Re: [SOGo] Re: Multiple mail fields in LDAP

2015-10-06 Thread Marc Patermann 

Sven,

Am 06.10.2015 um 14:02 Uhr schrieb Sven Schwedas:

On 2015-10-06 12:44, Marc Patermann wrote:

Am 05.10.2015 um 22:34 Uhr schrieb Alain Abbas:

The way to handle that is definitively 1 attribute for the mail
(unique) and not multivalued

you are ignoring that the LDAP directory may be not single only be
 there for one application like SOGo. mail is a multivalued
attribute by default in the standard schema. So we have to deal
with that.


It's multivalued in *a* standard schema. SOGo also has to work with
single-valued ActiveDirectory setups, which are anything but rare.

Is there another internet standard definition other than:
https://tools.ietf.org/html/rfc4524#section-2.16

I hope we agree on Active Directory is not LDAP, but like LDAP.


(UCS did do the same thing too even back when they were using
Kolab/OpenLDAP, FYI. And probably others.)

Other vendor specific implementation which mirror the Microsoft specific
AD implementation are a thing to deal with too, right.


So *if* we get multi-value support in SOGo/Thunderbird (good luck
getting anything done in Thunderbird…),

The LDAP feature in Thunderbird are a thing of its own … :(


we'd need to be able to configure a secondary, multi-valued email
attribute. Make it default to `mail` so it'll work with OpenLDAP if
you want, but that'd allow compatibility with AD, too.


and another attribute for the alias (alias, proxyaddress) a name
something like that in your transport configuration in postfix
you have to make your LDAP filter to search for the mail in mail
 attribute or to alias attribute.


Which is a two-line change, FYI.

Which is a two-line configuration change in postfix.


IMHO this seems a bit like: "Here this solves this problem. Oh, I
does create others? Not my problem."


Why, yes, if you modify the LDAP scheme, you'll have to make sure
your programs understand the scheme. What surprising news.

Which brings me back to my starting point: if the LDAP is the core
directory of a complex infrastructure you have a lot of programs to change.


Marc
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Re: Multiple mail fields in LDAP

2015-10-06 Thread Sven Schwedas 
On 2015-10-06 16:14, Marc Patermann wrote:
> Am 06.10.2015 um 14:02 Uhr schrieb Sven Schwedas:
>> On 2015-10-06 12:44, Marc Patermann wrote:
>>> Am 05.10.2015 um 22:34 Uhr schrieb Alain Abbas:
 The way to handle that is definitively 1 attribute for the mail
 (unique) and not multivalued
>>> you are ignoring that the LDAP directory may be not single only be
>>>  there for one application like SOGo. mail is a multivalued
>>> attribute by default in the standard schema. So we have to deal
>>> with that.
>>
>> It's multivalued in *a* standard schema. SOGo also has to work with
>> single-valued ActiveDirectory setups, which are anything but rare.
> Is there another internet standard definition other than:
> https://tools.ietf.org/html/rfc4524#section-2.16

There's a non-standard definition that happens to be used rather often:

https://msdn.microsoft.com/en-us/library/ms676855%28v=vs.85%29.aspx
https://msdn.microsoft.com/en-us/library/ms679424%28v=vs.85%29.aspx

I know this must be difficult for a public servant, but standard
definitions don't matter that much when they're not adhered to. :-)

> I hope we agree on Active Directory is not LDAP, but like LDAP.

It contains a fully-featured LDAP implementation (…among other things).
It happens to have a different core schema from 389DS/OpenLDAP, but that
does not make it "not LDAP". Neither SOGo nor any other software project
draw that distinction between them.

>> (UCS did do the same thing too even back when they were using
>> Kolab/OpenLDAP, FYI. And probably others.)
> Other vendor specific implementation which mirror the Microsoft specific
> AD implementation are a thing to deal with too, right.

Like Samba 4, which is the recommended default setup for SOGo. Are you
really going to argue that SOGo shouldn't support that…?


-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwe...@tao.at | +43 (0)680 301 7167
http://software.tao.at



signature.asc
Description: OpenPGP digital signature

Re: [SOGo] Re: Multiple mail fields in LDAP

2015-10-06 Thread Mathieu Mirmont 
On 05/10/15 22:34, Alain Abbas wrote:
> Hello 
> The way to handle that is definitively 
> 1 attribute for the mail (unique) and not multivalued 
> and another attribute for the alias (alias, proxyaddress) a name
> something like that 

Thanks, that's what I thought. Is there a preferred attribute to use for
mail aliases? Ideally an attribute that Thunderbird/Lightning/SOGo
recognises as such (for transparent rewrites perhaps).

Cheers.

-- 
Mathieu Mirmont 
Lead Software Engineer
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Re: Multiple mail fields in LDAP

2015-10-06 Thread Sven Schwedas 
On 2015-10-06 12:44, Marc Patermann wrote:
> Hi,
> 
> Am 05.10.2015 um 22:34 Uhr schrieb Alain Abbas:
>> The way to handle that is definitively
>> 1 attribute for the mail (unique) and not multivalued
> you are ignoring that the LDAP directory may be not single only be there
> for one application like SOGo.
> mail is a multivalued attribute by default in the standard schema. So we
> have to deal with that.

It's multivalued in *a* standard schema. SOGo also has to work with
single-valued ActiveDirectory setups, which are anything but rare. (UCS
did do the same thing too even back when they were using Kolab/OpenLDAP,
FYI. And probably others.)

So *if* we get multi-value support in SOGo/Thunderbird (good luck
getting anything done in Thunderbird…), we'd need to be able to
configure a secondary, multi-valued email attribute. Make it default to
`mail` so it'll work with OpenLDAP if you want, but that'd allow
compatibility with AD, too.

>> and another attribute for the alias (alias, proxyaddress) a name
>> something like that
>> in your transport configuration in postfix you have to make your LDAP
>> filter to search for the mail
>> in mail attribute or to alias attribute.

Which is a two-line change, FYI.

> IMHO this seems a bit like: "Here this solves this problem. Oh, I does
> create others? Not my problem."

Why, yes, if you modify the LDAP scheme, you'll have to make sure your
programs understand the scheme. What surprising news.

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwe...@tao.at | +43 (0)680 301 7167
http://software.tao.at



signature.asc
Description: OpenPGP digital signature

Re: [SOGo] Re: Multiple mail fields in LDAP

2015-10-06 Thread Marc Patermann 

Hi,

Am 05.10.2015 um 22:34 Uhr schrieb Alain Abbas:

The way to handle that is definitively
1 attribute for the mail (unique) and not multivalued
you are ignoring that the LDAP directory may be not single only be there 
for one application like SOGo.
mail is a multivalued attribute by default in the standard schema. So we 
have to deal with that.



and another attribute for the alias (alias, proxyaddress) a name
something like that
in your transport configuration in postfix you have to make your LDAP
filter to search for the mail
in mail attribute or to alias attribute.
IMHO this seems a bit like: "Here this solves this problem. Oh, I does 
create others? Not my problem."



Marc
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Re: Multiple mail fields in LDAP

2015-10-05 Thread Mathieu Mirmont 
On 05/10/15 15:40, Christian Mack wrote:
> 
> Sorry couldn't find the mozilla bug report, but it is there.

Here's a 13 years old (!) bug that seem to match what you describe:
https://bugzilla.mozilla.org/show_bug.cgi?id=119199

It looks like if compatibility with Thunderbird/Lightning is required,
I'd be better off considering the mail attribute to be single-valued and
move mail aliases to other attributes (mozillaSecondEmail?).

How do you guys generally handle email aliases?

-- 
Mathieu Mirmont 
Lead Software Engineer
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Re: Multiple mail fields in LDAP

2015-10-05 Thread Alain Abbas 

Hello 
The way to handle that is definitively 
1 attribute for the mail (unique) and not multivalued 
and another attribute for the alias (alias, proxyaddress) a name something like 
that 
in your transport configuration in postfix you have to make your LDAP filter to 
search for the mail 
in mail attribute or to alias attribute. 

Regards 



Le Lundi 5 Octobre 2015 19:33 CEST, Mathieu Mirmont  a 
écrit:
 On 05/10/15 15:40, Christian Mack wrote:
>
> Sorry couldn't find the mozilla bug report, but it is there.

Here's a 13 years old (!) bug that seem to match what you describe:
https://bugzilla.mozilla.org/show_bug.cgi?id=119199

It looks like if compatibility with Thunderbird/Lightning is required,
I'd be better off considering the mail attribute to be single-valued and
move mail aliases to other attributes (mozillaSecondEmail?).

How do you guys generally handle email aliases?

--
Mathieu Mirmont 
Lead Software Engineer
--
users@sogo.nu
https://inverse.ca/sogo/lists
--
Alain Abbas
11 rue Robert Schumann
54500 Vandoeuvre
Tel : +333 83 18 02 70
skype: alain.abbas
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Re: Multiple mail fields in LDAP

2015-10-05 Thread Sven Schwedas 
On 2015-10-05 14:12, Mathieu Mirmont wrote:
> Anyone? Should I file a bug report? Is it a bug?

The mail field is supposed to be single-valued, I don't think it's a bug
in SOGo if you break your LDAP scheme on purpose.

(Exchange e.g. adds the multi-valued proxyAddresses attribute for this
purpose, and other groupware solutions use similar named ones. None, to
my knowledge, tries to make the main mail attribute multi-valued.)

> 
> 
> On 24/09/15 16:16, Mathieu Mirmont wrote:
>> Hi everyone,
>>
>> I use SOGo with an LDAP user database and my users have multiple "mail"
>> fields for email aliases. The first email address listed in LDAP is
>> always the canonical one, the one that should be used everywhere, and
>> the one that matches their LDAP uid. Generally the canonical mail
>> address is firstn...@company.com and aliases can be anything but often
>> firstname.surn...@company.com or f.surn...@company.com for convenience.
>>
>> This causes problems with SOGo. I have the feeling that sogo reads all
>> mail fields from the LDAP database, and then does an strcmp() on all of
>> them to  select which one to use. With my setup it systematically  picks
>> the one with a dot as second character instead of the first entry.
>>
>> Can I change this behaviour? I'm fine with recompiling SOGo if  necessary.
>>
>> Here's an example scenario where this behaviour is problematic:
>>
>> - In Thunderbird/Lightning the email address that is registered with my
>> calendar is my canonical email address: firstn...@company.com
>>
>> - I create an event on Thunderbird and click "Invite Attendees". There
>> my email address isn't my canonical email address but one of my email
>> aliases: f.surn...@company.com and I cannot change it (greyed out).
>>
>> - I invite attendees to my event, using their canonical email addresses
>> firstn...@company.com. They receive the invitation, accept it, and send
>> the confirmation email back.
>>
>> - The confirmation email comes from their canonical email address (the
>> From: field of the email), but the content of the email refers to them
>> using one of their email aliases (f.surn...@company.com).
>>
>> - Thunderbird says "This message contains an update to an existing
>> event". If I click the "Update" button, the event gets populated with a
>> new attendee, using the attendee's email alias.
>>
>> - As a result I get double the number of attendees to my event, half of
>> them with their canonical email address and without confirmation, and
>> the other half with an email alias.
>>
>> Cheers,
> 
> 

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwe...@tao.at | +43 (0)680 301 7167
http://software.tao.at



signature.asc
Description: OpenPGP digital signature

[SOGo] Re: Multiple mail fields in LDAP

2015-10-05 Thread Mathieu Mirmont 
Anyone? Should I file a bug report? Is it a bug?


On 24/09/15 16:16, Mathieu Mirmont wrote:
> Hi everyone,
> 
> I use SOGo with an LDAP user database and my users have multiple "mail"
> fields for email aliases. The first email address listed in LDAP is
> always the canonical one, the one that should be used everywhere, and
> the one that matches their LDAP uid. Generally the canonical mail
> address is firstn...@company.com and aliases can be anything but often
> firstname.surn...@company.com or f.surn...@company.com for convenience.
> 
> This causes problems with SOGo. I have the feeling that sogo reads all
> mail fields from the LDAP database, and then does an strcmp() on all of
> them to  select which one to use. With my setup it systematically  picks
> the one with a dot as second character instead of the first entry.
> 
> Can I change this behaviour? I'm fine with recompiling SOGo if  necessary.
> 
> Here's an example scenario where this behaviour is problematic:
> 
> - In Thunderbird/Lightning the email address that is registered with my
> calendar is my canonical email address: firstn...@company.com
> 
> - I create an event on Thunderbird and click "Invite Attendees". There
> my email address isn't my canonical email address but one of my email
> aliases: f.surn...@company.com and I cannot change it (greyed out).
> 
> - I invite attendees to my event, using their canonical email addresses
> firstn...@company.com. They receive the invitation, accept it, and send
> the confirmation email back.
> 
> - The confirmation email comes from their canonical email address (the
> From: field of the email), but the content of the email refers to them
> using one of their email aliases (f.surn...@company.com).
> 
> - Thunderbird says "This message contains an update to an existing
> event". If I click the "Update" button, the event gets populated with a
> new attendee, using the attendee's email alias.
> 
> - As a result I get double the number of attendees to my event, half of
> them with their canonical email address and without confirmation, and
> the other half with an email alias.
> 
> Cheers,


-- 
Mathieu Mirmont 

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Re: Multiple mail fields in LDAP

2015-10-05 Thread Christian Mack 
Hello

Am 05.10.2015 um 14:23 schrieb Sven Schwedas:
> On 2015-10-05 14:12, Mathieu Mirmont wrote:
>> Anyone? Should I file a bug report? Is it a bug?
> 
> The mail field is supposed to be single-valued, I don't think it's a bug
> in SOGo if you break your LDAP scheme on purpose.
> 
> (Exchange e.g. adds the multi-valued proxyAddresses attribute for this
> purpose, and other groupware solutions use similar named ones. None, to
> my knowledge, tries to make the main mail attribute multi-valued.)
> 

You are wrong.
Attribute mail is multivalued, and is used as such.

This bug is already known, and it is a Thunderbird/Lightning bug, as it
always uses the last email address it gets for a user, instead of the
registered one.
As LDAP has no means of sorting multi value attributes, you almost
always get the wrong one.
It should use the registered one and the one used in the event.


Kind regards,
Christian Mack

PS:
Sorry couldn't find the mozilla bug report, but it is there.


>>
>>
>> On 24/09/15 16:16, Mathieu Mirmont wrote:
>>> Hi everyone,
>>>
>>> I use SOGo with an LDAP user database and my users have multiple "mail"
>>> fields for email aliases. The first email address listed in LDAP is
>>> always the canonical one, the one that should be used everywhere, and
>>> the one that matches their LDAP uid. Generally the canonical mail
>>> address is firstn...@company.com and aliases can be anything but often
>>> firstname.surn...@company.com or f.surn...@company.com for convenience.
>>>
>>> This causes problems with SOGo. I have the feeling that sogo reads all
>>> mail fields from the LDAP database, and then does an strcmp() on all of
>>> them to  select which one to use. With my setup it systematically  picks
>>> the one with a dot as second character instead of the first entry.
>>>
>>> Can I change this behaviour? I'm fine with recompiling SOGo if  necessary.
>>>
>>> Here's an example scenario where this behaviour is problematic:
>>>
>>> - In Thunderbird/Lightning the email address that is registered with my
>>> calendar is my canonical email address: firstn...@company.com
>>>
>>> - I create an event on Thunderbird and click "Invite Attendees". There
>>> my email address isn't my canonical email address but one of my email
>>> aliases: f.surn...@company.com and I cannot change it (greyed out).
>>>
>>> - I invite attendees to my event, using their canonical email addresses
>>> firstn...@company.com. They receive the invitation, accept it, and send
>>> the confirmation email back.
>>>
>>> - The confirmation email comes from their canonical email address (the
>>> From: field of the email), but the content of the email refers to them
>>> using one of their email aliases (f.surn...@company.com).
>>>
>>> - Thunderbird says "This message contains an update to an existing
>>> event". If I click the "Update" button, the event gets populated with a
>>> new attendee, using the attendee's email alias.
>>>
>>> - As a result I get double the number of attendees to my event, half of
>>> them with their canonical email address and without confirmation, and
>>> the other half with an email alias.
>>>
>>> Cheers,
>>
>>
> 


-- 
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung Basisdienste
78457 Konstanz
+49 7531 88-4416



smime.p7s
Description: S/MIME Cryptographic Signature

Re: [SOGo] Re: Multiple mail fields in LDAP

2015-10-05 Thread Mathieu Mirmont 
On 05/10/15 14:23, Sven Schwedas wrote:
> On 2015-10-05 14:12, Mathieu Mirmont wrote:
>> Anyone? Should I file a bug report? Is it a bug?
> 
> The mail field is supposed to be single-valued, I don't think it's a bug
> in SOGo if you break your LDAP scheme on purpose.
> 
> (Exchange e.g. adds the multi-valued proxyAddresses attribute for this
> purpose, and other groupware solutions use similar named ones. None, to
> my knowledge, tries to make the main mail attribute multi-valued.)

Ah, thanks a lot, I totally missed that detail in my LDAP scheme.
Sorry for the noise.

-- 
Mathieu Mirmont 

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Re: Multiple mail fields in LDAP

2015-10-05 Thread Rowland Penny 

On 05/10/15 14:40, Christian Mack wrote:

Hello

Am 05.10.2015 um 14:23 schrieb Sven Schwedas:

On 2015-10-05 14:12, Mathieu Mirmont wrote:

Anyone? Should I file a bug report? Is it a bug?

The mail field is supposed to be single-valued, I don't think it's a bug
in SOGo if you break your LDAP scheme on purpose.

(Exchange e.g. adds the multi-valued proxyAddresses attribute for this
purpose, and other groupware solutions use similar named ones. None, to
my knowledge, tries to make the main mail attribute multi-valued.)


You are wrong.
Attribute mail is multivalued, and is used as such.


You are both correct, but only depending on your point of view :-)
If your point of view is from AD i.e. Exchange, then 'mail' is single 
valued

If your point of view is from LDAP, then 'mail' is multi-valued

Rowland



This bug is already known, and it is a Thunderbird/Lightning bug, as it
always uses the last email address it gets for a user, instead of the
registered one.
As LDAP has no means of sorting multi value attributes, you almost
always get the wrong one.
It should use the registered one and the one used in the event.




--
users@sogo.nu
https://inverse.ca/sogo/lists