On 11/21/2014 07:57 PM, Matt . wrote:
I need to say, saslauth caches it, didn't restart that one actually as
it's kinda late!

So when you restarted did it work or still no luck?

2014-11-22 1:55 GMT+01:00 Matt . <yamakasi....@gmail.com>:

Yes and that doesn't let me login... that's the issue.

2014-11-22 1:45 GMT+01:00 Dmitri Pal <d...@redhat.com>:
On 11/21/2014 07:12 PM, Matt . wrote:
HI Dimitri,

Thanks, but it seems following the kolab devs that if kolab cannot
determine the base dn, the other two do not matter.

So what would you change exactly ?

I assume you use IPA as an LDAP server.
In the Kolab config I would change

                  'email'             => 'mail',


                  'email'             => 'uid',

In IPA I would use "name" in the uid and name@domain in email (as IPA
creates) by default.
and then try to log into Kolab using name.

So for me it would look like this:

In ipa:
uid: dpal
mail: d...@mydomain.com

There might be need changed more.

I hope we can get this fixed !



2014-11-22 0:51 GMT+01:00 Dmitri Pal <d...@redhat.com>:
On 11/21/2014 06:42 PM, Matt . wrote:
Hi Dimitri,

All I can say about that is that it's configured and uses ldap this
this added to ldap:

[root@kolab roundcubemail]# ldapsearch -x -h localhost -D
"cn=Directory Manager" -w Welcome2KolabSystems -b "cn=kolab,cn=config"
# extended LDIF
# LDAPv3
# base <cn=kolab,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL

# kolab, config
dn: cn=kolab,cn=config
objectClass: top
objectClass: extensibleobject
cn: kolab

# example.org, kolab, config
dn: associateddomain=example.org,cn=kolab,cn=config
objectClass: top
objectClass: domainrelatedobject
objectClass: inetdomain
associatedDomain: example.org
associatedDomain: dc=internal,dc=local
inetDomainBaseDN: dc=internal,dc=local

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2



       // The id of the LDAP address book (which refers to the
       // or complete addressbook definition array.
       $config['kolab_auth_addressbook'] = Array(
           'name'                      => 'Kolab Auth',
           'hosts'                     => Array('172.16.xx.xx'),
           'port'                      => 389,
           'use_tls'                   => false,
           'user_specific'             => false,
           'base_dn'                   =>
           'bind_dn'                   =>
           'bind_pass'                 => 'xxxxxx',
           'writable'                  => false,
           'ldap_version'              => 3,       // using LDAPv3
           'fieldmap'                  => Array(
                   'name'              => 'displayname',
                   'email'             => 'mail',

Here you can use uid instead of mail.
Then user will be able to login into Kolab with a simple name instead of
longer mail.
Then you would be able to put n...@domain.tld into the mail attribute.

It seems that Kolab assumes that mail is a single valued attribute in the
directory while in general it is not the case.
So the best would be to use come other attribute for login.


                   'email:alias'       => 'alias',
                   'role'              => 'nsroledn',
           'sort'                      => 'displayname',
           'scope'                     => 'sub',
           'filter'                    => '(objectClass=*)',
           'fuzzy_search'              => true,
           'sizelimit'                 => '0',
           'timelimit'                 => '0',
           'groups'                    => Array(
                   'base_dn'           => 'cn=groups,dc=domain,dc=local',
                   'filter'            =>
                   'object_classes'    => Array('top',
                   'member_attr'       => 'uniqueMember',

       // This will overwrite defined filter
       $config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' .

       // Use this fields (from fieldmap configuration) to get
authentication ID
       $config['kolab_auth_login'] = 'email';

       // Use this fields (from fieldmap configuration) for default
       $config['kolab_auth_name']  = 'name';
       $config['kolab_auth_alias'] = 'alias';
       $config['kolab_auth_email'] = 'email';

       if (preg_match('/\/helpdesk-login\//', $_SERVER["REQUEST_URI"]) )

           // Login and password of the admin user. Enables "Login As"
           $config['kolab_auth_admin_login']    = 'admin';
           $config['kolab_auth_admin_password'] = 'xxxxxx';

           $config['kolab_auth_auditlog'] = true;

       // Administrative role field (from fieldmap configuration) which
must be filled with
       // specified value which adds privilege to login as another user.
       $config['kolab_auth_role']       = 'role';
       $config['kolab_auth_role_value'] =

       // Administrative group name to which user must be assigned to
       // which adds privilege to login as another user.
       $config['kolab_auth_group'] = 'Kolab Helpdesk';

       if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
'/' . basename(__FILE__))) {
           include_once(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
'/' . basename(__FILE__));


Does this help you some ?

Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to