HI,

Yes and that doesn't let me login... that's the issue.

2014-11-22 1:45 GMT+01:00 Dmitri Pal <d...@redhat.com>:
> On 11/21/2014 07:12 PM, Matt . wrote:
>>
>> HI Dimitri,
>>
>> Thanks, but it seems following the kolab devs that if kolab cannot
>> determine the base dn, the other two do not matter.
>>
>> So what would you change exactly ?
>
>
> I assume you use IPA as an LDAP server.
> In the Kolab config I would change
>
>                  'email'             => 'mail',
>
> to
>
>                  'email'             => 'uid',
>
>
> In IPA I would use "name" in the uid and name@domain in email (as IPA
> creates) by default.
> and then try to log into Kolab using name.
>
> So for me it would look like this:
>
> In ipa:
> uid: dpal
> mail: d...@mydomain.com
>
>
>>
>> There might be need changed more.
>>
>> I hope we can get this fixed !
>>
>> Thanks,
>>
>> Matt
>>
>> 2014-11-22 0:51 GMT+01:00 Dmitri Pal <d...@redhat.com>:
>>>
>>> On 11/21/2014 06:42 PM, Matt . wrote:
>>>>
>>>> Hi Dimitri,
>>>>
>>>> All I can say about that is that it's configured and uses ldap this
>>>> this added to ldap:
>>>>
>>>> [root@kolab roundcubemail]# ldapsearch -x -h localhost -D
>>>> "cn=Directory Manager" -w Welcome2KolabSystems -b "cn=kolab,cn=config"
>>>> # extended LDIF
>>>> #
>>>> # LDAPv3
>>>> # base <cn=kolab,cn=config> with scope subtree
>>>> # filter: (objectclass=*)
>>>> # requesting: ALL
>>>> #
>>>>
>>>> # kolab, config
>>>> dn: cn=kolab,cn=config
>>>> objectClass: top
>>>> objectClass: extensibleobject
>>>> cn: kolab
>>>>
>>>> # example.org, kolab, config
>>>> dn: associateddomain=example.org,cn=kolab,cn=config
>>>> objectClass: top
>>>> objectClass: domainrelatedobject
>>>> objectClass: inetdomain
>>>> associatedDomain: example.org
>>>> associatedDomain: dc=internal,dc=local
>>>> inetDomainBaseDN: dc=internal,dc=local
>>>>
>>>> # search result
>>>> search: 2
>>>> result: 0 Success
>>>>
>>>> # numResponses: 3
>>>> # numEntries: 2
>>>>
>>>>
>>>> kolab_auth.inc.php
>>>>
>>>> <?php
>>>>
>>>>       // The id of the LDAP address book (which refers to the
>>>> rcmail_config['ldap_public'])
>>>>       // or complete addressbook definition array.
>>>>       $config['kolab_auth_addressbook'] = Array(
>>>>           'name'                      => 'Kolab Auth',
>>>>           'hosts'                     => Array('172.16.xx.xx'),
>>>>           'port'                      => 389,
>>>>           'use_tls'                   => false,
>>>>           'user_specific'             => false,
>>>>           'base_dn'                   =>
>>>> 'cn=accounts,dc=domain,dc=local',
>>>>           'bind_dn'                   =>
>>>> 'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
>>>>           'bind_pass'                 => 'xxxxxx',
>>>>           'writable'                  => false,
>>>>           'ldap_version'              => 3,       // using LDAPv3
>>>>           'fieldmap'                  => Array(
>>>>                   'name'              => 'displayname',
>>>>                   'email'             => 'mail',
>>>
>>>
>>> Here you can use uid instead of mail.
>>> Then user will be able to login into Kolab with a simple name instead of
>>> the
>>> longer mail.
>>> Then you would be able to put n...@domain.tld into the mail attribute.
>>>
>>> It seems that Kolab assumes that mail is a single valued attribute in the
>>> directory while in general it is not the case.
>>> So the best would be to use come other attribute for login.
>>>
>>> HTH.
>>>
>>>>                   'email:alias'       => 'alias',
>>>>                   'role'              => 'nsroledn',
>>>>               ),
>>>>           'sort'                      => 'displayname',
>>>>           'scope'                     => 'sub',
>>>>           'filter'                    => '(objectClass=*)',
>>>>           'fuzzy_search'              => true,
>>>>           'sizelimit'                 => '0',
>>>>           'timelimit'                 => '0',
>>>>           'groups'                    => Array(
>>>>                   'base_dn'           => 'cn=groups,dc=domain,dc=local',
>>>>                   'filter'            =>
>>>> '(|(objectclass=groupofuniquenames)(objectclass=groupofurls))',
>>>>                   'object_classes'    => Array('top',
>>>> 'groupOfUniqueNames'),
>>>>                   'member_attr'       => 'uniqueMember',
>>>>               ),
>>>>       );
>>>>
>>>>
>>>>       // This will overwrite defined filter
>>>>       $config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' .
>>>> '(|(uid=%u)(mail=%fu)(alias=%fu)))';
>>>>
>>>>       // Use this fields (from fieldmap configuration) to get
>>>> authentication ID
>>>>       $config['kolab_auth_login'] = 'email';
>>>>
>>>>       // Use this fields (from fieldmap configuration) for default
>>>> identity
>>>>       $config['kolab_auth_name']  = 'name';
>>>>       $config['kolab_auth_alias'] = 'alias';
>>>>       $config['kolab_auth_email'] = 'email';
>>>>
>>>>       if (preg_match('/\/helpdesk-login\//', $_SERVER["REQUEST_URI"]) )
>>>> {
>>>>
>>>>           // Login and password of the admin user. Enables "Login As"
>>>> feature.
>>>>           $config['kolab_auth_admin_login']    = 'admin';
>>>>           $config['kolab_auth_admin_password'] = 'xxxxxx';
>>>>
>>>>           $config['kolab_auth_auditlog'] = true;
>>>>       }
>>>>
>>>>       // Administrative role field (from fieldmap configuration) which
>>>> must be filled with
>>>>       // specified value which adds privilege to login as another user.
>>>>       $config['kolab_auth_role']       = 'role';
>>>>       $config['kolab_auth_role_value'] =
>>>> 'cn=kolab-admin,dc=domain,dc=local';
>>>>
>>>>       // Administrative group name to which user must be assigned to
>>>>       // which adds privilege to login as another user.
>>>>       $config['kolab_auth_group'] = 'Kolab Helpdesk';
>>>>
>>>>       if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
>>>> '/' . basename(__FILE__))) {
>>>>           include_once(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
>>>> '/' . basename(__FILE__));
>>>>       }
>>>>
>>>> ?>
>>>>
>>>> Does this help you some ?
>>>
>>>
>>>
>>> --
>>> Thank you,
>>> Dmitri Pal
>>>
>>> Sr. Engineering Manager IdM portfolio
>>> Red Hat, Inc.
>>>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to