On 11/21/2014 06:42 PM, Matt . wrote:
Hi Dimitri,

All I can say about that is that it's configured and uses ldap this
this added to ldap:

[root@kolab roundcubemail]# ldapsearch -x -h localhost -D
"cn=Directory Manager" -w Welcome2KolabSystems -b "cn=kolab,cn=config"
# extended LDIF
#
# LDAPv3
# base <cn=kolab,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# kolab, config
dn: cn=kolab,cn=config
objectClass: top
objectClass: extensibleobject
cn: kolab

# example.org, kolab, config
dn: associateddomain=example.org,cn=kolab,cn=config
objectClass: top
objectClass: domainrelatedobject
objectClass: inetdomain
associatedDomain: example.org
associatedDomain: dc=internal,dc=local
inetDomainBaseDN: dc=internal,dc=local

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2


kolab_auth.inc.php

<?php

     // The id of the LDAP address book (which refers to the
rcmail_config['ldap_public'])
     // or complete addressbook definition array.
     $config['kolab_auth_addressbook'] = Array(
         'name'                      => 'Kolab Auth',
         'hosts'                     => Array('172.16.xx.xx'),
         'port'                      => 389,
         'use_tls'                   => false,
         'user_specific'             => false,
         'base_dn'                   => 'cn=accounts,dc=domain,dc=local',
         'bind_dn'                   =>
'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
         'bind_pass'                 => 'xxxxxx',
         'writable'                  => false,
         'ldap_version'              => 3,       // using LDAPv3
         'fieldmap'                  => Array(
                 'name'              => 'displayname',
                 'email'             => 'mail',

Here you can use uid instead of mail.
Then user will be able to login into Kolab with a simple name instead of the longer mail.
Then you would be able to put n...@domain.tld into the mail attribute.

It seems that Kolab assumes that mail is a single valued attribute in the directory while in general it is not the case.
So the best would be to use come other attribute for login.

HTH.
                 'email:alias'       => 'alias',
                 'role'              => 'nsroledn',
             ),
         'sort'                      => 'displayname',
         'scope'                     => 'sub',
         'filter'                    => '(objectClass=*)',
         'fuzzy_search'              => true,
         'sizelimit'                 => '0',
         'timelimit'                 => '0',
         'groups'                    => Array(
                 'base_dn'           => 'cn=groups,dc=domain,dc=local',
                 'filter'            =>
'(|(objectclass=groupofuniquenames)(objectclass=groupofurls))',
                 'object_classes'    => Array('top', 'groupOfUniqueNames'),
                 'member_attr'       => 'uniqueMember',
             ),
     );


     // This will overwrite defined filter
     $config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' .
'(|(uid=%u)(mail=%fu)(alias=%fu)))';

     // Use this fields (from fieldmap configuration) to get authentication ID
     $config['kolab_auth_login'] = 'email';

     // Use this fields (from fieldmap configuration) for default identity
     $config['kolab_auth_name']  = 'name';
     $config['kolab_auth_alias'] = 'alias';
     $config['kolab_auth_email'] = 'email';

     if (preg_match('/\/helpdesk-login\//', $_SERVER["REQUEST_URI"]) ) {

         // Login and password of the admin user. Enables "Login As" feature.
         $config['kolab_auth_admin_login']    = 'admin';
         $config['kolab_auth_admin_password'] = 'xxxxxx';

         $config['kolab_auth_auditlog'] = true;
     }

     // Administrative role field (from fieldmap configuration) which
must be filled with
     // specified value which adds privilege to login as another user.
     $config['kolab_auth_role']       = 'role';
     $config['kolab_auth_role_value'] = 'cn=kolab-admin,dc=domain,dc=local';

     // Administrative group name to which user must be assigned to
     // which adds privilege to login as another user.
     $config['kolab_auth_group'] = 'Kolab Helpdesk';

     if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
'/' . basename(__FILE__))) {
         include_once(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
'/' . basename(__FILE__));
     }

?>

Does this help you some ?


--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to