I need to say, saslauth caches it, didn't restart that one actually as
it's kinda late!

2014-11-22 1:55 GMT+01:00 Matt . <yamakasi....@gmail.com>:
> HI,
>
> Yes and that doesn't let me login... that's the issue.
>
> 2014-11-22 1:45 GMT+01:00 Dmitri Pal <d...@redhat.com>:
>> On 11/21/2014 07:12 PM, Matt . wrote:
>>>
>>> HI Dimitri,
>>>
>>> Thanks, but it seems following the kolab devs that if kolab cannot
>>> determine the base dn, the other two do not matter.
>>>
>>> So what would you change exactly ?
>>
>>
>> I assume you use IPA as an LDAP server.
>> In the Kolab config I would change
>>
>>                  'email'             => 'mail',
>>
>> to
>>
>>                  'email'             => 'uid',
>>
>>
>> In IPA I would use "name" in the uid and name@domain in email (as IPA
>> creates) by default.
>> and then try to log into Kolab using name.
>>
>> So for me it would look like this:
>>
>> In ipa:
>> uid: dpal
>> mail: d...@mydomain.com
>>
>>
>>>
>>> There might be need changed more.
>>>
>>> I hope we can get this fixed !
>>>
>>> Thanks,
>>>
>>> Matt
>>>
>>> 2014-11-22 0:51 GMT+01:00 Dmitri Pal <d...@redhat.com>:
>>>>
>>>> On 11/21/2014 06:42 PM, Matt . wrote:
>>>>>
>>>>> Hi Dimitri,
>>>>>
>>>>> All I can say about that is that it's configured and uses ldap this
>>>>> this added to ldap:
>>>>>
>>>>> [root@kolab roundcubemail]# ldapsearch -x -h localhost -D
>>>>> "cn=Directory Manager" -w Welcome2KolabSystems -b "cn=kolab,cn=config"
>>>>> # extended LDIF
>>>>> #
>>>>> # LDAPv3
>>>>> # base <cn=kolab,cn=config> with scope subtree
>>>>> # filter: (objectclass=*)
>>>>> # requesting: ALL
>>>>> #
>>>>>
>>>>> # kolab, config
>>>>> dn: cn=kolab,cn=config
>>>>> objectClass: top
>>>>> objectClass: extensibleobject
>>>>> cn: kolab
>>>>>
>>>>> # example.org, kolab, config
>>>>> dn: associateddomain=example.org,cn=kolab,cn=config
>>>>> objectClass: top
>>>>> objectClass: domainrelatedobject
>>>>> objectClass: inetdomain
>>>>> associatedDomain: example.org
>>>>> associatedDomain: dc=internal,dc=local
>>>>> inetDomainBaseDN: dc=internal,dc=local
>>>>>
>>>>> # search result
>>>>> search: 2
>>>>> result: 0 Success
>>>>>
>>>>> # numResponses: 3
>>>>> # numEntries: 2
>>>>>
>>>>>
>>>>> kolab_auth.inc.php
>>>>>
>>>>> <?php
>>>>>
>>>>>       // The id of the LDAP address book (which refers to the
>>>>> rcmail_config['ldap_public'])
>>>>>       // or complete addressbook definition array.
>>>>>       $config['kolab_auth_addressbook'] = Array(
>>>>>           'name'                      => 'Kolab Auth',
>>>>>           'hosts'                     => Array('172.16.xx.xx'),
>>>>>           'port'                      => 389,
>>>>>           'use_tls'                   => false,
>>>>>           'user_specific'             => false,
>>>>>           'base_dn'                   =>
>>>>> 'cn=accounts,dc=domain,dc=local',
>>>>>           'bind_dn'                   =>
>>>>> 'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
>>>>>           'bind_pass'                 => 'xxxxxx',
>>>>>           'writable'                  => false,
>>>>>           'ldap_version'              => 3,       // using LDAPv3
>>>>>           'fieldmap'                  => Array(
>>>>>                   'name'              => 'displayname',
>>>>>                   'email'             => 'mail',
>>>>
>>>>
>>>> Here you can use uid instead of mail.
>>>> Then user will be able to login into Kolab with a simple name instead of
>>>> the
>>>> longer mail.
>>>> Then you would be able to put n...@domain.tld into the mail attribute.
>>>>
>>>> It seems that Kolab assumes that mail is a single valued attribute in the
>>>> directory while in general it is not the case.
>>>> So the best would be to use come other attribute for login.
>>>>
>>>> HTH.
>>>>
>>>>>                   'email:alias'       => 'alias',
>>>>>                   'role'              => 'nsroledn',
>>>>>               ),
>>>>>           'sort'                      => 'displayname',
>>>>>           'scope'                     => 'sub',
>>>>>           'filter'                    => '(objectClass=*)',
>>>>>           'fuzzy_search'              => true,
>>>>>           'sizelimit'                 => '0',
>>>>>           'timelimit'                 => '0',
>>>>>           'groups'                    => Array(
>>>>>                   'base_dn'           => 'cn=groups,dc=domain,dc=local',
>>>>>                   'filter'            =>
>>>>> '(|(objectclass=groupofuniquenames)(objectclass=groupofurls))',
>>>>>                   'object_classes'    => Array('top',
>>>>> 'groupOfUniqueNames'),
>>>>>                   'member_attr'       => 'uniqueMember',
>>>>>               ),
>>>>>       );
>>>>>
>>>>>
>>>>>       // This will overwrite defined filter
>>>>>       $config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' .
>>>>> '(|(uid=%u)(mail=%fu)(alias=%fu)))';
>>>>>
>>>>>       // Use this fields (from fieldmap configuration) to get
>>>>> authentication ID
>>>>>       $config['kolab_auth_login'] = 'email';
>>>>>
>>>>>       // Use this fields (from fieldmap configuration) for default
>>>>> identity
>>>>>       $config['kolab_auth_name']  = 'name';
>>>>>       $config['kolab_auth_alias'] = 'alias';
>>>>>       $config['kolab_auth_email'] = 'email';
>>>>>
>>>>>       if (preg_match('/\/helpdesk-login\//', $_SERVER["REQUEST_URI"]) )
>>>>> {
>>>>>
>>>>>           // Login and password of the admin user. Enables "Login As"
>>>>> feature.
>>>>>           $config['kolab_auth_admin_login']    = 'admin';
>>>>>           $config['kolab_auth_admin_password'] = 'xxxxxx';
>>>>>
>>>>>           $config['kolab_auth_auditlog'] = true;
>>>>>       }
>>>>>
>>>>>       // Administrative role field (from fieldmap configuration) which
>>>>> must be filled with
>>>>>       // specified value which adds privilege to login as another user.
>>>>>       $config['kolab_auth_role']       = 'role';
>>>>>       $config['kolab_auth_role_value'] =
>>>>> 'cn=kolab-admin,dc=domain,dc=local';
>>>>>
>>>>>       // Administrative group name to which user must be assigned to
>>>>>       // which adds privilege to login as another user.
>>>>>       $config['kolab_auth_group'] = 'Kolab Helpdesk';
>>>>>
>>>>>       if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
>>>>> '/' . basename(__FILE__))) {
>>>>>           include_once(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
>>>>> '/' . basename(__FILE__));
>>>>>       }
>>>>>
>>>>> ?>
>>>>>
>>>>> Does this help you some ?
>>>>
>>>>
>>>>
>>>> --
>>>> Thank you,
>>>> Dmitri Pal
>>>>
>>>> Sr. Engineering Manager IdM portfolio
>>>> Red Hat, Inc.
>>>>
>>
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>>

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to