Hi,

OK got it working by changing the mailadres to u...@domain.tld

Actually no IPA question, but you might know, my email is not
delivered in one file /var/mail/uid instead of the maildir format it
should do.

At least it arrives well! Thanks

2014-11-22 2:23 GMT+01:00 Matt . <yamakasi....@gmail.com>:
> Hi that wasn't quite clear from me, yes I can login thanks for that!
>
> But now I get an error on the associated domain:
>
> postmap: dict_ldap_connect: Cached connection handle for LDAP source
> /etc/postfix/ldap/mydestination.cf
> postmap: dict_ldap_lookup: /etc/postfix/ldap/mydestination.cf:
> Searching with filter (&(associatedDomain=u...@domain.tld))
> postmap: dict_ldap_get_values[1]: Search found 0 match(es)
> postmap: dict_ldap_get_values[1]: Leaving dict_ldap_get_values
> postmap: dict_ldap_lookup: Search returned nothing
> postmap: dict_ldap_close: Closed connection handle for LDAP source
> /etc/postfix/ldap/mydestination.cf
>
> But when I do a postmap check on this cf with domain.tld that gives a
> match, as it should...
>
> So that might need some modification ?
>
> 2014-11-22 2:14 GMT+01:00 Dmitri Pal <d...@redhat.com>:
>> On 11/21/2014 07:57 PM, Matt . wrote:
>>>
>>> I need to say, saslauth caches it, didn't restart that one actually as
>>> it's kinda late!
>>
>>
>> So when you restarted did it work or still no luck?
>>
>>
>>>
>>> 2014-11-22 1:55 GMT+01:00 Matt . <yamakasi....@gmail.com>:
>>>>
>>>> HI,
>>>>
>>>> Yes and that doesn't let me login... that's the issue.
>>>>
>>>> 2014-11-22 1:45 GMT+01:00 Dmitri Pal <d...@redhat.com>:
>>>>>
>>>>> On 11/21/2014 07:12 PM, Matt . wrote:
>>>>>>
>>>>>> HI Dimitri,
>>>>>>
>>>>>> Thanks, but it seems following the kolab devs that if kolab cannot
>>>>>> determine the base dn, the other two do not matter.
>>>>>>
>>>>>> So what would you change exactly ?
>>>>>
>>>>>
>>>>> I assume you use IPA as an LDAP server.
>>>>> In the Kolab config I would change
>>>>>
>>>>>                   'email'             => 'mail',
>>>>>
>>>>> to
>>>>>
>>>>>                   'email'             => 'uid',
>>>>>
>>>>>
>>>>> In IPA I would use "name" in the uid and name@domain in email (as IPA
>>>>> creates) by default.
>>>>> and then try to log into Kolab using name.
>>>>>
>>>>> So for me it would look like this:
>>>>>
>>>>> In ipa:
>>>>> uid: dpal
>>>>> mail: d...@mydomain.com
>>>>>
>>>>>
>>>>>> There might be need changed more.
>>>>>>
>>>>>> I hope we can get this fixed !
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Matt
>>>>>>
>>>>>> 2014-11-22 0:51 GMT+01:00 Dmitri Pal <d...@redhat.com>:
>>>>>>>
>>>>>>> On 11/21/2014 06:42 PM, Matt . wrote:
>>>>>>>>
>>>>>>>> Hi Dimitri,
>>>>>>>>
>>>>>>>> All I can say about that is that it's configured and uses ldap this
>>>>>>>> this added to ldap:
>>>>>>>>
>>>>>>>> [root@kolab roundcubemail]# ldapsearch -x -h localhost -D
>>>>>>>> "cn=Directory Manager" -w Welcome2KolabSystems -b
>>>>>>>> "cn=kolab,cn=config"
>>>>>>>> # extended LDIF
>>>>>>>> #
>>>>>>>> # LDAPv3
>>>>>>>> # base <cn=kolab,cn=config> with scope subtree
>>>>>>>> # filter: (objectclass=*)
>>>>>>>> # requesting: ALL
>>>>>>>> #
>>>>>>>>
>>>>>>>> # kolab, config
>>>>>>>> dn: cn=kolab,cn=config
>>>>>>>> objectClass: top
>>>>>>>> objectClass: extensibleobject
>>>>>>>> cn: kolab
>>>>>>>>
>>>>>>>> # example.org, kolab, config
>>>>>>>> dn: associateddomain=example.org,cn=kolab,cn=config
>>>>>>>> objectClass: top
>>>>>>>> objectClass: domainrelatedobject
>>>>>>>> objectClass: inetdomain
>>>>>>>> associatedDomain: example.org
>>>>>>>> associatedDomain: dc=internal,dc=local
>>>>>>>> inetDomainBaseDN: dc=internal,dc=local
>>>>>>>>
>>>>>>>> # search result
>>>>>>>> search: 2
>>>>>>>> result: 0 Success
>>>>>>>>
>>>>>>>> # numResponses: 3
>>>>>>>> # numEntries: 2
>>>>>>>>
>>>>>>>>
>>>>>>>> kolab_auth.inc.php
>>>>>>>>
>>>>>>>> <?php
>>>>>>>>
>>>>>>>>        // The id of the LDAP address book (which refers to the
>>>>>>>> rcmail_config['ldap_public'])
>>>>>>>>        // or complete addressbook definition array.
>>>>>>>>        $config['kolab_auth_addressbook'] = Array(
>>>>>>>>            'name'                      => 'Kolab Auth',
>>>>>>>>            'hosts'                     => Array('172.16.xx.xx'),
>>>>>>>>            'port'                      => 389,
>>>>>>>>            'use_tls'                   => false,
>>>>>>>>            'user_specific'             => false,
>>>>>>>>            'base_dn'                   =>
>>>>>>>> 'cn=accounts,dc=domain,dc=local',
>>>>>>>>            'bind_dn'                   =>
>>>>>>>> 'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
>>>>>>>>            'bind_pass'                 => 'xxxxxx',
>>>>>>>>            'writable'                  => false,
>>>>>>>>            'ldap_version'              => 3,       // using LDAPv3
>>>>>>>>            'fieldmap'                  => Array(
>>>>>>>>                    'name'              => 'displayname',
>>>>>>>>                    'email'             => 'mail',
>>>>>>>
>>>>>>>
>>>>>>> Here you can use uid instead of mail.
>>>>>>> Then user will be able to login into Kolab with a simple name instead
>>>>>>> of
>>>>>>> the
>>>>>>> longer mail.
>>>>>>> Then you would be able to put n...@domain.tld into the mail attribute.
>>>>>>>
>>>>>>> It seems that Kolab assumes that mail is a single valued attribute in
>>>>>>> the
>>>>>>> directory while in general it is not the case.
>>>>>>> So the best would be to use come other attribute for login.
>>>>>>>
>>>>>>> HTH.
>>>>>>>
>>>>>>>>                    'email:alias'       => 'alias',
>>>>>>>>                    'role'              => 'nsroledn',
>>>>>>>>                ),
>>>>>>>>            'sort'                      => 'displayname',
>>>>>>>>            'scope'                     => 'sub',
>>>>>>>>            'filter'                    => '(objectClass=*)',
>>>>>>>>            'fuzzy_search'              => true,
>>>>>>>>            'sizelimit'                 => '0',
>>>>>>>>            'timelimit'                 => '0',
>>>>>>>>            'groups'                    => Array(
>>>>>>>>                    'base_dn'           =>
>>>>>>>> 'cn=groups,dc=domain,dc=local',
>>>>>>>>                    'filter'            =>
>>>>>>>> '(|(objectclass=groupofuniquenames)(objectclass=groupofurls))',
>>>>>>>>                    'object_classes'    => Array('top',
>>>>>>>> 'groupOfUniqueNames'),
>>>>>>>>                    'member_attr'       => 'uniqueMember',
>>>>>>>>                ),
>>>>>>>>        );
>>>>>>>>
>>>>>>>>
>>>>>>>>        // This will overwrite defined filter
>>>>>>>>        $config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)'
>>>>>>>> .
>>>>>>>> '(|(uid=%u)(mail=%fu)(alias=%fu)))';
>>>>>>>>
>>>>>>>>        // Use this fields (from fieldmap configuration) to get
>>>>>>>> authentication ID
>>>>>>>>        $config['kolab_auth_login'] = 'email';
>>>>>>>>
>>>>>>>>        // Use this fields (from fieldmap configuration) for default
>>>>>>>> identity
>>>>>>>>        $config['kolab_auth_name']  = 'name';
>>>>>>>>        $config['kolab_auth_alias'] = 'alias';
>>>>>>>>        $config['kolab_auth_email'] = 'email';
>>>>>>>>
>>>>>>>>        if (preg_match('/\/helpdesk-login\//',
>>>>>>>> $_SERVER["REQUEST_URI"]) )
>>>>>>>> {
>>>>>>>>
>>>>>>>>            // Login and password of the admin user. Enables "Login
>>>>>>>> As"
>>>>>>>> feature.
>>>>>>>>            $config['kolab_auth_admin_login']    = 'admin';
>>>>>>>>            $config['kolab_auth_admin_password'] = 'xxxxxx';
>>>>>>>>
>>>>>>>>            $config['kolab_auth_auditlog'] = true;
>>>>>>>>        }
>>>>>>>>
>>>>>>>>        // Administrative role field (from fieldmap configuration)
>>>>>>>> which
>>>>>>>> must be filled with
>>>>>>>>        // specified value which adds privilege to login as another
>>>>>>>> user.
>>>>>>>>        $config['kolab_auth_role']       = 'role';
>>>>>>>>        $config['kolab_auth_role_value'] =
>>>>>>>> 'cn=kolab-admin,dc=domain,dc=local';
>>>>>>>>
>>>>>>>>        // Administrative group name to which user must be assigned to
>>>>>>>>        // which adds privilege to login as another user.
>>>>>>>>        $config['kolab_auth_group'] = 'Kolab Helpdesk';
>>>>>>>>
>>>>>>>>        if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"]
>>>>>>>> .
>>>>>>>> '/' . basename(__FILE__))) {
>>>>>>>>            include_once(RCUBE_CONFIG_DIR . '/' .
>>>>>>>> $_SERVER["HTTP_HOST"] .
>>>>>>>> '/' . basename(__FILE__));
>>>>>>>>        }
>>>>>>>>
>>>>>>>> ?>
>>>>>>>>
>>>>>>>> Does this help you some ?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Thank you,
>>>>>>> Dmitri Pal
>>>>>>>
>>>>>>> Sr. Engineering Manager IdM portfolio
>>>>>>> Red Hat, Inc.
>>>>>>>
>>>>>
>>>>> --
>>>>> Thank you,
>>>>> Dmitri Pal
>>>>>
>>>>> Sr. Engineering Manager IdM portfolio
>>>>> Red Hat, Inc.
>>>>>
>>
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>>

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to