Hi, OK got it working by changing the mailadres to [email protected]
Actually no IPA question, but you might know, my email is not delivered in one file /var/mail/uid instead of the maildir format it should do. At least it arrives well! Thanks 2014-11-22 2:23 GMT+01:00 Matt . <[email protected]>: > Hi that wasn't quite clear from me, yes I can login thanks for that! > > But now I get an error on the associated domain: > > postmap: dict_ldap_connect: Cached connection handle for LDAP source > /etc/postfix/ldap/mydestination.cf > postmap: dict_ldap_lookup: /etc/postfix/ldap/mydestination.cf: > Searching with filter (&([email protected])) > postmap: dict_ldap_get_values[1]: Search found 0 match(es) > postmap: dict_ldap_get_values[1]: Leaving dict_ldap_get_values > postmap: dict_ldap_lookup: Search returned nothing > postmap: dict_ldap_close: Closed connection handle for LDAP source > /etc/postfix/ldap/mydestination.cf > > But when I do a postmap check on this cf with domain.tld that gives a > match, as it should... > > So that might need some modification ? > > 2014-11-22 2:14 GMT+01:00 Dmitri Pal <[email protected]>: >> On 11/21/2014 07:57 PM, Matt . wrote: >>> >>> I need to say, saslauth caches it, didn't restart that one actually as >>> it's kinda late! >> >> >> So when you restarted did it work or still no luck? >> >> >>> >>> 2014-11-22 1:55 GMT+01:00 Matt . <[email protected]>: >>>> >>>> HI, >>>> >>>> Yes and that doesn't let me login... that's the issue. >>>> >>>> 2014-11-22 1:45 GMT+01:00 Dmitri Pal <[email protected]>: >>>>> >>>>> On 11/21/2014 07:12 PM, Matt . wrote: >>>>>> >>>>>> HI Dimitri, >>>>>> >>>>>> Thanks, but it seems following the kolab devs that if kolab cannot >>>>>> determine the base dn, the other two do not matter. >>>>>> >>>>>> So what would you change exactly ? >>>>> >>>>> >>>>> I assume you use IPA as an LDAP server. >>>>> In the Kolab config I would change >>>>> >>>>> 'email' => 'mail', >>>>> >>>>> to >>>>> >>>>> 'email' => 'uid', >>>>> >>>>> >>>>> In IPA I would use "name" in the uid and name@domain in email (as IPA >>>>> creates) by default. >>>>> and then try to log into Kolab using name. >>>>> >>>>> So for me it would look like this: >>>>> >>>>> In ipa: >>>>> uid: dpal >>>>> mail: [email protected] >>>>> >>>>> >>>>>> There might be need changed more. >>>>>> >>>>>> I hope we can get this fixed ! >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Matt >>>>>> >>>>>> 2014-11-22 0:51 GMT+01:00 Dmitri Pal <[email protected]>: >>>>>>> >>>>>>> On 11/21/2014 06:42 PM, Matt . wrote: >>>>>>>> >>>>>>>> Hi Dimitri, >>>>>>>> >>>>>>>> All I can say about that is that it's configured and uses ldap this >>>>>>>> this added to ldap: >>>>>>>> >>>>>>>> [root@kolab roundcubemail]# ldapsearch -x -h localhost -D >>>>>>>> "cn=Directory Manager" -w Welcome2KolabSystems -b >>>>>>>> "cn=kolab,cn=config" >>>>>>>> # extended LDIF >>>>>>>> # >>>>>>>> # LDAPv3 >>>>>>>> # base <cn=kolab,cn=config> with scope subtree >>>>>>>> # filter: (objectclass=*) >>>>>>>> # requesting: ALL >>>>>>>> # >>>>>>>> >>>>>>>> # kolab, config >>>>>>>> dn: cn=kolab,cn=config >>>>>>>> objectClass: top >>>>>>>> objectClass: extensibleobject >>>>>>>> cn: kolab >>>>>>>> >>>>>>>> # example.org, kolab, config >>>>>>>> dn: associateddomain=example.org,cn=kolab,cn=config >>>>>>>> objectClass: top >>>>>>>> objectClass: domainrelatedobject >>>>>>>> objectClass: inetdomain >>>>>>>> associatedDomain: example.org >>>>>>>> associatedDomain: dc=internal,dc=local >>>>>>>> inetDomainBaseDN: dc=internal,dc=local >>>>>>>> >>>>>>>> # search result >>>>>>>> search: 2 >>>>>>>> result: 0 Success >>>>>>>> >>>>>>>> # numResponses: 3 >>>>>>>> # numEntries: 2 >>>>>>>> >>>>>>>> >>>>>>>> kolab_auth.inc.php >>>>>>>> >>>>>>>> <?php >>>>>>>> >>>>>>>> // The id of the LDAP address book (which refers to the >>>>>>>> rcmail_config['ldap_public']) >>>>>>>> // or complete addressbook definition array. >>>>>>>> $config['kolab_auth_addressbook'] = Array( >>>>>>>> 'name' => 'Kolab Auth', >>>>>>>> 'hosts' => Array('172.16.xx.xx'), >>>>>>>> 'port' => 389, >>>>>>>> 'use_tls' => false, >>>>>>>> 'user_specific' => false, >>>>>>>> 'base_dn' => >>>>>>>> 'cn=accounts,dc=domain,dc=local', >>>>>>>> 'bind_dn' => >>>>>>>> 'uid=admin,cn=users,cn=accounts,dc=domain,dc=local', >>>>>>>> 'bind_pass' => 'xxxxxx', >>>>>>>> 'writable' => false, >>>>>>>> 'ldap_version' => 3, // using LDAPv3 >>>>>>>> 'fieldmap' => Array( >>>>>>>> 'name' => 'displayname', >>>>>>>> 'email' => 'mail', >>>>>>> >>>>>>> >>>>>>> Here you can use uid instead of mail. >>>>>>> Then user will be able to login into Kolab with a simple name instead >>>>>>> of >>>>>>> the >>>>>>> longer mail. >>>>>>> Then you would be able to put [email protected] into the mail attribute. >>>>>>> >>>>>>> It seems that Kolab assumes that mail is a single valued attribute in >>>>>>> the >>>>>>> directory while in general it is not the case. >>>>>>> So the best would be to use come other attribute for login. >>>>>>> >>>>>>> HTH. >>>>>>> >>>>>>>> 'email:alias' => 'alias', >>>>>>>> 'role' => 'nsroledn', >>>>>>>> ), >>>>>>>> 'sort' => 'displayname', >>>>>>>> 'scope' => 'sub', >>>>>>>> 'filter' => '(objectClass=*)', >>>>>>>> 'fuzzy_search' => true, >>>>>>>> 'sizelimit' => '0', >>>>>>>> 'timelimit' => '0', >>>>>>>> 'groups' => Array( >>>>>>>> 'base_dn' => >>>>>>>> 'cn=groups,dc=domain,dc=local', >>>>>>>> 'filter' => >>>>>>>> '(|(objectclass=groupofuniquenames)(objectclass=groupofurls))', >>>>>>>> 'object_classes' => Array('top', >>>>>>>> 'groupOfUniqueNames'), >>>>>>>> 'member_attr' => 'uniqueMember', >>>>>>>> ), >>>>>>>> ); >>>>>>>> >>>>>>>> >>>>>>>> // This will overwrite defined filter >>>>>>>> $config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' >>>>>>>> . >>>>>>>> '(|(uid=%u)(mail=%fu)(alias=%fu)))'; >>>>>>>> >>>>>>>> // Use this fields (from fieldmap configuration) to get >>>>>>>> authentication ID >>>>>>>> $config['kolab_auth_login'] = 'email'; >>>>>>>> >>>>>>>> // Use this fields (from fieldmap configuration) for default >>>>>>>> identity >>>>>>>> $config['kolab_auth_name'] = 'name'; >>>>>>>> $config['kolab_auth_alias'] = 'alias'; >>>>>>>> $config['kolab_auth_email'] = 'email'; >>>>>>>> >>>>>>>> if (preg_match('/\/helpdesk-login\//', >>>>>>>> $_SERVER["REQUEST_URI"]) ) >>>>>>>> { >>>>>>>> >>>>>>>> // Login and password of the admin user. Enables "Login >>>>>>>> As" >>>>>>>> feature. >>>>>>>> $config['kolab_auth_admin_login'] = 'admin'; >>>>>>>> $config['kolab_auth_admin_password'] = 'xxxxxx'; >>>>>>>> >>>>>>>> $config['kolab_auth_auditlog'] = true; >>>>>>>> } >>>>>>>> >>>>>>>> // Administrative role field (from fieldmap configuration) >>>>>>>> which >>>>>>>> must be filled with >>>>>>>> // specified value which adds privilege to login as another >>>>>>>> user. >>>>>>>> $config['kolab_auth_role'] = 'role'; >>>>>>>> $config['kolab_auth_role_value'] = >>>>>>>> 'cn=kolab-admin,dc=domain,dc=local'; >>>>>>>> >>>>>>>> // Administrative group name to which user must be assigned to >>>>>>>> // which adds privilege to login as another user. >>>>>>>> $config['kolab_auth_group'] = 'Kolab Helpdesk'; >>>>>>>> >>>>>>>> if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] >>>>>>>> . >>>>>>>> '/' . basename(__FILE__))) { >>>>>>>> include_once(RCUBE_CONFIG_DIR . '/' . >>>>>>>> $_SERVER["HTTP_HOST"] . >>>>>>>> '/' . basename(__FILE__)); >>>>>>>> } >>>>>>>> >>>>>>>> ?> >>>>>>>> >>>>>>>> Does this help you some ? >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Thank you, >>>>>>> Dmitri Pal >>>>>>> >>>>>>> Sr. Engineering Manager IdM portfolio >>>>>>> Red Hat, Inc. >>>>>>> >>>>> >>>>> -- >>>>> Thank you, >>>>> Dmitri Pal >>>>> >>>>> Sr. Engineering Manager IdM portfolio >>>>> Red Hat, Inc. >>>>> >> >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager IdM portfolio >> Red Hat, Inc. >> -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
