Hi that wasn't quite clear from me, yes I can login thanks for that! But now I get an error on the associated domain:
postmap: dict_ldap_connect: Cached connection handle for LDAP source /etc/postfix/ldap/mydestination.cf postmap: dict_ldap_lookup: /etc/postfix/ldap/mydestination.cf: Searching with filter (&(associatedDomain=u...@domain.tld)) postmap: dict_ldap_get_values[1]: Search found 0 match(es) postmap: dict_ldap_get_values[1]: Leaving dict_ldap_get_values postmap: dict_ldap_lookup: Search returned nothing postmap: dict_ldap_close: Closed connection handle for LDAP source /etc/postfix/ldap/mydestination.cf But when I do a postmap check on this cf with domain.tld that gives a match, as it should... So that might need some modification ? 2014-11-22 2:14 GMT+01:00 Dmitri Pal <d...@redhat.com>: > On 11/21/2014 07:57 PM, Matt . wrote: >> >> I need to say, saslauth caches it, didn't restart that one actually as >> it's kinda late! > > > So when you restarted did it work or still no luck? > > >> >> 2014-11-22 1:55 GMT+01:00 Matt . <yamakasi....@gmail.com>: >>> >>> HI, >>> >>> Yes and that doesn't let me login... that's the issue. >>> >>> 2014-11-22 1:45 GMT+01:00 Dmitri Pal <d...@redhat.com>: >>>> >>>> On 11/21/2014 07:12 PM, Matt . wrote: >>>>> >>>>> HI Dimitri, >>>>> >>>>> Thanks, but it seems following the kolab devs that if kolab cannot >>>>> determine the base dn, the other two do not matter. >>>>> >>>>> So what would you change exactly ? >>>> >>>> >>>> I assume you use IPA as an LDAP server. >>>> In the Kolab config I would change >>>> >>>> 'email' => 'mail', >>>> >>>> to >>>> >>>> 'email' => 'uid', >>>> >>>> >>>> In IPA I would use "name" in the uid and name@domain in email (as IPA >>>> creates) by default. >>>> and then try to log into Kolab using name. >>>> >>>> So for me it would look like this: >>>> >>>> In ipa: >>>> uid: dpal >>>> mail: d...@mydomain.com >>>> >>>> >>>>> There might be need changed more. >>>>> >>>>> I hope we can get this fixed ! >>>>> >>>>> Thanks, >>>>> >>>>> Matt >>>>> >>>>> 2014-11-22 0:51 GMT+01:00 Dmitri Pal <d...@redhat.com>: >>>>>> >>>>>> On 11/21/2014 06:42 PM, Matt . wrote: >>>>>>> >>>>>>> Hi Dimitri, >>>>>>> >>>>>>> All I can say about that is that it's configured and uses ldap this >>>>>>> this added to ldap: >>>>>>> >>>>>>> [root@kolab roundcubemail]# ldapsearch -x -h localhost -D >>>>>>> "cn=Directory Manager" -w Welcome2KolabSystems -b >>>>>>> "cn=kolab,cn=config" >>>>>>> # extended LDIF >>>>>>> # >>>>>>> # LDAPv3 >>>>>>> # base <cn=kolab,cn=config> with scope subtree >>>>>>> # filter: (objectclass=*) >>>>>>> # requesting: ALL >>>>>>> # >>>>>>> >>>>>>> # kolab, config >>>>>>> dn: cn=kolab,cn=config >>>>>>> objectClass: top >>>>>>> objectClass: extensibleobject >>>>>>> cn: kolab >>>>>>> >>>>>>> # example.org, kolab, config >>>>>>> dn: associateddomain=example.org,cn=kolab,cn=config >>>>>>> objectClass: top >>>>>>> objectClass: domainrelatedobject >>>>>>> objectClass: inetdomain >>>>>>> associatedDomain: example.org >>>>>>> associatedDomain: dc=internal,dc=local >>>>>>> inetDomainBaseDN: dc=internal,dc=local >>>>>>> >>>>>>> # search result >>>>>>> search: 2 >>>>>>> result: 0 Success >>>>>>> >>>>>>> # numResponses: 3 >>>>>>> # numEntries: 2 >>>>>>> >>>>>>> >>>>>>> kolab_auth.inc.php >>>>>>> >>>>>>> <?php >>>>>>> >>>>>>> // The id of the LDAP address book (which refers to the >>>>>>> rcmail_config['ldap_public']) >>>>>>> // or complete addressbook definition array. >>>>>>> $config['kolab_auth_addressbook'] = Array( >>>>>>> 'name' => 'Kolab Auth', >>>>>>> 'hosts' => Array('172.16.xx.xx'), >>>>>>> 'port' => 389, >>>>>>> 'use_tls' => false, >>>>>>> 'user_specific' => false, >>>>>>> 'base_dn' => >>>>>>> 'cn=accounts,dc=domain,dc=local', >>>>>>> 'bind_dn' => >>>>>>> 'uid=admin,cn=users,cn=accounts,dc=domain,dc=local', >>>>>>> 'bind_pass' => 'xxxxxx', >>>>>>> 'writable' => false, >>>>>>> 'ldap_version' => 3, // using LDAPv3 >>>>>>> 'fieldmap' => Array( >>>>>>> 'name' => 'displayname', >>>>>>> 'email' => 'mail', >>>>>> >>>>>> >>>>>> Here you can use uid instead of mail. >>>>>> Then user will be able to login into Kolab with a simple name instead >>>>>> of >>>>>> the >>>>>> longer mail. >>>>>> Then you would be able to put n...@domain.tld into the mail attribute. >>>>>> >>>>>> It seems that Kolab assumes that mail is a single valued attribute in >>>>>> the >>>>>> directory while in general it is not the case. >>>>>> So the best would be to use come other attribute for login. >>>>>> >>>>>> HTH. >>>>>> >>>>>>> 'email:alias' => 'alias', >>>>>>> 'role' => 'nsroledn', >>>>>>> ), >>>>>>> 'sort' => 'displayname', >>>>>>> 'scope' => 'sub', >>>>>>> 'filter' => '(objectClass=*)', >>>>>>> 'fuzzy_search' => true, >>>>>>> 'sizelimit' => '0', >>>>>>> 'timelimit' => '0', >>>>>>> 'groups' => Array( >>>>>>> 'base_dn' => >>>>>>> 'cn=groups,dc=domain,dc=local', >>>>>>> 'filter' => >>>>>>> '(|(objectclass=groupofuniquenames)(objectclass=groupofurls))', >>>>>>> 'object_classes' => Array('top', >>>>>>> 'groupOfUniqueNames'), >>>>>>> 'member_attr' => 'uniqueMember', >>>>>>> ), >>>>>>> ); >>>>>>> >>>>>>> >>>>>>> // This will overwrite defined filter >>>>>>> $config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' >>>>>>> . >>>>>>> '(|(uid=%u)(mail=%fu)(alias=%fu)))'; >>>>>>> >>>>>>> // Use this fields (from fieldmap configuration) to get >>>>>>> authentication ID >>>>>>> $config['kolab_auth_login'] = 'email'; >>>>>>> >>>>>>> // Use this fields (from fieldmap configuration) for default >>>>>>> identity >>>>>>> $config['kolab_auth_name'] = 'name'; >>>>>>> $config['kolab_auth_alias'] = 'alias'; >>>>>>> $config['kolab_auth_email'] = 'email'; >>>>>>> >>>>>>> if (preg_match('/\/helpdesk-login\//', >>>>>>> $_SERVER["REQUEST_URI"]) ) >>>>>>> { >>>>>>> >>>>>>> // Login and password of the admin user. Enables "Login >>>>>>> As" >>>>>>> feature. >>>>>>> $config['kolab_auth_admin_login'] = 'admin'; >>>>>>> $config['kolab_auth_admin_password'] = 'xxxxxx'; >>>>>>> >>>>>>> $config['kolab_auth_auditlog'] = true; >>>>>>> } >>>>>>> >>>>>>> // Administrative role field (from fieldmap configuration) >>>>>>> which >>>>>>> must be filled with >>>>>>> // specified value which adds privilege to login as another >>>>>>> user. >>>>>>> $config['kolab_auth_role'] = 'role'; >>>>>>> $config['kolab_auth_role_value'] = >>>>>>> 'cn=kolab-admin,dc=domain,dc=local'; >>>>>>> >>>>>>> // Administrative group name to which user must be assigned to >>>>>>> // which adds privilege to login as another user. >>>>>>> $config['kolab_auth_group'] = 'Kolab Helpdesk'; >>>>>>> >>>>>>> if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] >>>>>>> . >>>>>>> '/' . basename(__FILE__))) { >>>>>>> include_once(RCUBE_CONFIG_DIR . '/' . >>>>>>> $_SERVER["HTTP_HOST"] . >>>>>>> '/' . basename(__FILE__)); >>>>>>> } >>>>>>> >>>>>>> ?> >>>>>>> >>>>>>> Does this help you some ? >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Thank you, >>>>>> Dmitri Pal >>>>>> >>>>>> Sr. Engineering Manager IdM portfolio >>>>>> Red Hat, Inc. >>>>>> >>>> >>>> -- >>>> Thank you, >>>> Dmitri Pal >>>> >>>> Sr. Engineering Manager IdM portfolio >>>> Red Hat, Inc. >>>> > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project