_dn' =>
>>>>>>>> 'cn=groups,dc=domain,dc=local',
>>>>>>>> 'filter' =>
>>>>>>>> '(|(objectclass=groupofuniquenames)(objectclass=groupofurls))',
>>>>>>>> 'object_classes' => Array('top',
>>>>>>>> 'groupOfUniqueNames'),
>>>>>>>> 'member_attr' => 'uniqueMember',
>>>>>>>> ),
>>>>>>>> );
>>>>>>>>
>>>>>>>>
>>>>>>>> // This will overwrite defined filter
>>>>>>>> $config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)'
>>>>>>>> .
>>>>>>>> '(|(uid=%u)(mail=%fu)(alias=%fu)))';
>>>>>>>>
>>>>>>>> // Use this fields (from fieldmap configuration) to get
>>>>>>>> authentication ID
>>>>>>>> $config['kolab_auth_login'] = 'email';
>>>>>>>>
>>>>>>>> // Use this fields (from fieldmap configuration) for default
>>>>>>>> identity
>>>>>>>> $config['kolab_auth_name'] = 'name';
>>>>>>>> $config['kolab_auth_alias'] = 'alias';
>>>>>>>> $config['kolab_auth_email'] = 'email';
>>>>>>>>
>>>>>>>> if (preg_match('/\/helpdesk-login\//',
>>>>>>>> $_SERVER["REQUEST_URI"]) )
>>>>>>>> {
>>>>>>>>
>>>>>>>> // Login and password of the admin user. Enables "Login
>>>>>>>> As"
>>>>>>>> feature.
>>>>>>>> $config['kolab_auth_admin_login'] = 'admin';
>>>>>>>> $config['kolab_auth_admin_password'] = 'xxxxxx';
>>>>>>>>
>>>>>>>> $config['kolab_auth_auditlog'] = true;
>>>>>>>> }
>>>>>>>>
>>>>>>>> // Administrative role field (from fieldmap configuration)
>>>>>>>> which
>>>>>>>> must be filled with
>>>>>>>> // specified value which adds privilege to login as another
>>>>>>>> user.
>>>>>>>> $config['kolab_auth_role'] = 'role';
>>>>>>>> $config['kolab_auth_role_value'] =
>>>>>>>> 'cn=kolab-admin,dc=domain,dc=local';
>>>>>>>>
>>>>>>>> // Administrative group name to which user must be assigned to
>>>>>>>> // which adds privilege to login as another user.
>>>>>>>> $config['kolab_auth_group'] = 'Kolab Helpdesk';
>>>>>>>>
>>>>>>>> if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"]
>>>>>>>> .
>>>>>>>> '/' . basename(__FILE__))) {
>>>>>>>> include_once(RCUBE_CONFIG_DIR . '/' .
>>>>>>>> $_SERVER["HTTP_HOST"] .
>>>>>>>> '/' . basename(__FILE__));
>>>>>>>> }
>>>>>>>>
>>>>>>>> ?>
>>>>>>>>
>>>>>>>> Does this help you some ?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Thank you,
>>>>>>> Dmitri Pal
>>>>>>>
>>>>>>> Sr. Engineering Manager IdM portfolio
>>>>>>> Red Hat, Inc.
>>>>>>>
>>>>>
>>>>> --
>>>>> Thank you,
>>>>> Dmitri Pal
>>>>>
>>>>> Sr. Engineering Manager IdM portfolio
>>>>> Red Hat, Inc.
>>>>>
>>
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>>
More information about the Freeipa-users
mailing list