[turba] IMP ldap prefs/Turba personal ldap addresses
Lee
lee at disinfo.com
Fri Dec 6 01:05:51 2002
> 1. Was a ldif file required when creating the new
> ldap directory. Do you have a sample of it?
>
all the OUs were created in the beginning with a simple ldif. I dont
have it but, but it would look something like:
dn: ou=users,dc=companyname,dc=com
objectclass: top
objectclass: organizationalUnit
ou: users
We actually add users via a custom php signup application, but here is
a minimal user account ldif:
dn: uid=someuser201,ou=users,dc=companyname,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: emailService
uid: someUser201
userPassword:: hjkdsUKADh
cn: joe shmoe
sn: shmoe
givenName: joe
Since Im guessing you havent created your own schema, you probably just
want to use the standard hordePerson schema instead:
dn: cn=username,ou=users,dc=companyname,dc=com
objectClass: top
objectClass: person
objectClass: hordePerson
cn=username
(hordePrefs etc... are filled in automatically by horde/imp)
if you use this, make sure you set the ldap source in horde and turba
to search for cn=username (not uid=username like i did in the example.
Also you might have to change the config stuff so that horde/turba bind
as an ldap administrator (that you added to ldap, and has applicative
privileges -ACLS- to read and write to all the user accounts in the
ldap directory) not the individual user, unless each of the user
accounts in the ldap directory can have the same password as the
useraccount's IMAP password)
> 2. What attributes did you index with the new
> directory in your slapd.conf file?
# Indices to maintain
index default pres,eq
index objectClass,uid,cn,publicEmailAddress,domainName
(publicEmailAddress and domainName are to speed up postfix mail
delivery, for which we use ldap as a backend as well)
> 3. What is required in just getting the horde prefs
> working with ldap (I figured I'd get the prefs working
> before going on to the personal addresses).
>
Off the top of my head:
1)Edit the horde prefs file (use the config I sent as an example)
2) add "include /usr/local/etc/openldap/schema/horde.schema"
to the top of slapd.conf . Make sure you put the horde.schema file in
that location as well.
3) Add the requisite ACLs to slapd.conf (again you can use the ones I
sent you as an example)
3) Add a hordePerson to your ldap directory
> 4. Do you have any experience with the patch
> suggested @
> http://cvs.horde.org/co.php/turba/docs/LDAP
We didnt use it, but it looks like its there to mainly save users some
time.
>
> 5. These are the errors I am currently getting when
> trying to login to IMP with the ldap errors (I
> corrected my horde.php settings per your sample, but
> it doesn't look like the new directory is being
> initialized or populated):
>
The key here is to understand who horde/imp is trying to bind as and
what horde/imp is trying to read/write. It looks like horde is trying
to bind as uid=test@example.org,dc=webmail,dc=example,dc=org. Does this
exist? Is the password horde is using for that account (if you use the
config I did, its the IMAP password) the same password that is set for
that user account in the ldap directory? Try running ldapsearch from
the command line using that dn / password and see if you can
succesfully bind to the server.
here is a sample command:
ldapsearch -h ldap.companyname.com -LLL -b "dc=companyname,dc=com" -s
sub -x -D "uid=test@example.org,dc=webmail,dc=example,dc=org" -W
"(uid=*)"
that should return:
uid=test@example.org,dc=webmail,dc=example,dc=org
I should reemphasize that our IMAP server uses LDAP to authenticate
users, so each user's ldap password is the same as their imap password.
We use this fact to tell horde to bind to ldap as the IMAP username
appended to "ou=users,dc=companyname,dc=com" and to use the IMAP
password. Unless you do the same, you will need to change the bind_dn,
bind_password to a fixed administrator account that you create and has
the the appropriate privileges in the ldap directory.
L
> IMP:
> Warning: LDAP: Unable to perform the search: No such
> object in /home/sites/www/horde/lib/Prefs/ldap.php on
> line 292
>
> Warning: LDAP: modify operation could not be
> completed. in /home/sites/www/horde/lib/Prefs/ldap.php
> on line 415
>
> Warning: Cannot add header information - headers
> already sent by (output started at
> /home/sites/www/horde/lib/Prefs/ldap.php:292) in
> /home/sites/www/horde/imp/redirect.php on line 84
>
> LDAP:
> Dec 5 17:07:04 mail slapd[5150]: conn=594 op=0 BIND
> dn="UID=TEST@EXAMPLE.ORG,DC=WEBMAIL,DC=EXAMPLE,DC=ORG"
> method=128
> Dec 5 17:07:04 mail slapd[5150]: conn=594 op=0 RESULT
> tag=97 err=49 text=
> Dec 5 17:07:04 mail slapd[5145]: conn=594 op=1 SRCH
> base="dc=webmail,dc=example,dc=org" scope=2
> fil
> ="(uid=test@example.org)"
> Dec 5 17:07:04 mail slapd[5145]: conn=594 op=1 RESULT
> tag=101 err=32 text=
> Dec 5 17:07:04 mail slapd[5147]: conn=594 op=2 MOD
> dn="uid=test@example.org,dc=webmail,dc=example,dc=org"
>
> Dec 5 17:07:04 mail slapd[5147]: conn=594 op=2 RESULT
> tag=103 err=32 text=
>
> Thanks again for your assistance.
>
> Respectfully,
>
>
> Gary
>
>
> --- Lee <lee@disinfo.com> wrote:
>> I have a full ldap/turba implementation. Heres the
>> requisite info:
>>
>> turba/config/sources.php:
>>
>> $vdomain = strtolower(preg_replace('|^mail\.|i', '',
>>
>> $_SERVER['HTTP_HOST']));
>> $usermail=Auth::getAuth();
>> $uid = preg_replace('|@.*|i', '', $usermail);
>> $pass=Auth::getCredential('password');
>>
>> /* PRIVATE ADDRESS BOOK */
>>
>> $cfgSources['private'] = array(
>> 'title' => 'Personal Addressbook for ' .
>> $uid,
>> 'type' => 'ldap',
>>
>> 'params' => array(
>> 'server' => 'ldap.ourcompany.com',
>> 'port' => 389,
>> 'root' => 'ou=addressbook,uid=' . $uid.
>>
>> ',ou=users,dc=ourcompany,dc=com',
>>
>> /*BIND AS USER NOT AS ROOT */
>>
>> 'bind_dn' => 'uid=' . $uid .
>> ',ou=users,dc=ourcompany,dc=com',
>> 'bind_password' => $pass,
>> 'dn' => array('cn'),
>> 'objectclass' => array(
>> 'addressBookEntry' ),
>> 'encoding' => 'utf8',
>> 'version' => 3,
>> 'filter' => ''
>> ),
>>
>> 'map' => array(
>> '__key' => 'dn',
>> 'name' => 'cn',
>> 'email' => 'mail',
>> 'homePhone' => 'homephone',
>> 'workPhone' => 'telephonenumber',
>> 'cellPhone' => 'mobile',
>> 'homeAddress' => 'postaladdress',
>> 'notes' => 'description'
>> ),
>>
>> 'search' => array(
>> 'name',
>> 'email',
>> 'homePhone',
>> 'workPhone',
>> 'cellPhone',
>> 'homeAddress',
>> 'notes'
>> ),
>>
>> 'strict' => array(
>> 'dn'
>> ),
>>
>> 'public' => true,
>> 'readonly' => false,
>> 'admin' => array(),
>> 'export' => true
>> );
>>
>>
>> turba/config/attributes:
>>
>> $attributes['name'] = array(
>> 'type' => 'text',
>> 'desc' => _("Name")
>> );
>> $attributes['alias'] = array(
>> 'type' => 'text',
>> 'desc' => _("Alias")
>> );
>> $attributes['email'] = array(
>> 'type' => 'email',
>> 'desc' => _("Email")
>> );
>> $attributes['title'] = array(
>> 'type' => 'text',
>> 'desc' => _("Title")
>> );
>> $attributes['company'] = array(
>> 'type' => 'text',
>> 'desc' => _("Company")
>> );
>> $attributes['homeAddress'] = array(
>> 'type' => 'multiline',
>> 'desc' => _("Home Address")
>> );
>> $attributes['workAddress'] = array(
>> 'type' => 'multiline',
>> 'desc' => _("Work Address")
>> );
>> $attributes['homePhone'] = array(
>> 'type' => 'phone',
>> 'desc' => _("Home Phone")
>> );
>> $attributes['workPhone'] = array(
>> 'type' => 'phone',
>> 'desc' => _("Work Phone")
>> );
>> $attributes['cellPhone'] = array(
>> 'type' => 'phone',
>> 'desc' => _("Cell Phone")
>> );
>> $attributes['fax'] = array(
>> 'type' => 'phone',
>> 'desc' => _("Fax")
>> );
>> $attributes['notes'] = array(
>> 'type' => 'multiline',
>> 'desc' => _("Notes")
>> );
>>
>>
>> horder/config/horde.php:
>>
>> /**
>> ** Preference System Settings
>> **/
>>
>> // What preferences driver should we use? Valid
>> values are 'none'
>> // (meaning use system defaults and don't save any
>> user preferences),
>> // 'session' (preferences only persist during the
>> login), 'ldap',
>> // and 'sql'.
>> $conf['prefs']['driver'] = 'ldap';
>>
>> // Any parameters that the preferences driver needs.
>> This includes
>> // database or ldap server, username/password to
>> connect with, etc.
>> $conf['prefs']['params'] = array();
>>
>> // This is an example configuration for an LDAP
>> preference backend.
>> // The schemas needed for ldap are in
>> horde/scripts/ldap. For more
>> // information see sources and comments in
>> horde/lib/Prefs/ldap.php.
>> $conf['prefs']['driver'] = 'ldap';
>> $conf['prefs']['params']['hostspec'] =
>> 'ldap.ourcompany.com';
>> $conf['prefs']['params']['port'] = '389';
>> $conf['prefs']['params']['basedn'] =
>> 'ou=users,dc=ourcompany,dc=com';
>> $conf['prefs']['params']['uid'] = 'uid';
>>
>> slapd.conf - ACLS:
>>
>> # Define global ACLs to disable default read access.
>> defaultaccess none
>>
>> access to
>>
> dn=".*ou=addressbook,(uid=.+),ou=users,dc=ourcompany,dc=com"
>> by dn="$1,ou=users,dc=ourcompany,dc=com"
>> write
>> by anonymous auth
>> by * none
>>
>> access to *
>>
> attr=userPassword,cn,sn,givenName,hordePrefs,impPrefs,turbaPrefs,kronol
> i
>>
>> thPrefs
>> by self write
>> by * auth
>>
>> access to * by self read
>> by * auth
>>
>>
>> Schema - We created an auxiliary objectclass with
>> the horde attributes
>> that we add to inetOrgPerson to make our full user
>> accounts. You can do
>> this yourself, or you can just make your
>> useraccounts hordePerson. (FYI
>> not using our real oids below, so I wouldnt copy it.
>> You can get oids
>> free online if you need to create your own schema).
>> Likewise we created
>> our own addressbook objectclass. Once again you can
>> use a standard
>> person, inetOrgPerson or whatever if you dont want
>> to have to create
>> your own. Just make sure you tell change turba's
>> sources:map
>> accordingly.
>>
>> objectclass ( 1.3.6.1.4.1.0.0.00
>> NAME 'companyEmailService'
>> DESC 'Attributes to Store User Preferences'
>> SUP top AUXILIARY
>> MAY ( emailServiceId $
>> emailServiceTransactionId $
>> routingEmailAddress $
>> publicEmailAddress $
>> emailServiceMailstoreAddress $ mail $
>> hordePrefs $ impPrefs $ turbaPrefs $
>> gollemPrefs $
>> kronolithPrefs $
>> mnemoPrefs $ trollPrefs $ nagPrefs )
>> )
>>
>> objectclass ( 1.3.6.1.4.1.0.0.00
>> NAME 'addressBookEntry'
>> DESC 'Addressbook Attributes'
>> SUP top
>> STRUCTURAL
>> MUST cn
>> MAY ( mail $ cn $ homePhone $
>> telephoneNumber $
>> mobile $ postalAddress $ description
>> )
>> )
>>
>>
>> Our ldap is set up as follows:
>>
>> dc=ourcompany,dc=com
>> |
>> ou=users
>> |
>> uid=someuseruid
>> objectclass: top
>> objectclass: ....
>> objectclass: inetOrgPerson
>> objectclass: companyEmailService
>> ....
>> hordePrefs
>> impPrefs
>> .....
>> |
>> ou=addressbook
>> |
>> cn=personname
>> objectclass: addressBookEntry
>> ....
>>
>> Sincerely,
>> Lee
>>
>>
>>
>> On Thursday, December 5, 2002, at 10:32 AM, Partha
>> wrote:
>>
>>> Hi ,
>>> I am in same boat as you.I too need the same
>>> configuration.I did try with that bits and pieces
>> but
>>> not to the compeltion.I am giving it a rest untill
>>> week end and then try it again :-) .
>>>
>>> Please post some bits and pieces if get it
>> running.
>>>
>>> Thanks in advance
>>> Partha
>>>
>>> --- "Gary C. New" <garycnew@yahoo.com> wrote:
>>>> I am attempting to install and configure
>> IMP/Turba
>>>> completely with ldap prefs and personal
>> addresses.
>>>> I've been able to find several bits and pieces of
>>>> info
>>>> regarding the topic, but I still seem to be
>> missing
>>>> some key parts.
>>>>
>>>> Has anyone on this list been successful in a full
>>>> IMP/Turba ldap installation? Can you point me to
>>>> some
>>>> more complete documentation configuring IMP/Turba
>>>> with
>>>> ldap?
>>>>
>>>> I would especially appreciate sample slapd.conf
>> and
>>>> horde.php files.
>>>>
>>>> Respectfully,
>>>>
>>>>
>>>> Gary
>>>>
>>>>
>> __________________________________________________
>>>> Do you Yahoo!?
>>>> Yahoo! Mail Plus - Powerful. Affordable. Sign up
>>>> now.
>>>> http://mailplus.yahoo.com
>>>>
>>>> --
>>>> Turba mailing list
>>>> Frequently Asked Questions: http://horde.org/faq/
>>>> To unsubscribe, mail:
>>> turba-unsubscribe@lists.horde.org
>>>
>>>
>>> __________________________________________________
>>> Do you Yahoo!?
>>> Yahoo! Mail Plus - Powerful. Affordable. Sign up
>> now.
>>> http://mailplus.yahoo.com
>>>
>>> --
>>> Turba mailing list
>>> Frequently Asked Questions: http://horde.org/faq/
>>> To unsubscribe, mail:
>> turba-unsubscribe@lists.horde.org
>>
>>
>> --
>> Turba mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: turba-unsubscribe@lists.horde.org
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
More information about the turba
mailing list