Hi that wasn't quite clear from me, yes I can login thanks for that!
But now I get an error on the associated domain:
postmap: dict_ldap_connect: Cached connection handle for LDAP source
/etc/postfix/ldap/mydestination.cf
postmap: dict_ldap_lookup: /etc/postfix/ldap/mydestination.cf:
Searching with filter (&(associatedDomain=u...@domain.tld))
postmap: dict_ldap_get_values[1]: Search found 0 match(es)
postmap: dict_ldap_get_values[1]: Leaving dict_ldap_get_values
postmap: dict_ldap_lookup: Search returned nothing
postmap: dict_ldap_close: Closed connection handle for LDAP source
/etc/postfix/ldap/mydestination.cf
But when I do a postmap check on this cf with domain.tld that gives a
match, as it should...
So that might need some modification ?
2014-11-22 2:14 GMT+01:00 Dmitri Pal <d...@redhat.com>:
> On 11/21/2014 07:57 PM, Matt . wrote:
>>
>> I need to say, saslauth caches it, didn't restart that one actually as
>> it's kinda late!
>
>
> So when you restarted did it work or still no luck?
>
>
>>
>> 2014-11-22 1:55 GMT+01:00 Matt . <yamakasi....@gmail.com>:
>>>
>>> HI,
>>>
>>> Yes and that doesn't let me login... that's the issue.
>>>
>>> 2014-11-22 1:45 GMT+01:00 Dmitri Pal <d...@redhat.com>:
>>>>
>>>> On 11/21/2014 07:12 PM, Matt . wrote:
>>>>>
>>>>> HI Dimitri,
>>>>>
>>>>> Thanks, but it seems following the kolab devs that if kolab cannot
>>>>> determine the base dn, the other two do not matter.
>>>>>
>>>>> So what would you change exactly ?
>>>>
>>>>
>>>> I assume you use IPA as an LDAP server.
>>>> In the Kolab config I would change
>>>>
>>>> 'email' => 'mail',
>>>>
>>>> to
>>>>
>>>> 'email' => 'uid',
>>>>
>>>>
>>>> In IPA I would use "name" in the uid and name@domain in email (as IPA
>>>> creates) by default.
>>>> and then try to log into Kolab using name.
>>>>
>>>> So for me it would look like this:
>>>>
>>>> In ipa:
>>>> uid: dpal
>>>> mail: d...@mydomain.com
>>>>
>>>>
>>>>> There might be need changed more.
>>>>>
>>>>> I hope we can get this fixed !
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Matt
>>>>>
>>>>> 2014-11-22 0:51 GMT+01:00 Dmitri Pal <d...@redhat.com>:
>>>>>>
>>>>>> On 11/21/2014 06:42 PM, Matt . wrote:
>>>>>>>
>>>>>>> Hi Dimitri,
>>>>>>>
>>>>>>> All I can say about that is that it's configured and uses ldap this
>>>>>>> this added to ldap:
>>>>>>>
>>>>>>> [root@kolab roundcubemail]# ldapsearch -x -h localhost -D
>>>>>>> "cn=Directory Manager" -w Welcome2KolabSystems -b
>>>>>>> "cn=kolab,cn=config"
>>>>>>> # extended LDIF
>>>>>>> #
>>>>>>> # LDAPv3
>>>>>>> # base <cn=kolab,cn=config> with scope subtree
>>>>>>> # filter: (objectclass=*)
>>>>>>> # requesting: ALL
>>>>>>> #
>>>>>>>
>>>>>>> # kolab, config
>>>>>>> dn: cn=kolab,cn=config
>>>>>>> objectClass: top
>>>>>>> objectClass: extensibleobject
>>>>>>> cn: kolab
>>>>>>>
>>>>>>> # example.org, kolab, config
>>>>>>> dn: associateddomain=example.org,cn=kolab,cn=config
>>>>>>> objectClass: top
>>>>>>> objectClass: domainrelatedobject
>>>>>>> objectClass: inetdomain
>>>>>>> associatedDomain: example.org
>>>>>>> associatedDomain: dc=internal,dc=local
>>>>>>> inetDomainBaseDN: dc=internal,dc=local
>>>>>>>
>>>>>>> # search result
>>>>>>> search: 2
>>>>>>> result: 0 Success
>>>>>>>
>>>>>>> # numResponses: 3
>>>>>>> # numEntries: 2
>>>>>>>
>>>>>>>
>>>>>>> kolab_auth.inc.php
>>>>>>>
>>>>>>> <?php
>>>>>>>
>>>>>>> // The id of the LDAP address book (which refers to the
>>>>>>> rcmail_config['ldap_public'])
>>>>>>> // or complete addressbook definition array.
>>>>>>> $config['kolab_auth_addressbook'] = Array(
>>>>>>> 'name' => 'Kolab Auth',
>>>>>>> 'hosts' => Array('172.16.xx.xx'),
>>>>>>> 'port' => 389,
>>>>>>> 'use_tls' => false,
>>>>>>> 'user_specific' => false,
>>>>>>> 'base_dn' =>
>>>>>>> 'cn=accounts,dc=domain,dc=local',
>>>>>>> 'bind_dn' =>
>>>>>>> 'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
>>>>>>> 'bind_pass' => 'xxxxxx',
>>>>>>> 'writable' => false,
>>>>>>> 'ldap_version' => 3, // using LDAPv3
>>>>>>> 'fieldmap' => Array(
>>>>>>> 'name' => 'displayname',
>>>>>>> 'email' => 'mail',
>>>>>>
>>>>>>
>>>>>> Here you can use uid instead of mail.
>>>>>> Then user will be able to login into Kolab with a simple name instead
>>>>>> of
>>>>>> the
>>>>>> longer mail.
>>>>>> Then you would be able to put n...@domain.tld into the mail attribute.
>>>>>>
>>>>>> It seems that Kolab assumes that mail is a single valued attribute in
>>>>>> the
>>>>>> directory while in general it is not the case.
>>>>>> So the best would be to use come other attribute for login.
>>>>>>
>>>>>> HTH.
>>>>>>
>>>>>>> 'email:alias' => 'alias',
>>>>>>> 'role' => 'nsroledn',
>>>>>>> ),
>>>>>>> 'sort' => 'displayname',
>>>>>>> 'scope' => 'sub',
>>>>>>> 'filter' => '(objectClass=*)',
>>>>>>> 'fuzzy_search' => true,
>>>>>>> 'sizelimit' => '0',
>>>>>>> 'timelimit' => '0',
>>>>>>> 'groups' => Array(
>>>>>>> 'base_dn' =>
>>>>>>> 'cn=groups,dc=domain,dc=local',
>>>>>>> 'filter' =>
>>>>>>> '(|(objectclass=groupofuniquenames)(objectclass=groupofurls))',
>>>>>>> 'object_classes' => Array('top',
>>>>>>> 'groupOfUniqueNames'),
>>>>>>> 'member_attr' => 'uniqueMember',
>>>>>>> ),
>>>>>>> );
>>>>>>>
>>>>>>>
>>>>>>> // This will overwrite defined filter
>>>>>>> $config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)'
>>>>>>> .
>>>>>>> '(|(uid=%u)(mail=%fu)(alias=%fu)))';
>>>>>>>
>>>>>>> // Use this fields (from fieldmap configuration) to get
>>>>>>> authentication ID
>>>>>>> $config['kolab_auth_login'] = 'email';
>>>>>>>
>>>>>>> // Use this fields (from fieldmap configuration) for default
>>>>>>> identity
>>>>>>> $config['kolab_auth_name'] = 'name';
>>>>>>> $config['kolab_auth_alias'] = 'alias';
>>>>>>> $config['kolab_auth_email'] = 'email';
>>>>>>>
>>>>>>> if (preg_match('/\/helpdesk-login\//',
>>>>>>> $_SERVER["REQUEST_URI"]) )
>>>>>>> {
>>>>>>>
>>>>>>> // Login and password of the admin user. Enables "Login
>>>>>>> As"
>>>>>>> feature.
>>>>>>> $config['kolab_auth_admin_login'] = 'admin';
>>>>>>> $config['kolab_auth_admin_password'] = 'xxxxxx';
>>>>>>>
>>>>>>> $config['kolab_auth_auditlog'] = true;
>>>>>>> }
>>>>>>>
>>>>>>> // Administrative role field (from fieldmap configuration)
>>>>>>> which
>>>>>>> must be filled with
>>>>>>> // specified value which adds privilege to login as another
>>>>>>> user.
>>>>>>> $config['kolab_auth_role'] = 'role';
>>>>>>> $config['kolab_auth_role_value'] =
>>>>>>> 'cn=kolab-admin,dc=domain,dc=local';
>>>>>>>
>>>>>>> // Administrative group name to which user must be assigned to
>>>>>>> // which adds privilege to login as another user.
>>>>>>> $config['kolab_auth_group'] = 'Kolab Helpdesk';
>>>>>>>
>>>>>>> if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"]
>>>>>>> .
>>>>>>> '/' . basename(__FILE__))) {
>>>>>>> include_once(RCUBE_CONFIG_DIR . '/' .
>>>>>>> $_SERVER["HTTP_HOST"] .
>>>>>>> '/' . basename(__FILE__));
>>>>>>> }
>>>>>>>
>>>>>>> ?>
>>>>>>>
>>>>>>> Does this help you some ?
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Thank you,
>>>>>> Dmitri Pal
>>>>>>
>>>>>> Sr. Engineering Manager IdM portfolio
>>>>>> Red Hat, Inc.
>>>>>>
>>>>
>>>> --
>>>> Thank you,
>>>> Dmitri Pal
>>>>
>>>> Sr. Engineering Manager IdM portfolio
>>>> Red Hat, Inc.
>>>>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
