HI, Yes and that doesn't let me login... that's the issue.
2014-11-22 1:45 GMT+01:00 Dmitri Pal <[email protected]>: > On 11/21/2014 07:12 PM, Matt . wrote: >> >> HI Dimitri, >> >> Thanks, but it seems following the kolab devs that if kolab cannot >> determine the base dn, the other two do not matter. >> >> So what would you change exactly ? > > > I assume you use IPA as an LDAP server. > In the Kolab config I would change > > 'email' => 'mail', > > to > > 'email' => 'uid', > > > In IPA I would use "name" in the uid and name@domain in email (as IPA > creates) by default. > and then try to log into Kolab using name. > > So for me it would look like this: > > In ipa: > uid: dpal > mail: [email protected] > > >> >> There might be need changed more. >> >> I hope we can get this fixed ! >> >> Thanks, >> >> Matt >> >> 2014-11-22 0:51 GMT+01:00 Dmitri Pal <[email protected]>: >>> >>> On 11/21/2014 06:42 PM, Matt . wrote: >>>> >>>> Hi Dimitri, >>>> >>>> All I can say about that is that it's configured and uses ldap this >>>> this added to ldap: >>>> >>>> [root@kolab roundcubemail]# ldapsearch -x -h localhost -D >>>> "cn=Directory Manager" -w Welcome2KolabSystems -b "cn=kolab,cn=config" >>>> # extended LDIF >>>> # >>>> # LDAPv3 >>>> # base <cn=kolab,cn=config> with scope subtree >>>> # filter: (objectclass=*) >>>> # requesting: ALL >>>> # >>>> >>>> # kolab, config >>>> dn: cn=kolab,cn=config >>>> objectClass: top >>>> objectClass: extensibleobject >>>> cn: kolab >>>> >>>> # example.org, kolab, config >>>> dn: associateddomain=example.org,cn=kolab,cn=config >>>> objectClass: top >>>> objectClass: domainrelatedobject >>>> objectClass: inetdomain >>>> associatedDomain: example.org >>>> associatedDomain: dc=internal,dc=local >>>> inetDomainBaseDN: dc=internal,dc=local >>>> >>>> # search result >>>> search: 2 >>>> result: 0 Success >>>> >>>> # numResponses: 3 >>>> # numEntries: 2 >>>> >>>> >>>> kolab_auth.inc.php >>>> >>>> <?php >>>> >>>> // The id of the LDAP address book (which refers to the >>>> rcmail_config['ldap_public']) >>>> // or complete addressbook definition array. >>>> $config['kolab_auth_addressbook'] = Array( >>>> 'name' => 'Kolab Auth', >>>> 'hosts' => Array('172.16.xx.xx'), >>>> 'port' => 389, >>>> 'use_tls' => false, >>>> 'user_specific' => false, >>>> 'base_dn' => >>>> 'cn=accounts,dc=domain,dc=local', >>>> 'bind_dn' => >>>> 'uid=admin,cn=users,cn=accounts,dc=domain,dc=local', >>>> 'bind_pass' => 'xxxxxx', >>>> 'writable' => false, >>>> 'ldap_version' => 3, // using LDAPv3 >>>> 'fieldmap' => Array( >>>> 'name' => 'displayname', >>>> 'email' => 'mail', >>> >>> >>> Here you can use uid instead of mail. >>> Then user will be able to login into Kolab with a simple name instead of >>> the >>> longer mail. >>> Then you would be able to put [email protected] into the mail attribute. >>> >>> It seems that Kolab assumes that mail is a single valued attribute in the >>> directory while in general it is not the case. >>> So the best would be to use come other attribute for login. >>> >>> HTH. >>> >>>> 'email:alias' => 'alias', >>>> 'role' => 'nsroledn', >>>> ), >>>> 'sort' => 'displayname', >>>> 'scope' => 'sub', >>>> 'filter' => '(objectClass=*)', >>>> 'fuzzy_search' => true, >>>> 'sizelimit' => '0', >>>> 'timelimit' => '0', >>>> 'groups' => Array( >>>> 'base_dn' => 'cn=groups,dc=domain,dc=local', >>>> 'filter' => >>>> '(|(objectclass=groupofuniquenames)(objectclass=groupofurls))', >>>> 'object_classes' => Array('top', >>>> 'groupOfUniqueNames'), >>>> 'member_attr' => 'uniqueMember', >>>> ), >>>> ); >>>> >>>> >>>> // This will overwrite defined filter >>>> $config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' . >>>> '(|(uid=%u)(mail=%fu)(alias=%fu)))'; >>>> >>>> // Use this fields (from fieldmap configuration) to get >>>> authentication ID >>>> $config['kolab_auth_login'] = 'email'; >>>> >>>> // Use this fields (from fieldmap configuration) for default >>>> identity >>>> $config['kolab_auth_name'] = 'name'; >>>> $config['kolab_auth_alias'] = 'alias'; >>>> $config['kolab_auth_email'] = 'email'; >>>> >>>> if (preg_match('/\/helpdesk-login\//', $_SERVER["REQUEST_URI"]) ) >>>> { >>>> >>>> // Login and password of the admin user. Enables "Login As" >>>> feature. >>>> $config['kolab_auth_admin_login'] = 'admin'; >>>> $config['kolab_auth_admin_password'] = 'xxxxxx'; >>>> >>>> $config['kolab_auth_auditlog'] = true; >>>> } >>>> >>>> // Administrative role field (from fieldmap configuration) which >>>> must be filled with >>>> // specified value which adds privilege to login as another user. >>>> $config['kolab_auth_role'] = 'role'; >>>> $config['kolab_auth_role_value'] = >>>> 'cn=kolab-admin,dc=domain,dc=local'; >>>> >>>> // Administrative group name to which user must be assigned to >>>> // which adds privilege to login as another user. >>>> $config['kolab_auth_group'] = 'Kolab Helpdesk'; >>>> >>>> if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] . >>>> '/' . basename(__FILE__))) { >>>> include_once(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] . >>>> '/' . basename(__FILE__)); >>>> } >>>> >>>> ?> >>>> >>>> Does this help you some ? >>> >>> >>> >>> -- >>> Thank you, >>> Dmitri Pal >>> >>> Sr. Engineering Manager IdM portfolio >>> Red Hat, Inc. >>> > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
