HI Dimitri,
Thanks, but it seems following the kolab devs that if kolab cannot
determine the base dn, the other two do not matter.
So what would you change exactly ?
There might be need changed more.
I hope we can get this fixed !
Thanks,
Matt
2014-11-22 0:51 GMT+01:00 Dmitri Pal <d...@redhat.com>:
> On 11/21/2014 06:42 PM, Matt . wrote:
>>
>> Hi Dimitri,
>>
>> All I can say about that is that it's configured and uses ldap this
>> this added to ldap:
>>
>> [root@kolab roundcubemail]# ldapsearch -x -h localhost -D
>> "cn=Directory Manager" -w Welcome2KolabSystems -b "cn=kolab,cn=config"
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <cn=kolab,cn=config> with scope subtree
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>>
>> # kolab, config
>> dn: cn=kolab,cn=config
>> objectClass: top
>> objectClass: extensibleobject
>> cn: kolab
>>
>> # example.org, kolab, config
>> dn: associateddomain=example.org,cn=kolab,cn=config
>> objectClass: top
>> objectClass: domainrelatedobject
>> objectClass: inetdomain
>> associatedDomain: example.org
>> associatedDomain: dc=internal,dc=local
>> inetDomainBaseDN: dc=internal,dc=local
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 3
>> # numEntries: 2
>>
>>
>> kolab_auth.inc.php
>>
>> <?php
>>
>> // The id of the LDAP address book (which refers to the
>> rcmail_config['ldap_public'])
>> // or complete addressbook definition array.
>> $config['kolab_auth_addressbook'] = Array(
>> 'name' => 'Kolab Auth',
>> 'hosts' => Array('172.16.xx.xx'),
>> 'port' => 389,
>> 'use_tls' => false,
>> 'user_specific' => false,
>> 'base_dn' => 'cn=accounts,dc=domain,dc=local',
>> 'bind_dn' =>
>> 'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
>> 'bind_pass' => 'xxxxxx',
>> 'writable' => false,
>> 'ldap_version' => 3, // using LDAPv3
>> 'fieldmap' => Array(
>> 'name' => 'displayname',
>> 'email' => 'mail',
>
>
> Here you can use uid instead of mail.
> Then user will be able to login into Kolab with a simple name instead of the
> longer mail.
> Then you would be able to put n...@domain.tld into the mail attribute.
>
> It seems that Kolab assumes that mail is a single valued attribute in the
> directory while in general it is not the case.
> So the best would be to use come other attribute for login.
>
> HTH.
>
>> 'email:alias' => 'alias',
>> 'role' => 'nsroledn',
>> ),
>> 'sort' => 'displayname',
>> 'scope' => 'sub',
>> 'filter' => '(objectClass=*)',
>> 'fuzzy_search' => true,
>> 'sizelimit' => '0',
>> 'timelimit' => '0',
>> 'groups' => Array(
>> 'base_dn' => 'cn=groups,dc=domain,dc=local',
>> 'filter' =>
>> '(|(objectclass=groupofuniquenames)(objectclass=groupofurls))',
>> 'object_classes' => Array('top',
>> 'groupOfUniqueNames'),
>> 'member_attr' => 'uniqueMember',
>> ),
>> );
>>
>>
>> // This will overwrite defined filter
>> $config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' .
>> '(|(uid=%u)(mail=%fu)(alias=%fu)))';
>>
>> // Use this fields (from fieldmap configuration) to get
>> authentication ID
>> $config['kolab_auth_login'] = 'email';
>>
>> // Use this fields (from fieldmap configuration) for default identity
>> $config['kolab_auth_name'] = 'name';
>> $config['kolab_auth_alias'] = 'alias';
>> $config['kolab_auth_email'] = 'email';
>>
>> if (preg_match('/\/helpdesk-login\//', $_SERVER["REQUEST_URI"]) ) {
>>
>> // Login and password of the admin user. Enables "Login As"
>> feature.
>> $config['kolab_auth_admin_login'] = 'admin';
>> $config['kolab_auth_admin_password'] = 'xxxxxx';
>>
>> $config['kolab_auth_auditlog'] = true;
>> }
>>
>> // Administrative role field (from fieldmap configuration) which
>> must be filled with
>> // specified value which adds privilege to login as another user.
>> $config['kolab_auth_role'] = 'role';
>> $config['kolab_auth_role_value'] =
>> 'cn=kolab-admin,dc=domain,dc=local';
>>
>> // Administrative group name to which user must be assigned to
>> // which adds privilege to login as another user.
>> $config['kolab_auth_group'] = 'Kolab Helpdesk';
>>
>> if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
>> '/' . basename(__FILE__))) {
>> include_once(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
>> '/' . basename(__FILE__));
>> }
>>
>> ?>
>>
>> Does this help you some ?
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
