Re: [Freeipa-users] Primary mail address possible ?
Hi,
OK got it working by changing the mailadres to u...@domain.tld
Actually no IPA question, but you might know, my email is not
delivered in one file /var/mail/uid instead of the maildir format it
should do.
At least it arrives well! Thanks
2014-11-22 2:23 GMT+01:00 Matt . :
> Hi that wasn't quite clear from me, yes I can login thanks for that!
>
> But now I get an error on the associated domain:
>
> postmap: dict_ldap_connect: Cached connection handle for LDAP source
> /etc/postfix/ldap/mydestination.cf
> postmap: dict_ldap_lookup: /etc/postfix/ldap/mydestination.cf:
> Searching with filter (&(associatedDomain=u...@domain.tld))
> postmap: dict_ldap_get_values[1]: Search found 0 match(es)
> postmap: dict_ldap_get_values[1]: Leaving dict_ldap_get_values
> postmap: dict_ldap_lookup: Search returned nothing
> postmap: dict_ldap_close: Closed connection handle for LDAP source
> /etc/postfix/ldap/mydestination.cf
>
> But when I do a postmap check on this cf with domain.tld that gives a
> match, as it should...
>
> So that might need some modification ?
>
> 2014-11-22 2:14 GMT+01:00 Dmitri Pal :
>> On 11/21/2014 07:57 PM, Matt . wrote:
>>>
>>> I need to say, saslauth caches it, didn't restart that one actually as
>>> it's kinda late!
>>
>>
>> So when you restarted did it work or still no luck?
>>
>>
>>>
>>> 2014-11-22 1:55 GMT+01:00 Matt . :
HI,
Yes and that doesn't let me login... that's the issue.
2014-11-22 1:45 GMT+01:00 Dmitri Pal :
>
> On 11/21/2014 07:12 PM, Matt . wrote:
>>
>> HI Dimitri,
>>
>> Thanks, but it seems following the kolab devs that if kolab cannot
>> determine the base dn, the other two do not matter.
>>
>> So what would you change exactly ?
>
>
> I assume you use IPA as an LDAP server.
> In the Kolab config I would change
>
> 'email' => 'mail',
>
> to
>
> 'email' => 'uid',
>
>
> In IPA I would use "name" in the uid and name@domain in email (as IPA
> creates) by default.
> and then try to log into Kolab using name.
>
> So for me it would look like this:
>
> In ipa:
> uid: dpal
> mail: d...@mydomain.com
>
>
>> There might be need changed more.
>>
>> I hope we can get this fixed !
>>
>> Thanks,
>>
>> Matt
>>
>> 2014-11-22 0:51 GMT+01:00 Dmitri Pal :
>>>
>>> On 11/21/2014 06:42 PM, Matt . wrote:
Hi Dimitri,
All I can say about that is that it's configured and uses ldap this
this added to ldap:
[root@kolab roundcubemail]# ldapsearch -x -h localhost -D
"cn=Directory Manager" -w Welcome2KolabSystems -b
"cn=kolab,cn=config"
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# kolab, config
dn: cn=kolab,cn=config
objectClass: top
objectClass: extensibleobject
cn: kolab
# example.org, kolab, config
dn: associateddomain=example.org,cn=kolab,cn=config
objectClass: top
objectClass: domainrelatedobject
objectClass: inetdomain
associatedDomain: example.org
associatedDomain: dc=internal,dc=local
inetDomainBaseDN: dc=internal,dc=local
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
kolab_auth.inc.php
>>>
// The id of the LDAP address book (which refers to the
rcmail_config['ldap_public'])
// or complete addressbook definition array.
$config['kolab_auth_addressbook'] = Array(
'name' => 'Kolab Auth',
'hosts' => Array('172.16.xx.xx'),
'port' => 389,
'use_tls' => false,
'user_specific' => false,
'base_dn' =>
'cn=accounts,dc=domain,dc=local',
'bind_dn' =>
'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
'bind_pass' => 'xx',
'writable' => false,
'ldap_version' => 3, // using LDAPv3
'fieldmap' => Array(
'name' => 'displayname',
'email' => 'mail',
>>>
>>>
>>> Here you can use uid instead of mail.
>>> Then user will be able to login into Kolab with a simple name instead
>>> of
>>> the
>>> longer
Re: [Freeipa-users] Primary mail address possible ?
Hi that wasn't quite clear from me, yes I can login thanks for that!
But now I get an error on the associated domain:
postmap: dict_ldap_connect: Cached connection handle for LDAP source
/etc/postfix/ldap/mydestination.cf
postmap: dict_ldap_lookup: /etc/postfix/ldap/mydestination.cf:
Searching with filter (&(associatedDomain=u...@domain.tld))
postmap: dict_ldap_get_values[1]: Search found 0 match(es)
postmap: dict_ldap_get_values[1]: Leaving dict_ldap_get_values
postmap: dict_ldap_lookup: Search returned nothing
postmap: dict_ldap_close: Closed connection handle for LDAP source
/etc/postfix/ldap/mydestination.cf
But when I do a postmap check on this cf with domain.tld that gives a
match, as it should...
So that might need some modification ?
2014-11-22 2:14 GMT+01:00 Dmitri Pal :
> On 11/21/2014 07:57 PM, Matt . wrote:
>>
>> I need to say, saslauth caches it, didn't restart that one actually as
>> it's kinda late!
>
>
> So when you restarted did it work or still no luck?
>
>
>>
>> 2014-11-22 1:55 GMT+01:00 Matt . :
>>>
>>> HI,
>>>
>>> Yes and that doesn't let me login... that's the issue.
>>>
>>> 2014-11-22 1:45 GMT+01:00 Dmitri Pal :
On 11/21/2014 07:12 PM, Matt . wrote:
>
> HI Dimitri,
>
> Thanks, but it seems following the kolab devs that if kolab cannot
> determine the base dn, the other two do not matter.
>
> So what would you change exactly ?
I assume you use IPA as an LDAP server.
In the Kolab config I would change
'email' => 'mail',
to
'email' => 'uid',
In IPA I would use "name" in the uid and name@domain in email (as IPA
creates) by default.
and then try to log into Kolab using name.
So for me it would look like this:
In ipa:
uid: dpal
mail: d...@mydomain.com
> There might be need changed more.
>
> I hope we can get this fixed !
>
> Thanks,
>
> Matt
>
> 2014-11-22 0:51 GMT+01:00 Dmitri Pal :
>>
>> On 11/21/2014 06:42 PM, Matt . wrote:
>>>
>>> Hi Dimitri,
>>>
>>> All I can say about that is that it's configured and uses ldap this
>>> this added to ldap:
>>>
>>> [root@kolab roundcubemail]# ldapsearch -x -h localhost -D
>>> "cn=Directory Manager" -w Welcome2KolabSystems -b
>>> "cn=kolab,cn=config"
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base with scope subtree
>>> # filter: (objectclass=*)
>>> # requesting: ALL
>>> #
>>>
>>> # kolab, config
>>> dn: cn=kolab,cn=config
>>> objectClass: top
>>> objectClass: extensibleobject
>>> cn: kolab
>>>
>>> # example.org, kolab, config
>>> dn: associateddomain=example.org,cn=kolab,cn=config
>>> objectClass: top
>>> objectClass: domainrelatedobject
>>> objectClass: inetdomain
>>> associatedDomain: example.org
>>> associatedDomain: dc=internal,dc=local
>>> inetDomainBaseDN: dc=internal,dc=local
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> # numResponses: 3
>>> # numEntries: 2
>>>
>>>
>>> kolab_auth.inc.php
>>>
>>> >>
>>>// The id of the LDAP address book (which refers to the
>>> rcmail_config['ldap_public'])
>>>// or complete addressbook definition array.
>>>$config['kolab_auth_addressbook'] = Array(
>>>'name' => 'Kolab Auth',
>>>'hosts' => Array('172.16.xx.xx'),
>>>'port' => 389,
>>>'use_tls' => false,
>>>'user_specific' => false,
>>>'base_dn' =>
>>> 'cn=accounts,dc=domain,dc=local',
>>>'bind_dn' =>
>>> 'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
>>>'bind_pass' => 'xx',
>>>'writable' => false,
>>>'ldap_version' => 3, // using LDAPv3
>>>'fieldmap' => Array(
>>>'name' => 'displayname',
>>>'email' => 'mail',
>>
>>
>> Here you can use uid instead of mail.
>> Then user will be able to login into Kolab with a simple name instead
>> of
>> the
>> longer mail.
>> Then you would be able to put n...@domain.tld into the mail attribute.
>>
>> It seems that Kolab assumes that mail is a single valued attribute in
>> the
>> directory while in general it is not the case.
>> So the best would be to use come other attribute for login.
>>
>> HTH.
>>
>>>'email:alias' => 'alias',
>>>'role' => 'nsroledn',
Re: [Freeipa-users] Primary mail address possible ?
On 11/21/2014 07:57 PM, Matt . wrote:
I need to say, saslauth caches it, didn't restart that one actually as
it's kinda late!
So when you restarted did it work or still no luck?
2014-11-22 1:55 GMT+01:00 Matt . :
HI,
Yes and that doesn't let me login... that's the issue.
2014-11-22 1:45 GMT+01:00 Dmitri Pal :
On 11/21/2014 07:12 PM, Matt . wrote:
HI Dimitri,
Thanks, but it seems following the kolab devs that if kolab cannot
determine the base dn, the other two do not matter.
So what would you change exactly ?
I assume you use IPA as an LDAP server.
In the Kolab config I would change
'email' => 'mail',
to
'email' => 'uid',
In IPA I would use "name" in the uid and name@domain in email (as IPA
creates) by default.
and then try to log into Kolab using name.
So for me it would look like this:
In ipa:
uid: dpal
mail: d...@mydomain.com
There might be need changed more.
I hope we can get this fixed !
Thanks,
Matt
2014-11-22 0:51 GMT+01:00 Dmitri Pal :
On 11/21/2014 06:42 PM, Matt . wrote:
Hi Dimitri,
All I can say about that is that it's configured and uses ldap this
this added to ldap:
[root@kolab roundcubemail]# ldapsearch -x -h localhost -D
"cn=Directory Manager" -w Welcome2KolabSystems -b "cn=kolab,cn=config"
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# kolab, config
dn: cn=kolab,cn=config
objectClass: top
objectClass: extensibleobject
cn: kolab
# example.org, kolab, config
dn: associateddomain=example.org,cn=kolab,cn=config
objectClass: top
objectClass: domainrelatedobject
objectClass: inetdomain
associatedDomain: example.org
associatedDomain: dc=internal,dc=local
inetDomainBaseDN: dc=internal,dc=local
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
kolab_auth.inc.php
'Kolab Auth',
'hosts' => Array('172.16.xx.xx'),
'port' => 389,
'use_tls' => false,
'user_specific' => false,
'base_dn' =>
'cn=accounts,dc=domain,dc=local',
'bind_dn' =>
'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
'bind_pass' => 'xx',
'writable' => false,
'ldap_version' => 3, // using LDAPv3
'fieldmap' => Array(
'name' => 'displayname',
'email' => 'mail',
Here you can use uid instead of mail.
Then user will be able to login into Kolab with a simple name instead of
the
longer mail.
Then you would be able to put n...@domain.tld into the mail attribute.
It seems that Kolab assumes that mail is a single valued attribute in the
directory while in general it is not the case.
So the best would be to use come other attribute for login.
HTH.
'email:alias' => 'alias',
'role' => 'nsroledn',
),
'sort' => 'displayname',
'scope' => 'sub',
'filter'=> '(objectClass=*)',
'fuzzy_search' => true,
'sizelimit' => '0',
'timelimit' => '0',
'groups'=> Array(
'base_dn' => 'cn=groups,dc=domain,dc=local',
'filter'=>
'(|(objectclass=groupofuniquenames)(objectclass=groupofurls))',
'object_classes'=> Array('top',
'groupOfUniqueNames'),
'member_attr' => 'uniqueMember',
),
);
// This will overwrite defined filter
$config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' .
'(|(uid=%u)(mail=%fu)(alias=%fu)))';
// Use this fields (from fieldmap configuration) to get
authentication ID
$config['kolab_auth_login'] = 'email';
// Use this fields (from fieldmap configuration) for default
identity
$config['kolab_auth_name'] = 'name';
$config['kolab_auth_alias'] = 'alias';
$config['kolab_auth_email'] = 'email';
if (preg_match('/\/helpdesk-login\//', $_SERVER["REQUEST_URI"]) )
{
// Login and password of the admin user. Enables "Login As"
feature.
$config['kolab_auth_admin_login']= 'admin';
$config['kolab_auth_admin_password'] = 'xx';
$config['kolab_auth_auditlog'] = true;
}
// Administrative role field (from fieldmap configuration) which
must be filled with
// specified value which adds privilege to login as another user.
$config['kolab_auth_role'] = 'role';
$config['kolab_auth_role_value'] =
'cn=kolab-admin,dc=domain,dc=local';
// Administrative group name to which user
Re: [Freeipa-users] Primary mail address possible ?
I need to say, saslauth caches it, didn't restart that one actually as
it's kinda late!
2014-11-22 1:55 GMT+01:00 Matt . :
> HI,
>
> Yes and that doesn't let me login... that's the issue.
>
> 2014-11-22 1:45 GMT+01:00 Dmitri Pal :
>> On 11/21/2014 07:12 PM, Matt . wrote:
>>>
>>> HI Dimitri,
>>>
>>> Thanks, but it seems following the kolab devs that if kolab cannot
>>> determine the base dn, the other two do not matter.
>>>
>>> So what would you change exactly ?
>>
>>
>> I assume you use IPA as an LDAP server.
>> In the Kolab config I would change
>>
>> 'email' => 'mail',
>>
>> to
>>
>> 'email' => 'uid',
>>
>>
>> In IPA I would use "name" in the uid and name@domain in email (as IPA
>> creates) by default.
>> and then try to log into Kolab using name.
>>
>> So for me it would look like this:
>>
>> In ipa:
>> uid: dpal
>> mail: d...@mydomain.com
>>
>>
>>>
>>> There might be need changed more.
>>>
>>> I hope we can get this fixed !
>>>
>>> Thanks,
>>>
>>> Matt
>>>
>>> 2014-11-22 0:51 GMT+01:00 Dmitri Pal :
On 11/21/2014 06:42 PM, Matt . wrote:
>
> Hi Dimitri,
>
> All I can say about that is that it's configured and uses ldap this
> this added to ldap:
>
> [root@kolab roundcubemail]# ldapsearch -x -h localhost -D
> "cn=Directory Manager" -w Welcome2KolabSystems -b "cn=kolab,cn=config"
> # extended LDIF
> #
> # LDAPv3
> # base with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # kolab, config
> dn: cn=kolab,cn=config
> objectClass: top
> objectClass: extensibleobject
> cn: kolab
>
> # example.org, kolab, config
> dn: associateddomain=example.org,cn=kolab,cn=config
> objectClass: top
> objectClass: domainrelatedobject
> objectClass: inetdomain
> associatedDomain: example.org
> associatedDomain: dc=internal,dc=local
> inetDomainBaseDN: dc=internal,dc=local
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 3
> # numEntries: 2
>
>
> kolab_auth.inc.php
>
>
> // The id of the LDAP address book (which refers to the
> rcmail_config['ldap_public'])
> // or complete addressbook definition array.
> $config['kolab_auth_addressbook'] = Array(
> 'name' => 'Kolab Auth',
> 'hosts' => Array('172.16.xx.xx'),
> 'port' => 389,
> 'use_tls' => false,
> 'user_specific' => false,
> 'base_dn' =>
> 'cn=accounts,dc=domain,dc=local',
> 'bind_dn' =>
> 'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
> 'bind_pass' => 'xx',
> 'writable' => false,
> 'ldap_version' => 3, // using LDAPv3
> 'fieldmap' => Array(
> 'name' => 'displayname',
> 'email' => 'mail',
Here you can use uid instead of mail.
Then user will be able to login into Kolab with a simple name instead of
the
longer mail.
Then you would be able to put n...@domain.tld into the mail attribute.
It seems that Kolab assumes that mail is a single valued attribute in the
directory while in general it is not the case.
So the best would be to use come other attribute for login.
HTH.
> 'email:alias' => 'alias',
> 'role' => 'nsroledn',
> ),
> 'sort' => 'displayname',
> 'scope' => 'sub',
> 'filter'=> '(objectClass=*)',
> 'fuzzy_search' => true,
> 'sizelimit' => '0',
> 'timelimit' => '0',
> 'groups'=> Array(
> 'base_dn' => 'cn=groups,dc=domain,dc=local',
> 'filter'=>
> '(|(objectclass=groupofuniquenames)(objectclass=groupofurls))',
> 'object_classes'=> Array('top',
> 'groupOfUniqueNames'),
> 'member_attr' => 'uniqueMember',
> ),
> );
>
>
> // This will overwrite defined filter
> $config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' .
> '(|(uid=%u)(mail=%fu)(alias=%fu)))';
>
> // Use this fields (from fieldmap configuration) to get
> authentication ID
> $config['kolab_auth_login'] = 'email';
>
> // Use this fields (from fieldmap configuration) for defa
Re: [Freeipa-users] Primary mail address possible ?
HI,
Yes and that doesn't let me login... that's the issue.
2014-11-22 1:45 GMT+01:00 Dmitri Pal :
> On 11/21/2014 07:12 PM, Matt . wrote:
>>
>> HI Dimitri,
>>
>> Thanks, but it seems following the kolab devs that if kolab cannot
>> determine the base dn, the other two do not matter.
>>
>> So what would you change exactly ?
>
>
> I assume you use IPA as an LDAP server.
> In the Kolab config I would change
>
> 'email' => 'mail',
>
> to
>
> 'email' => 'uid',
>
>
> In IPA I would use "name" in the uid and name@domain in email (as IPA
> creates) by default.
> and then try to log into Kolab using name.
>
> So for me it would look like this:
>
> In ipa:
> uid: dpal
> mail: d...@mydomain.com
>
>
>>
>> There might be need changed more.
>>
>> I hope we can get this fixed !
>>
>> Thanks,
>>
>> Matt
>>
>> 2014-11-22 0:51 GMT+01:00 Dmitri Pal :
>>>
>>> On 11/21/2014 06:42 PM, Matt . wrote:
Hi Dimitri,
All I can say about that is that it's configured and uses ldap this
this added to ldap:
[root@kolab roundcubemail]# ldapsearch -x -h localhost -D
"cn=Directory Manager" -w Welcome2KolabSystems -b "cn=kolab,cn=config"
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# kolab, config
dn: cn=kolab,cn=config
objectClass: top
objectClass: extensibleobject
cn: kolab
# example.org, kolab, config
dn: associateddomain=example.org,cn=kolab,cn=config
objectClass: top
objectClass: domainrelatedobject
objectClass: inetdomain
associatedDomain: example.org
associatedDomain: dc=internal,dc=local
inetDomainBaseDN: dc=internal,dc=local
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
kolab_auth.inc.php
>>>
// The id of the LDAP address book (which refers to the
rcmail_config['ldap_public'])
// or complete addressbook definition array.
$config['kolab_auth_addressbook'] = Array(
'name' => 'Kolab Auth',
'hosts' => Array('172.16.xx.xx'),
'port' => 389,
'use_tls' => false,
'user_specific' => false,
'base_dn' =>
'cn=accounts,dc=domain,dc=local',
'bind_dn' =>
'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
'bind_pass' => 'xx',
'writable' => false,
'ldap_version' => 3, // using LDAPv3
'fieldmap' => Array(
'name' => 'displayname',
'email' => 'mail',
>>>
>>>
>>> Here you can use uid instead of mail.
>>> Then user will be able to login into Kolab with a simple name instead of
>>> the
>>> longer mail.
>>> Then you would be able to put n...@domain.tld into the mail attribute.
>>>
>>> It seems that Kolab assumes that mail is a single valued attribute in the
>>> directory while in general it is not the case.
>>> So the best would be to use come other attribute for login.
>>>
>>> HTH.
>>>
'email:alias' => 'alias',
'role' => 'nsroledn',
),
'sort' => 'displayname',
'scope' => 'sub',
'filter'=> '(objectClass=*)',
'fuzzy_search' => true,
'sizelimit' => '0',
'timelimit' => '0',
'groups'=> Array(
'base_dn' => 'cn=groups,dc=domain,dc=local',
'filter'=>
'(|(objectclass=groupofuniquenames)(objectclass=groupofurls))',
'object_classes'=> Array('top',
'groupOfUniqueNames'),
'member_attr' => 'uniqueMember',
),
);
// This will overwrite defined filter
$config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' .
'(|(uid=%u)(mail=%fu)(alias=%fu)))';
// Use this fields (from fieldmap configuration) to get
authentication ID
$config['kolab_auth_login'] = 'email';
// Use this fields (from fieldmap configuration) for default
identity
$config['kolab_auth_name'] = 'name';
$config['kolab_auth_alias'] = 'alias';
$config['kolab_auth_email'] = 'email';
if (preg_match('/\/helpdesk-login\//', $_SERVER["REQUEST_URI"]) )
{
// L
Re: [Freeipa-users] Primary mail address possible ?
On 11/21/2014 07:12 PM, Matt . wrote:
HI Dimitri,
Thanks, but it seems following the kolab devs that if kolab cannot
determine the base dn, the other two do not matter.
So what would you change exactly ?
I assume you use IPA as an LDAP server.
In the Kolab config I would change
'email' => 'mail',
to
'email' => 'uid',
In IPA I would use "name" in the uid and name@domain in email (as IPA
creates) by default.
and then try to log into Kolab using name.
So for me it would look like this:
In ipa:
uid: dpal
mail: d...@mydomain.com
There might be need changed more.
I hope we can get this fixed !
Thanks,
Matt
2014-11-22 0:51 GMT+01:00 Dmitri Pal :
On 11/21/2014 06:42 PM, Matt . wrote:
Hi Dimitri,
All I can say about that is that it's configured and uses ldap this
this added to ldap:
[root@kolab roundcubemail]# ldapsearch -x -h localhost -D
"cn=Directory Manager" -w Welcome2KolabSystems -b "cn=kolab,cn=config"
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# kolab, config
dn: cn=kolab,cn=config
objectClass: top
objectClass: extensibleobject
cn: kolab
# example.org, kolab, config
dn: associateddomain=example.org,cn=kolab,cn=config
objectClass: top
objectClass: domainrelatedobject
objectClass: inetdomain
associatedDomain: example.org
associatedDomain: dc=internal,dc=local
inetDomainBaseDN: dc=internal,dc=local
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
kolab_auth.inc.php
'Kolab Auth',
'hosts' => Array('172.16.xx.xx'),
'port' => 389,
'use_tls' => false,
'user_specific' => false,
'base_dn' => 'cn=accounts,dc=domain,dc=local',
'bind_dn' =>
'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
'bind_pass' => 'xx',
'writable' => false,
'ldap_version' => 3, // using LDAPv3
'fieldmap' => Array(
'name' => 'displayname',
'email' => 'mail',
Here you can use uid instead of mail.
Then user will be able to login into Kolab with a simple name instead of the
longer mail.
Then you would be able to put n...@domain.tld into the mail attribute.
It seems that Kolab assumes that mail is a single valued attribute in the
directory while in general it is not the case.
So the best would be to use come other attribute for login.
HTH.
'email:alias' => 'alias',
'role' => 'nsroledn',
),
'sort' => 'displayname',
'scope' => 'sub',
'filter'=> '(objectClass=*)',
'fuzzy_search' => true,
'sizelimit' => '0',
'timelimit' => '0',
'groups'=> Array(
'base_dn' => 'cn=groups,dc=domain,dc=local',
'filter'=>
'(|(objectclass=groupofuniquenames)(objectclass=groupofurls))',
'object_classes'=> Array('top',
'groupOfUniqueNames'),
'member_attr' => 'uniqueMember',
),
);
// This will overwrite defined filter
$config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' .
'(|(uid=%u)(mail=%fu)(alias=%fu)))';
// Use this fields (from fieldmap configuration) to get
authentication ID
$config['kolab_auth_login'] = 'email';
// Use this fields (from fieldmap configuration) for default identity
$config['kolab_auth_name'] = 'name';
$config['kolab_auth_alias'] = 'alias';
$config['kolab_auth_email'] = 'email';
if (preg_match('/\/helpdesk-login\//', $_SERVER["REQUEST_URI"]) ) {
// Login and password of the admin user. Enables "Login As"
feature.
$config['kolab_auth_admin_login']= 'admin';
$config['kolab_auth_admin_password'] = 'xx';
$config['kolab_auth_auditlog'] = true;
}
// Administrative role field (from fieldmap configuration) which
must be filled with
// specified value which adds privilege to login as another user.
$config['kolab_auth_role'] = 'role';
$config['kolab_auth_role_value'] =
'cn=kolab-admin,dc=domain,dc=local';
// Administrative group name to which user must be assigned to
// which adds privilege to login as another user.
$config['kolab_auth_group'] = 'Kolab Helpdesk';
if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
'/' . basename(__FILE__))) {
include_once(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
'/' . basename(__FILE__));
}
?>
Does this help you some ?
Re: [Freeipa-users] Primary mail address possible ?
HI Dimitri,
Thanks, but it seems following the kolab devs that if kolab cannot
determine the base dn, the other two do not matter.
So what would you change exactly ?
There might be need changed more.
I hope we can get this fixed !
Thanks,
Matt
2014-11-22 0:51 GMT+01:00 Dmitri Pal :
> On 11/21/2014 06:42 PM, Matt . wrote:
>>
>> Hi Dimitri,
>>
>> All I can say about that is that it's configured and uses ldap this
>> this added to ldap:
>>
>> [root@kolab roundcubemail]# ldapsearch -x -h localhost -D
>> "cn=Directory Manager" -w Welcome2KolabSystems -b "cn=kolab,cn=config"
>> # extended LDIF
>> #
>> # LDAPv3
>> # base with scope subtree
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>>
>> # kolab, config
>> dn: cn=kolab,cn=config
>> objectClass: top
>> objectClass: extensibleobject
>> cn: kolab
>>
>> # example.org, kolab, config
>> dn: associateddomain=example.org,cn=kolab,cn=config
>> objectClass: top
>> objectClass: domainrelatedobject
>> objectClass: inetdomain
>> associatedDomain: example.org
>> associatedDomain: dc=internal,dc=local
>> inetDomainBaseDN: dc=internal,dc=local
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 3
>> # numEntries: 2
>>
>>
>> kolab_auth.inc.php
>>
>> >
>> // The id of the LDAP address book (which refers to the
>> rcmail_config['ldap_public'])
>> // or complete addressbook definition array.
>> $config['kolab_auth_addressbook'] = Array(
>> 'name' => 'Kolab Auth',
>> 'hosts' => Array('172.16.xx.xx'),
>> 'port' => 389,
>> 'use_tls' => false,
>> 'user_specific' => false,
>> 'base_dn' => 'cn=accounts,dc=domain,dc=local',
>> 'bind_dn' =>
>> 'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
>> 'bind_pass' => 'xx',
>> 'writable' => false,
>> 'ldap_version' => 3, // using LDAPv3
>> 'fieldmap' => Array(
>> 'name' => 'displayname',
>> 'email' => 'mail',
>
>
> Here you can use uid instead of mail.
> Then user will be able to login into Kolab with a simple name instead of the
> longer mail.
> Then you would be able to put n...@domain.tld into the mail attribute.
>
> It seems that Kolab assumes that mail is a single valued attribute in the
> directory while in general it is not the case.
> So the best would be to use come other attribute for login.
>
> HTH.
>
>> 'email:alias' => 'alias',
>> 'role' => 'nsroledn',
>> ),
>> 'sort' => 'displayname',
>> 'scope' => 'sub',
>> 'filter'=> '(objectClass=*)',
>> 'fuzzy_search' => true,
>> 'sizelimit' => '0',
>> 'timelimit' => '0',
>> 'groups'=> Array(
>> 'base_dn' => 'cn=groups,dc=domain,dc=local',
>> 'filter'=>
>> '(|(objectclass=groupofuniquenames)(objectclass=groupofurls))',
>> 'object_classes'=> Array('top',
>> 'groupOfUniqueNames'),
>> 'member_attr' => 'uniqueMember',
>> ),
>> );
>>
>>
>> // This will overwrite defined filter
>> $config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' .
>> '(|(uid=%u)(mail=%fu)(alias=%fu)))';
>>
>> // Use this fields (from fieldmap configuration) to get
>> authentication ID
>> $config['kolab_auth_login'] = 'email';
>>
>> // Use this fields (from fieldmap configuration) for default identity
>> $config['kolab_auth_name'] = 'name';
>> $config['kolab_auth_alias'] = 'alias';
>> $config['kolab_auth_email'] = 'email';
>>
>> if (preg_match('/\/helpdesk-login\//', $_SERVER["REQUEST_URI"]) ) {
>>
>> // Login and password of the admin user. Enables "Login As"
>> feature.
>> $config['kolab_auth_admin_login']= 'admin';
>> $config['kolab_auth_admin_password'] = 'xx';
>>
>> $config['kolab_auth_auditlog'] = true;
>> }
>>
>> // Administrative role field (from fieldmap configuration) which
>> must be filled with
>> // specified value which adds privilege to login as another user.
>> $config['kolab_auth_role'] = 'role';
>> $config['kolab_auth_role_value'] =
>> 'cn=kolab-admin,dc=domain,dc=local';
>>
>> // Administrative group name to which user must be assigned to
>> // which adds privilege to login as another user.
>> $config['kolab_auth_group'] = 'Kolab Helpdesk';
>>
>> if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
>> '/' . basename(__FILE__))) {
>> include_once(RCUBE_CONFIG_DIR . '
Re: [Freeipa-users] Primary mail address possible ?
On 11/21/2014 06:42 PM, Matt . wrote:
Hi Dimitri,
All I can say about that is that it's configured and uses ldap this
this added to ldap:
[root@kolab roundcubemail]# ldapsearch -x -h localhost -D
"cn=Directory Manager" -w Welcome2KolabSystems -b "cn=kolab,cn=config"
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# kolab, config
dn: cn=kolab,cn=config
objectClass: top
objectClass: extensibleobject
cn: kolab
# example.org, kolab, config
dn: associateddomain=example.org,cn=kolab,cn=config
objectClass: top
objectClass: domainrelatedobject
objectClass: inetdomain
associatedDomain: example.org
associatedDomain: dc=internal,dc=local
inetDomainBaseDN: dc=internal,dc=local
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
kolab_auth.inc.php
'Kolab Auth',
'hosts' => Array('172.16.xx.xx'),
'port' => 389,
'use_tls' => false,
'user_specific' => false,
'base_dn' => 'cn=accounts,dc=domain,dc=local',
'bind_dn' =>
'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
'bind_pass' => 'xx',
'writable' => false,
'ldap_version' => 3, // using LDAPv3
'fieldmap' => Array(
'name' => 'displayname',
'email' => 'mail',
Here you can use uid instead of mail.
Then user will be able to login into Kolab with a simple name instead of
the longer mail.
Then you would be able to put n...@domain.tld into the mail attribute.
It seems that Kolab assumes that mail is a single valued attribute in
the directory while in general it is not the case.
So the best would be to use come other attribute for login.
HTH.
'email:alias' => 'alias',
'role' => 'nsroledn',
),
'sort' => 'displayname',
'scope' => 'sub',
'filter'=> '(objectClass=*)',
'fuzzy_search' => true,
'sizelimit' => '0',
'timelimit' => '0',
'groups'=> Array(
'base_dn' => 'cn=groups,dc=domain,dc=local',
'filter'=>
'(|(objectclass=groupofuniquenames)(objectclass=groupofurls))',
'object_classes'=> Array('top', 'groupOfUniqueNames'),
'member_attr' => 'uniqueMember',
),
);
// This will overwrite defined filter
$config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' .
'(|(uid=%u)(mail=%fu)(alias=%fu)))';
// Use this fields (from fieldmap configuration) to get authentication ID
$config['kolab_auth_login'] = 'email';
// Use this fields (from fieldmap configuration) for default identity
$config['kolab_auth_name'] = 'name';
$config['kolab_auth_alias'] = 'alias';
$config['kolab_auth_email'] = 'email';
if (preg_match('/\/helpdesk-login\//', $_SERVER["REQUEST_URI"]) ) {
// Login and password of the admin user. Enables "Login As" feature.
$config['kolab_auth_admin_login']= 'admin';
$config['kolab_auth_admin_password'] = 'xx';
$config['kolab_auth_auditlog'] = true;
}
// Administrative role field (from fieldmap configuration) which
must be filled with
// specified value which adds privilege to login as another user.
$config['kolab_auth_role'] = 'role';
$config['kolab_auth_role_value'] = 'cn=kolab-admin,dc=domain,dc=local';
// Administrative group name to which user must be assigned to
// which adds privilege to login as another user.
$config['kolab_auth_group'] = 'Kolab Helpdesk';
if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
'/' . basename(__FILE__))) {
include_once(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
'/' . basename(__FILE__));
}
?>
Does this help you some ?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] Primary mail address possible ?
Hi Dimitri,
All I can say about that is that it's configured and uses ldap this
this added to ldap:
[root@kolab roundcubemail]# ldapsearch -x -h localhost -D
"cn=Directory Manager" -w Welcome2KolabSystems -b "cn=kolab,cn=config"
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# kolab, config
dn: cn=kolab,cn=config
objectClass: top
objectClass: extensibleobject
cn: kolab
# example.org, kolab, config
dn: associateddomain=example.org,cn=kolab,cn=config
objectClass: top
objectClass: domainrelatedobject
objectClass: inetdomain
associatedDomain: example.org
associatedDomain: dc=internal,dc=local
inetDomainBaseDN: dc=internal,dc=local
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
kolab_auth.inc.php
'Kolab Auth',
'hosts' => Array('172.16.xx.xx'),
'port' => 389,
'use_tls' => false,
'user_specific' => false,
'base_dn' => 'cn=accounts,dc=domain,dc=local',
'bind_dn' =>
'uid=admin,cn=users,cn=accounts,dc=domain,dc=local',
'bind_pass' => 'xx',
'writable' => false,
'ldap_version' => 3, // using LDAPv3
'fieldmap' => Array(
'name' => 'displayname',
'email' => 'mail',
'email:alias' => 'alias',
'role' => 'nsroledn',
),
'sort' => 'displayname',
'scope' => 'sub',
'filter'=> '(objectClass=*)',
'fuzzy_search' => true,
'sizelimit' => '0',
'timelimit' => '0',
'groups'=> Array(
'base_dn' => 'cn=groups,dc=domain,dc=local',
'filter'=>
'(|(objectclass=groupofuniquenames)(objectclass=groupofurls))',
'object_classes'=> Array('top', 'groupOfUniqueNames'),
'member_attr' => 'uniqueMember',
),
);
// This will overwrite defined filter
$config['kolab_auth_filter'] = '(&' . '(objectclass=inetuser)' .
'(|(uid=%u)(mail=%fu)(alias=%fu)))';
// Use this fields (from fieldmap configuration) to get authentication ID
$config['kolab_auth_login'] = 'email';
// Use this fields (from fieldmap configuration) for default identity
$config['kolab_auth_name'] = 'name';
$config['kolab_auth_alias'] = 'alias';
$config['kolab_auth_email'] = 'email';
if (preg_match('/\/helpdesk-login\//', $_SERVER["REQUEST_URI"]) ) {
// Login and password of the admin user. Enables "Login As" feature.
$config['kolab_auth_admin_login']= 'admin';
$config['kolab_auth_admin_password'] = 'xx';
$config['kolab_auth_auditlog'] = true;
}
// Administrative role field (from fieldmap configuration) which
must be filled with
// specified value which adds privilege to login as another user.
$config['kolab_auth_role'] = 'role';
$config['kolab_auth_role_value'] = 'cn=kolab-admin,dc=domain,dc=local';
// Administrative group name to which user must be assigned to
// which adds privilege to login as another user.
$config['kolab_auth_group'] = 'Kolab Helpdesk';
if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
'/' . basename(__FILE__))) {
include_once(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] .
'/' . basename(__FILE__));
}
?>
Does this help you some ?
2014-11-22 0:31 GMT+01:00 Dmitri Pal :
> On 11/21/2014 06:04 PM, Matt . wrote:
>>
>> Hi Dimitri,
>>
>> What do you mean by how ? Can you be more specific what you want to know ?
>
>
> How Kolab is connecting to IPA?
> LDAP ? Kerberos? Direcly from Kolab? Using SSO? Using SSSD and Apache module
> integration like this http://www.freeipa.org/page/Web_App_Authentication?
> In some other way?
>
> What is the configuration?
>
> How the second mail addressed is supposed to be used?
> What are the applications that need to see/access it?
> How are they configured? LDAP? SSSD?
>
>
>
>>
>>
>>
>> 2014-11-21 23:42 GMT+01:00 Dmitri Pal :
>>>
>>> On 11/20/2014 09:15 PM, Matt . wrote:
Hi Guys,
For authenticating a user in Kolab I need uid@sub.domain.local as
emailaddress, but as my user needs also n...@domain.tld I need to add
this as extra mail address.
>>>
>>>
>>> User needs it where?
>>> How Kolab integration is configured?
>>>
When I add this second email address I cannot login to Kolab anymore
as it will use u...@domain.tld in the kolab logs. When I remove it it
can login again.
Removing uid@sub.domain.local and only having n...@domain.tld doesn't
work either.
Anyone an idea ho
Re: [Freeipa-users] Primary mail address possible ?
On 11/21/2014 06:04 PM, Matt . wrote: Hi Dimitri, What do you mean by how ? Can you be more specific what you want to know ? How Kolab is connecting to IPA? LDAP ? Kerberos? Direcly from Kolab? Using SSO? Using SSSD and Apache module integration like this http://www.freeipa.org/page/Web_App_Authentication? In some other way? What is the configuration? How the second mail addressed is supposed to be used? What are the applications that need to see/access it? How are they configured? LDAP? SSSD? 2014-11-21 23:42 GMT+01:00 Dmitri Pal : On 11/20/2014 09:15 PM, Matt . wrote: Hi Guys, For authenticating a user in Kolab I need uid@sub.domain.local as emailaddress, but as my user needs also n...@domain.tld I need to add this as extra mail address. User needs it where? How Kolab integration is configured? When I add this second email address I cannot login to Kolab anymore as it will use u...@domain.tld in the kolab logs. When I remove it it can login again. Removing uid@sub.domain.local and only having n...@domain.tld doesn't work either. Anyone an idea how I can set uid@sub.domain.local bind a primary ? Cheers, Matt -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] Primary mail address possible ?
Hi Dimitri, What do you mean by how ? Can you be more specific what you want to know ? 2014-11-21 23:42 GMT+01:00 Dmitri Pal : > On 11/20/2014 09:15 PM, Matt . wrote: >> >> Hi Guys, >> >> For authenticating a user in Kolab I need uid@sub.domain.local as >> emailaddress, but as my user needs also n...@domain.tld I need to add >> this as extra mail address. > > > User needs it where? > How Kolab integration is configured? > >> >> When I add this second email address I cannot login to Kolab anymore >> as it will use u...@domain.tld in the kolab logs. When I remove it it >> can login again. >> >> Removing uid@sub.domain.local and only having n...@domain.tld doesn't >> work either. >> >> Anyone an idea how I can set uid@sub.domain.local bind a primary ? >> >> Cheers, >> >> Matt >> > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] Primary mail address possible ?
On 11/20/2014 09:15 PM, Matt . wrote: Hi Guys, For authenticating a user in Kolab I need uid@sub.domain.local as emailaddress, but as my user needs also n...@domain.tld I need to add this as extra mail address. User needs it where? How Kolab integration is configured? When I add this second email address I cannot login to Kolab anymore as it will use u...@domain.tld in the kolab logs. When I remove it it can login again. Removing uid@sub.domain.local and only having n...@domain.tld doesn't work either. Anyone an idea how I can set uid@sub.domain.local bind a primary ? Cheers, Matt -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
[Freeipa-users] Primary mail address possible ?
Hi Guys, For authenticating a user in Kolab I need uid@sub.domain.local as emailaddress, but as my user needs also n...@domain.tld I need to add this as extra mail address. When I add this second email address I cannot login to Kolab anymore as it will use u...@domain.tld in the kolab logs. When I remove it it can login again. Removing uid@sub.domain.local and only having n...@domain.tld doesn't work either. Anyone an idea how I can set uid@sub.domain.local bind a primary ? Cheers, Matt -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
