[turba] LDAP Driver
Lee
lee@disinfo.com
Wed, 19 Jun 2002 19:57:17 -0400
Hey Ed,
I think I have this mostly working. I seem to be stuck on the openldap access
directives for each person's personal address book. Im doing virtually the
same thing as you are, where you put the user's address book entries under
their node. Im having problems figuring out how to tell openldap to grant
write access to a user for his/her address book entries under his/her node
though.
i.e. ou=users,dc=org,dc=com
uid=joeblow,ou=users,dc=org,dc=com
ou=addressbook,uid=joeblow,ou=users,dc=org,dc=com
cn=Mary,ou=addressbook,uid=joeblow,ou=users,dc=org,dc=com
cn=Joe,ou=addressbook,uid=joeblow,ou=users,dc=org,dc=com
cn=Larry,ou=addressbook,uid=joeblow,ou=users,dc=org,dc=com
How do I get openldap to let "dn=uid=joeblow,ou=users,dc=org,dc=com" add,
modify, and remove entries in the subtree below
ou=addressbook,uid=joeblow,ou=users,dc=org,dc=com without having to add an
accesscontrol directive for every single user?
Thanks,
Lee
Quoting Edwin Culp <eculp@encontacto.net>:
> Quoting Lee <lee@disinfo.com>:
>
> | This is perfect, thanks a million, I'm going to give this a try.
> |
> | One more question though. Do you happen to know off the top of your head
> | what I would have to change in IMP if I decided to make an AUXILIARY
> | class copy of the hordePrefs objectclass (all the same attributes, just
> | AUX instead of derived from person - I have oids, so this wont be a
> | problem)? Doing this would allow me to add the neccesary attributes
> | (impPrefs, turbaPrefs etc...) to our existing ldap user accounts,
> | without having to make the hordePrefs objectclass a child of these
> | account.
>
> hordePrefs isn't an objectclass, AFAIK, hordePerson is but
> I must really be slow today. How would your choice of objectclass
> directly effect IMP?
>
> ed
>
> |
> | BTW, isnt it considered good ldap schema style to make application
> | specific attributes part of AUX objectclasses anyway (hint hint imp
> | developers :)
> |
> | Thanks again,
> | Lee
> |
> |
> | -----Original Message-----
> | From: Edwin Culp [mailto:eculp@encontacto.net]
> | Sent: Wednesday, June 12, 2002 8:00 PM
> | To: Lee
> | Cc: turba@lists.horde.org
> | Subject: RE: [turba] LDAP Driver
> |
> | Quoting Lee <lee@disinfo.com>:
> |
> | | Has anyone implemented a per user address book for turba using ldap? I
> | | see a default shared address book in sources.php, but nothing for per
> | | user (private) ldap.
> | |
> | | Thanks,
> | | Lee
> | Lee,
> |
> | I do it with my ldap directory structure and
> | horde/turba/config/sources.php
> | configuration.
> |
> | My ldap tree for this is
> | o=my.org
> | ou=people,o=my.org
> | mail=name@my.org,ou=people,o=my.org /* This builds my corp.
> | addrBook.*/
> | ou=addressbook,o=my.org
> | mail=name@my.org,ou=addressbook,o=my.org
> | mail=aPersonInMyAddressBook@theirDomain.com,mail=name@my.org,\
> | ou=addressbook,o=my.org /*This is the personal addressbook.*/
> |
> | I have two definitions in sources.php on for the corporate addressbook
> | and the other for the personal addressbook. This works for me for
> | virtual users and domains. I've probably made it too complicated so
> | feedback/suggestions for simplification, improvements, scalability,
> | etc. would be appreciated.
> |
> | My sources.php should be self explanatory. It basically configures
> | itself
> | based on the url.
> |
> | I hope this helps,
> |
> | ed
> |
> | --------------------------sources.php Follows -----------------------
> | <?php
> |
> | /* Sources.php */
> |
> | $vdomain = strtolower(preg_replace('|^mail\.|i', '',
> | $_SERVER['HTTP_HOST']));
> | $usermail=Auth::getAuth();
> | $uid = preg_replace('|@.*|i', '', $usermail);
> | $pass=Auth::getCredential('password');
> |
> | /* PRIVATE ADDRESS BOOK */
> |
> | $cfgSources['private'] = array(
> | 'title' => 'Personal directory for ' . $uid,
> | 'type' => 'ldap',
> | 'params' => array(
> | 'server' => 'localhost',
> | 'port' => 389,
> | 'root' => 'mail=' . $usermail . ',ou=addressbook,o=my.org',
> |
> | /* BIND AS USER NOT AS ROOT */
> |
> | 'bind_dn' => 'mail=' . $usermail . ',ou=people,o=my.org',
> | 'bind_password' => $pass,
> | 'dn' => array('mail'),
> | 'objectclass' => array( 'hordePerson'),
> | 'filter' => ''
> | ),
> | 'map' => array(
> | '__key' => 'dn',
> | 'name' => 'cn',
> | 'email' => 'mail',
> | 'alias' => 'givenname'
> | ),
> | 'search' => array(
> | 'name',
> | 'email',
> | 'alias'
> | ),
> |
> | 'strict' => array(
> | 'dn'
> | ),
> |
> | 'public' => true,
> | 'readonly' => false,
> | 'admin' => array(),
> | 'export' => true
> | );
> |
> | /* Corporate/Domain Address Book */
> |
> | $cfgSources['corporate'] = array(
> | 'title' => 'Our ' . $vdomain . ' Directory',
> | 'type' => 'ldap',
> | 'params' => array(
> | 'server' => 'localhost',
> | 'port' => 389,
> | 'root' => 'ou=people,o=worldinternet.org',
> |
> | /* BIND AS USER NOT AS ROOT */
> |
> | 'bind_dn' => 'mail=' . $usermail . ',ou=people,o=my.org',
> | 'bind_password' => $pass,
> | 'dn' => array('cn'),
> | 'objectclass' => array( 'hordePerson'),
> | 'filter' => ''
> | ),
> | 'map' => array(
> | '__key' => 'dn',
> | 'name' => 'cn',
> | 'email' => 'mail',
> | 'sirname' => 'sn',
> | 'title' => 'title',
> | 'company' => 'o',
> | 'businesscategory' => 'businesscategory',
> | 'companyaddress' => 'postaladdress',
> | 'zip' => 'postalcode',
> | 'workphone' => 'telephonenumber',
> | 'fax' => 'facsimiletelephonenumber',
> | 'homeaddress' => 'homepostaladdress',
> | 'city' => 'l',
> | 'state' => 'st',
> | 'homephone' => 'homephone',
> | 'cellphone' => 'mobile',
> | 'alias' => 'givenname',
> | 'notes' => 'description',
> | 'pgpPublicKey' => 'object_pgppublickey'
> | ),
> | 'search' => array(
> | 'name',
> | 'email',
> | 'company',
> | 'alias',
> | 'sirname',
> | 'homephone',
> | 'workphone',
> | 'cellphone',
> | 'homeaddress'
> | ),
> | 'public' => true,
> | 'readonly' => false,
> | 'admin' => array('eculp@' . $vdomain ),
> | 'export' => true
> | );
> |
> | Hope this helps,
> |
> | ed
>
>
> --
>
>