Hello list:
Below a summarised and expanded view on the remaining 7 LDAP issues.
Please discard the earlier messages in the other thread, this is the
current status:
1) User-specific base_dn, bind_dn and password exist, and know to work
with other clients (iOS and jxplorer). Despite the name "Public", the
bind_dn user has write access. Relevant main.inc.php and slapd.conf
extracts are included at the end of this message. If useful, I can also
provide access to the underlying OpenLDAP developmentserver.
2) If cn and the concatenation givenName+sn are the same, the cn value
does not show up in the UI mask in the "name" field. As a result, when
you edit that contact, the field cn is not populated by default in the
UI and has to be manually added: Forgetting to do so will result in an
error, as cn is mandatory. It appears that the program logic to hide cn
based on existing attributes should be reviewed.
Independent of this, I believe that the thread "How are you using cn vs
displayName?" [0] could be useful to determine the right approach for
mapping givenName, sn, cn and displayName.
3) Probably closely related to point 2): changing the content of the
field 'name' => 'cn' fails, i.e. the newly entered information is not
stored.
Warning: ldap_mod_replace(): Modify: Naming violation in
roundcubemail-0.7.2/program/include/rcube_ldap.php on line 1105
Changing cn using jxplorer 3.2.2 works as expected. How to reproduce:
1) Change cn for a contact in jxplorer to "John Doe CN"
2) Search for John Doe CN contact in RC
3) "John Doe CN" shows up in the "name" field (in accordance with the
fieldmap below):
4) Editing the contact (any field, except cn itself) works perfectly.
5) Search again for same contact.
6) Change cn/name field to "John Doe CNUPDATED"
7) Saving will fail with a "Naming violation" error. From logs/ldap
(level 8, which seems to give the same output as level 4 BTW):
[10-Apr-2012 01:51:21 +0200]: C: Replace [dn: cn=John Doe
CN,ou=public,ou=rcabook,dc=domain,dc=tld]: Array
(
[cn] => John Doe CNUPDATED
[sn] => Doe
[givenname] => John
)
[10-Apr-2012 01:51:21 +0200]: S: Naming violation
From slapd with loglevel 23:
Apr 10 01:51:21 mail slapd[20444]: conn=1263 op=2 do_modify
Apr 10 01:51:21 mail slapd[20444]: conn=1263 op=2 do_modify: dn
(cn=John Doe CN,ou=public,ou=rcabook,dc=domain,dc=tld)
Apr 10 01:51:21 mail slapd[20444]: >>> dnPrettyNormal: <cn=John Doe
CN,ou=public,ou=rcabook,dc=domain,dc=tld>
Apr 10 01:51:21 mail slapd[20444]: <<< dnPrettyNormal: <cn=John Doe
CN,ou=public,ou=rcabook,dc=domain,dc=tld>, <cn=john doe
cn,ou=public,ou=rcabook,dc=domain,dc=tld>
Apr 10 01:51:21 mail slapd[20444]: conn=1263 op=2 modifications:
Apr 10 01:51:21 mail slapd[20444]: #011replace: cn
Apr 10 01:51:21 mail slapd[20444]: #011#011one value, length 18
Apr 10 01:51:21 mail slapd[20444]: #011replace: sn
Apr 10 01:51:21 mail slapd[20444]: #011#011one value, length 16
Apr 10 01:51:21 mail slapd[20444]: #011replace: givenname
Apr 10 01:51:21 mail slapd[20444]: #011#011one value, length 5
Apr 10 01:51:21 mail slapd[20444]: bdb_dn2entry("cn=john doe
cn,ou=public,ou=rcabook,dc=domain,dc=tld")
Apr 10 01:51:21 mail slapd[20444]: hdb_modify: cn=John Doe
CN,ou=public,ou=rcabook,dc=domain,dc=tld
Apr 10 01:51:21 mail slapd[20444]: bdb_dn2entry("cn=john doe
cn,ou=public,ou=rcabook,dc=domain,dc=tld")
Apr 10 01:51:21 mail slapd[20444]: bdb_modify_internal: 0x000004a7:
cn=John Doe CN,ou=public,ou=rcabook,dc=domain,dc=tld
Apr 10 01:51:21 mail slapd[20444]: bdb_modify_internal: replace cn
Apr 10 01:51:21 mail slapd[20444]: bdb_modify_internal: replace sn
Apr 10 01:51:21 mail slapd[20444]: bdb_modify_internal: replace
givenName
Apr 10 01:51:21 mail slapd[20444]: bdb_modify_internal: replace
entryCSN
Apr 10 01:51:21 mail slapd[20444]: bdb_modify_internal: replace
modifiersName
Apr 10 01:51:21 mail slapd[20444]: bdb_modify_internal: replace
modifyTimestamp
Apr 10 01:51:21 mail slapd[20444]: entry failed schema check: value of
naming attribute 'cn' is not present in entry
Apr 10 01:51:21 mail slapd[20444]: hdb_modify: modify failed (64)
Apr 10 01:51:21 mail slapd[20444]: send_ldap_result: conn=1263 op=2 p=3
Apr 10 01:51:21 mail slapd[20444]: send_ldap_result: err=64 matched=""
text="value of naming attribute 'cn' is not present in entry"
Apr 10 01:51:21 mail slapd[20444]: send_ldap_response: msgid=3 tag=103
err=64
It appears that somehow cn is not set in the update request that is
sent to the LDAP server: "Value of naming attribute 'cn' is not present
in entry". Also: why are we replacing sn and givenName if only cn has
changed?
4) Adding groups under the LDAP directory fails:
[07-Apr-2012 22:40:47 +0200]: C: Connect [calendarserver:389] [Private]
[07-Apr-2012 22:40:47 +0200]: S: OK
[07-Apr-2012 22:40:47 +0200]: C: Bind [dn:
[email protected],ou=private,ou=rcabook,dc=hostname,dc=tld] [pass:
XXXXXXXXXXXXX]
[07-Apr-2012 22:40:47 +0200]: S: OK
[07-Apr-2012 22:40:47 +0200]: C: Add [dn:
cn=Testgroup,[email protected],ou=private,ou=rcabook,dc=hostname,dc=tld]:
Array
(
[objectClass] => Array
(
[0] => top
[1] => groupOfNames
)
[cn] => Testgroup
[] =>
)
[07-Apr-2012 22:40:47 +0200]: S: Undefined attribute type
[07-Apr-2012 22:40:47 +0200]: C: Close
RESULT: Does NOT work, and we get a red error message "An error occured
while saving." on top of the web page. Could this be because by default
we are using the wrong object classes to create a subgroup?
5) Problems with editing and deleting facsimileTelephoneNumber and
jpegPhoto fields
It turns out that 'phone:fax' => 'facsimileTelephoneNumber' works for
adding and editing a fax number, but you will not be able to remove or
clear an existing one, at least not with the current code:
Warning: ldap_mod_del(): Modify: Inappropriate matching in
program/include/rcube_ldap.php on line 1082
This is actually the same issue as with the profile pictures, as you
can see comparing
Apr 8 03:36:28 mail slapd[25146]: bdb_modify_internal: 18
modify/delete: jpegPhoto: no equality matching rule
Apr 8 03:36:28 mail slapd[25146]: send_ldap_result: err=18 matched=""
text="modify/delete: jpegPhoto: no equality matching rule"
and these entries:
Apr 8 04:07:02 mail slapd[25146]: bdb_modify_internal: 18
modify/delete: facsimileTelephoneNumber: no equality matching rule
Apr 8 04:07:02 mail slapd[25146]: send_ldap_result: err=18 matched=""
text="modify/delete: facsimileTelephoneNumber: no equality matching
rule"
Perhaps we could add two special cases for replacing/removing
facsimileTelephoneNumber and jpegPhoto? I managed to find some
information on this issue [1, 2, 3] that might help solve it.
6) rcmimportreplace ('Replace the entire address book' when importing a
VCF file) does not work for LDAP. The newly imported card is simply
added to the existing cards, rather than replacing them all.
7) manager, assistant and department fields do not work: manager and
assistant don't show up and cannot be added via "Add field..." at all,
while department can be added, but upon saving the new entry the field
gets emptied immediately (it appears before submission of the form).
Thank you very much for managing to get to the end of this message ;-)
Achim
[0] <http://osdir.com/ml/ldap.umich/2006-01/msg00049.html>
[1]
<http://www.openldap.org/lists/openldap-technical/200907/msg00083.html>
[2]
<http://www.openldap.org/lists/openldap-software/200812/msg00040.html>
[3] <http://www.openldap.org/lists/openldap-bugs/200304/msg00008.html>
************** configuration files **************
(If useful, I can also provide access to the underlying OpenLDAP
developmentserver!)
$rcmail_config['ldap_public'] = array ();
$rcmail_config['ldap_public']['public'] = array(
'name' => 'Public',
'hosts' => array('calendar.domain.tld'),
'port' => 389,
'ldap_version' => 3, // using LDAPv3
# BUGBUG this is important, otherwise the bind_pass is not populated!
'user_specific' => true,
'base_dn' => 'ou=public,ou=rcabook,dc=domain,dc=tld',
'bind_dn' =>
'cn=%fu,ou=private,ou=rcabook,dc=domain,dc=tld',
'bind_pass' => '', // the user login password is used
'filter' => '(objectClass=inetOrgPerson)',
'writable' => true,
'LDAP_Object_Classes' => array('top', 'inetOrgPerson'),
'LDAP_rdn' => 'mail',
'required_fields' => array('cn', 'sn', 'mail', 'givenName'),
// mapping of contact fields to directory attributes
'fieldmap' => array(
// Roundcube => LDAPA
'prefix' => 'title',
'name' => 'cn',
'surname' => 'sn',
'firstname' => 'givenName',
'email:work' => 'mail',
'phone:home' => 'homePhone',
'phone:work' => 'telephoneNumber',
'phone:mobile' => 'mobile',
'phone:fax' => 'facsimileTelephoneNumber',
'photo' => 'jpegPhoto',
'website' => 'labeledURI',
'street' => 'street',
'zipcode' => 'postalCode',
'locality' => 'l',
'region' => 'st',
// does not exist in inetOrgPerson
// 'country' => 'c',
'organization' => 'o',
// Notes tab
'notes' => 'description',
// Personal information tab
'manager' => 'manager',
'assistant' => 'secretary',
'department' => 'departmentNumber',
),
'search_fields' => array('mail', 'cn', 'sn', 'givenName'), //
fields to search in
'sort' => 'cn', // The field to sort the listing by.
'scope' => 'sub', // search mode: sub|base|list
'fuzzy_search' => true, // server allows wildcard search
'vlv' => false, // Enable Virtual List View to more
efficiently fetch paginated data (if server supports it)
'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV,
we also use numSubOrdinates to query the total number of records. Set
this filter to get all numSubOrdinates attributes for counting
'sizelimit' => '0', // Enables you to limit the count of
entries fetched. Setting this to 0 means no limit.
'timelimit' => '0', // Sets the number of seconds how long is
spend on the search. Setting this to 0 means no limit.
'groups' => array(
'base_dn' => '', // in this Howto, the same
base_dn as for the contacts is used
'filter' => '(objectClass=groupOfNames)',
'object_classes' => array("top", "groupOfNames"),
),
);
$rcmail_config['autocomplete_addressbooks'] = array('sql','public');
$rcmail_config['address_template'] = '{street}<br/>{locality}
{zipcode}<br/>{region}';
From sladp.conf:
# Grant the admin and rcuser access to the whole addressbook
# Also grant it to every other LDAP user
access to dn.subtree="ou=rcabook,dc=domain,dc=tld"
by dn="cn=admin,dc=domain,dc=tld" write
by dn="cn=rcuser,ou=rcabook,dc=domain,dc=tld" write
by users write
_______________________________________________
Roundcube Users mailing list
[email protected]
http://lists.roundcube.net/mailman/listinfo/users
