I need to say, saslauth caches it, didn't restart that one actually as it's kinda late!
2014-11-22 1:55 GMT+01:00 Matt . <[email protected]>: > HI, > > Yes and that doesn't let me login... that's the issue. > > 2014-11-22 1:45 GMT+01:00 Dmitri Pal <[email protected]>: >> On 11/21/2014 07:12 PM, Matt . wrote: >>> >>> HI Dimitri, >>> >>> Thanks, but it seems following the kolab devs that if kolab cannot >>> determine the base dn, the other two do not matter. >>> >>> So what would you change exactly ? >> >> >> I assume you use IPA as an LDAP server. >> In the Kolab config I would change >> >> 'email' => 'mail', >> >> to >> >> 'email' => 'uid', >> >> >> In IPA I would use "name" in the uid and name@domain in email (as IPA >> creates) by default. >> and then try to log into Kolab using name. >> >> So for me it would look like this: >> >> In ipa: >> uid: dpal >> mail: [email protected] >> >> >>> >>> There might be need changed more. >>> >>> I hope we can get this fixed ! >>> >>> Thanks, >>> >>> Matt >>> >>> 2014-11-22 0:51 GMT+01:00 Dmitri Pal <[email protected]>: >>>> >>>> On 11/21/2014 06:42 PM, Matt . wrote: >>>>> >>>>> Hi Dimitri, >>>>> >>>>> All I can say about that is that it's configured and uses ldap this >>>>> this added to ldap: >>>>> >>>>> [root@kolab roundcubemail]# ldapsearch -x -h localhost -D >>>>> "cn=Directory Manager" -w Welcome2KolabSystems -b "cn=kolab,cn=config" >>>>> # extended LDIF >>>>> # >>>>> # LDAPv3 >>>>> # base <cn=kolab,cn=config> with scope subtree >>>>> # filter: (objectclass=*) >>>>> # requesting: ALL >>>>> # >>>>> >>>>> # kolab, config >>>>> dn: cn=kolab,cn=config >>>>> objectClass: top >>>>> objectClass: extensibleobject >>>>> cn: kolab >>>>> >>>>> # example.org, kolab, config >>>>> dn: associateddomain=example.org,cn=kolab,cn=config >>>>> objectClass: top >>>>> objectClass: domainrelatedobject >>>>> objectClass: inetdomain >>>>> associatedDomain: example.org >>>>> associatedDomain: dc=internal,dc=local >>>>> inetDomainBaseDN: dc=internal,dc=local >>>>> >>>>> # search result >>>>> search: 2 >>>>> result: 0 Success >>>>> >>>>> # numResponses: 3 >>>>> # numEntries: 2 >>>>> >>>>> >>>>> kolab_auth.inc.php >>>>> >>>>> <?php >>>>> >>>>> // The id of the LDAP address book (which refers to the >>>>> rcmail_config['ldap_public']) >>>>> // or complete addressbook definition array. >>>>> $config['kolab_auth_addressbook'] = Array( >>>>> 'name' => 'Kolab Auth', >>>>> 'hosts' => Array('172.16.xx.xx'), >>>>> 'port' => 389, >>>>> 'use_tls' => false, >>>>> 'user_specific' => false, >>>>> 'base_dn' => >>>>> 'cn=accounts,dc=domain,dc=local', >>>>> 'bind_dn' => >>>>> 'uid=admin,cn=users,cn=accounts,dc=domain,dc=local', >>>>> 'bind_pass' => 'xxxxxx', >>>>> 'writable' => false, >>>>> 'ldap_version' => 3, // using LDAPv3 >>>>> 'fieldmap' => Array( >>>>> 'name' => 'displayname', >>>>> 'email' => 'mail', >>>> >>>> >>>> Here you can use uid instead of mail. >>>> Then user will be able to login into Kolab with a simple name instead of >>>> the >>>> longer mail. >>>> Then you would be able to put [email protected] into the mail attribute. >>>> >>>> It seems that Kolab assumes that mail is a single valued attribute in the >>>> directory while in general it is not the case. >>>> So the best would be to use come other attribute for login. >>>> >>>> HTH. >>>> >>>>> 'email:alias' => 'alias', >>>>> 'role' => 'nsroledn', >>>>> ), >>>>> 'sort' => 'displayname', >>>>> 'scope' => 'sub', >>>>> 'filter' => '(objectClass=*)', >>>>> 'fuzzy_search' => true, >>>>> 'sizelimit' => '0', >>>>> 'timelimit' => '0', >>>>> 'groups' => Array( >>>>> 'base_dn' => 'cn=groups,dc=domain,dc=local', >>>>> 'filter' => >>>>> '(|(objectclass=groupofuniquenames)(objectclass=groupofurls))', >>>>> 'object_classes' => Array('top', >>>>> 'groupOfUniqueNames'), >>>>> 'member_attr' => 'uniqueMember', >>>>> ), >>>>> ); >>>>> >>>>> >>>>> // This will overwrite defined filter >>>>> $config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' . >>>>> '(|(uid=%u)(mail=%fu)(alias=%fu)))'; >>>>> >>>>> // Use this fields (from fieldmap configuration) to get >>>>> authentication ID >>>>> $config['kolab_auth_login'] = 'email'; >>>>> >>>>> // Use this fields (from fieldmap configuration) for default >>>>> identity >>>>> $config['kolab_auth_name'] = 'name'; >>>>> $config['kolab_auth_alias'] = 'alias'; >>>>> $config['kolab_auth_email'] = 'email'; >>>>> >>>>> if (preg_match('/\/helpdesk-login\//', $_SERVER["REQUEST_URI"]) ) >>>>> { >>>>> >>>>> // Login and password of the admin user. Enables "Login As" >>>>> feature. >>>>> $config['kolab_auth_admin_login'] = 'admin'; >>>>> $config['kolab_auth_admin_password'] = 'xxxxxx'; >>>>> >>>>> $config['kolab_auth_auditlog'] = true; >>>>> } >>>>> >>>>> // Administrative role field (from fieldmap configuration) which >>>>> must be filled with >>>>> // specified value which adds privilege to login as another user. >>>>> $config['kolab_auth_role'] = 'role'; >>>>> $config['kolab_auth_role_value'] = >>>>> 'cn=kolab-admin,dc=domain,dc=local'; >>>>> >>>>> // Administrative group name to which user must be assigned to >>>>> // which adds privilege to login as another user. >>>>> $config['kolab_auth_group'] = 'Kolab Helpdesk'; >>>>> >>>>> if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] . >>>>> '/' . basename(__FILE__))) { >>>>> include_once(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] . >>>>> '/' . basename(__FILE__)); >>>>> } >>>>> >>>>> ?> >>>>> >>>>> Does this help you some ? >>>> >>>> >>>> >>>> -- >>>> Thank you, >>>> Dmitri Pal >>>> >>>> Sr. Engineering Manager IdM portfolio >>>> Red Hat, Inc. >>>> >> >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager IdM portfolio >> Red Hat, Inc. >> -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
