[horde] connecting horde to openldap - almost there
Andy Dorman
adorman at ironicdesign.com
Mon Jul 18 14:25:37 UTC 2016
On 07/18/2016 06:45 AM, Spyros Tsiolis wrote:
> Hello again all,
>
> In regards to connecting horde with openldap.
> I think I am on the right track.
>
> I edited "turba/config/backends.php" (Jan , thank you for this again)
> and took away most of the examples except the one that connects turba
> to openldap.
>
> Heres' the code :
>
> --------------------------
> $cfgSources['localldap'] = array(
> // Disabled by default
> 'disabled' => false,
> 'title' => _("Shared Directory"),
> 'type' => 'ldap',
> 'params' => array(
> 'server' => 'openldapserver.home.local',
> 'port' => 389,
> 'tls' => false,
> 'root' => 'dc=home,dc=local',
> 'bind_dn' => 'cn=admin,ou=contacts,dc=openldapserver,dc=home,dc=local',
> // For Active Directory:
> // 'bind_dn' => 'username at example.com',
> 'bind_password' => '<PASSWORD_ENTERED_HERE>',
> 'sizelimit' => 200,
> // For Active Directory:
> // 'sizelimit' => 0,
> 'dn' => array('cn'),
> 'objectclass' => array('top',
> 'person',
> 'organizationalPerson',
> .......
> --------------------------
>
>
>
> As far as I can understand this, what I am after are roughly lines 2 to 15 in the
> code shown above.
>
> However, when I try to access the "Shared Directory" through "Address Books" a red
> message pops-up at the lower-right hand side of the browser :
>
> (-) Bind failed: (49) Invalid Credentials
>
> I am pretty sure that credentials are fine. I verified credentials with the help of
> "phpldapadmin" and I can log in fine from there.
> The password being used has no special symbols; It starts and ends with a dot
> ("."). The rest of it is numbers and letters.
>
> Ubuntu 14.04 (x86)
> Horde Groupware 5.2.15 (pear install from command line)
> For OpenLDAP, there's only one user called "admin" accessing an ou called
> "contacts". No other users. At the moment there's only "administrator" and
> one user that accesses Horde Webmail.
>
> Any help would be welcome,
>
> Regards,
>
> s.t.
>
>
We use LDAP for the user address books. Below is what we have in
backends.local.php for our Turba config. This may not be exactly what
you want though because our webmail/turba runs on multiple web servers
with a read-only replica of the LDAP db and the slapd/LDAP config value
for "updateref" refers all writes to our LDAP master server.
In addition, we have a very non-standard setup...
1. We support multiple independent domains and addresses within each
domain are not related (ie, no organizational domains), so all address
book addresses are "sub" to the owner user address (ie, no one can read
someone else's address book).
2. We had all sorts of issues with object class checking when we set
this up, so we finally just disabled that and let OpenLDAP take care of
making sure object classes can handle the fields.
But here it is if it helps:
/**
* Disable the SQL database address book.
*/
$cfgSources['localsql']['disabled'] = true;
$cfgSources['favourites']['disabled'] = true;
/**
* A personal LDAP address book. This assumes that the login is
* <username>@domain.com and that the users are stored on the same LDAP
* server. Thus it is possible to bind with the username and password
from the
* user. For more info; please refer to the docs/LDAP file in the Turba
* distribution.
*/
/* First get the uid and set the base DN. */
$_ldap_uid = strtolower($GLOBALS['registry']->getAuth());
$_ldap_basedn = ',ou=addresses,o=antespam.com';
// enable the personal_ldap address book
$cfgSources['personal_ldap']['disabled'] = false;
// talk to localhost and let the slapd updateref refer writes to the
master...
$cfgSources['personal_ldap']['params']['server'] = 'localhost';
$cfgSources['personal_ldap']['params']['bind_dn'] = 'uid=' . $_ldap_uid
. $_ldap_basedn;
$cfgSources['personal_ldap']['params']['bind_password'] =
$GLOBALS['registry']->getAuthCredential('password');
$cfgSources['personal_ldap']['params']['dn'] = array('uid');
$cfgSources['personal_ldap']['params']['objectclass'] = array('person',
'organizationalPerson', 'inetOrgPerson');
$cfgSources['personal_ldap']['params']['referrals'] = 1;
$cfgSources['personal_ldap']['params']['tls'] = false;
$cfgSources['personal_ldap']['params']['root'] = 'uid=' . $_ldap_uid .
$_ldap_basedn;
$cfgSources['personal_ldap']['params']['scope'] = 'sub';
// check the object classes to make sure we have the required fields to
add a contact
$cfgSources['personal_ldap']['params']['checkrequired'] = false;
$cfgSources['personal_ldap']['params']['checkrequired_string'] = '-';
$cfgSources['personal_ldap']['params']['checksyntax'] = false;
// set up our own mapping cause the object_pgppublickey field caused
LDAP to complain about "bad filter"
$cfgSources['personal_ldap']['map'] = array(
'__key' => 'dn',
'__uid' => 'uid',
'name' => 'cn',
'email' => 'mail',
'firstname' => 'givenname',
'lastname' => 'sn',
'title' => 'title',
'company' => 'organizationname',
'businessCategory' => 'businesscategory',
'workAddress' => 'postaladdress',
'workPostalCode' => 'postalcode',
'workPhone' => 'telephonenumber',
'fax' => 'facsimiletelephonenumber',
'homeAddress' => 'homepostaladdress',
'homePhone' => 'homephone',
'cellPhone' => 'mobile',
'notes' => 'description',
'office' => 'roomNumber',
'department' => 'ou',
'nickname' => 'displayName',
'website' => 'labeledURI'
);
$cfgSources['personal_ldap']['search'] = array(
'name',
'lastname',
'email',
'businessCategory',
'company',
'title'
);
--
Andy Dorman
More information about the horde
mailing list