[turba] IMP ldap prefs/Turba personal ldap addresses

Gary C. New garycnew at yahoo.com
Fri Dec 6 23:53:14 2002 

Lee,

I am also using an ldap directory to supply user
information to postfix, etc (I am using ISPMan).

The ldap error messages I provided in my last posting
were changed to ensure data security.

I am currently able to access a test IMAP account
(user data back-ended in an ISPMan generated ldap
directory) via IMP, but with ldap error messages
appearing in IMP.  I am sure this is due to horde
prefs not being read/written into a second ldap
directory I have especially created for it
(dc=webmail,dc=example,dc=org).

To be clear, I have 2 ldap directories.  The first is
the directory created by ISPMan (using an
ispman.schema) who's suffix is dc=example,dc=org.  The
following is an example entry from it (modified for
security):

(I should probably note that I am using a mail proxy
server to transcribe the ISPMan uid from the form
test_example_org to test@example.org and visa-versa.)

dn: uid=test_example_org, ou=users,
ispmanDomain=example.org, dc=example, 
 dc=org
ispmanStatus: active
ispmanCreateTimestamp: 1038433499
uid: test_example_org
ispmanUserId: test
ispmanDomain: example.org
uidNumber: 1010
gidNumber: 1002
mailHost: example
homeDirectory:
/home/example.org/users/test_example_org/
loginShell: /bin/false
mailQuota: 25600
creatorsName: cn=root,dc=example,dc=org
createTimestamp: 20021127214500Z
userPassword:: secret
mailRoutingAddress: test_example_org@example
FTPStatus: disabled
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: ispmanDomainUser
objectClass: PureFTPdUser
mailLocalAddress: test@example.org
cn:: IFNhbGVz
sn: Test

The second directory is one I have newly created with
the suffix dc=webmail,dc=example,dc=org and with the
explicit use of maintaining the horde prefs and turba
personal addresses.  It currently has not been
initialized and has nothing in it.  I was kind of
surprised that horde did not come with a basic ldif
file, but did come with its own schema.  I guess I was
assuming that all I needed to do was drop in the
horde.schema and configure my slapd.conf and horde.php
and it would initialize the new directory for the
prefs.

What I do know is that IMP is able to
authenticate/access via IMAP my test account, but it
can't read/write horde prefs.

What I would like to do is authenticate using IMP with
my ISPMan directory and then read/write horde
prefs/turba personal addresses into the newly created
dc=webmail,dc=example,dc=org directory.

Does this sound possible?

Thank you, again, for your much appreciated
assistance.

Respectfully,


Gary


--- Lee <lee@disinfo.com> wrote:
> > 1.  Was a ldif file required when creating the new
> > ldap directory.  Do you have a sample of it?
> >
> all the OUs were created in the beginning with a
> simple ldif. I dont  
> have it but, but it would look something like:
> 
> dn: ou=users,dc=companyname,dc=com
> objectclass: top
> objectclass: organizationalUnit
> ou: users
> 
> We actually add users via a custom php signup
> application, but here is  
> a minimal user account ldif:
> 
> dn: uid=someuser201,ou=users,dc=companyname,dc=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: emailService
> uid: someUser201
> userPassword:: hjkdsUKADh
> cn: joe shmoe
> sn: shmoe
> givenName: joe
> 
> Since Im guessing you havent created your own
> schema, you probably just  
> want to use the standard hordePerson schema instead:
> 
> dn: cn=username,ou=users,dc=companyname,dc=com
> objectClass: top
> objectClass: person
> objectClass: hordePerson
> cn=username
> 
> 
> (hordePrefs etc... are filled in automatically by
> horde/imp)
> 
> if you use this, make sure you set the ldap source
> in horde and turba  
> to search for cn=username (not uid=username like i
> did in the example.  
> Also you might have to change the config stuff so
> that horde/turba bind  
> as an ldap administrator (that you added to ldap,
> and has applicative  
> privileges -ACLS- to read and write to all the user
> accounts in the  
> ldap directory)  not the individual user, unless
> each of the user  
> accounts in the ldap directory can have the same
> password as the  
> useraccount's IMAP password)
> 
> 
> 
> 
> > 2.  What attributes did you index with the new
> > directory in your slapd.conf file?
> 
> # Indices to maintain
> index default pres,eq
> index
> objectClass,uid,cn,publicEmailAddress,domainName
> 
> (publicEmailAddress and domainName are to speed up
> postfix mail  
> delivery, for which we use ldap as a backend as
> well)
> 
> 
> > 3.  What is required in just getting the horde
> prefs
> > working with ldap (I figured I'd get the prefs
> working
> > before going on to the personal addresses).
> >
> Off the top of my head:
> 1)Edit the horde prefs file (use the config I sent
> as an example)
> 2) add  "include        
> /usr/local/etc/openldap/schema/horde.schema"  
> to the top of slapd.conf . Make sure you put the
> horde.schema file in  
> that location as well.
> 3) Add the requisite ACLs to slapd.conf (again you
> can use the ones I  
> sent you as an example)
> 3) Add a hordePerson to your ldap directory
> 
> 
> > 4.  Do you have any experience with the patch
> > suggested @
> > http://cvs.horde.org/co.php/turba/docs/LDAP
> 
> We didnt use it, but it looks like its there to
> mainly save users some  
> time.
> 
> >
> > 5.  These are the errors I am currently getting
> when
> > trying to login to IMP with the ldap errors (I
> > corrected my horde.php settings per your sample,
> but
> > it doesn't look like the new directory is being
> > initialized or populated):
> >
> 
> The key here is to understand who horde/imp is
> trying to bind as and  
> what horde/imp is trying to read/write. It looks
> like horde is trying  
> to bind as
> uid=test@example.org,dc=webmail,dc=example,dc=org.
> Does this  
> exist? Is the password horde is using for that
> account (if you use the  
> config I did, its the IMAP password) the same
> password that is set for  
> that user account in the ldap directory? Try running
> ldapsearch from  
> the command line using that dn / password and see if
> you can  
> succesfully bind to the server.
> 
> here is a sample command:
> ldapsearch -h ldap.companyname.com -LLL -b
> "dc=companyname,dc=com" -s  
> sub -x -D
> "uid=test@example.org,dc=webmail,dc=example,dc=org"
> -W  
> "(uid=*)"
> 
> that should return:
> uid=test@example.org,dc=webmail,dc=example,dc=org
> 
> I should reemphasize that our IMAP server uses LDAP
> to authenticate  
> users, so each user's ldap password is the same as
> their imap password.  
> We use this fact to tell horde to bind to ldap as
> the IMAP username  
> appended to "ou=users,dc=companyname,dc=com" and to
> use the IMAP  
> password. Unless you do the same, you will need to
> change the bind_dn,  
> bind_password to a fixed administrator account that
> you create and has  
> the the appropriate privileges in the ldap
> directory.
> 
> L
> 
> > IMP:
> > Warning: LDAP: Unable to perform the search: No
> such
> > object in /home/sites/www/horde/lib/Prefs/ldap.php
> on
> > line 292
> >
> > Warning: LDAP: modify operation could not be
> > completed. in
> /home/sites/www/horde/lib/Prefs/ldap.php
> > on line 415
> >
> > Warning: Cannot add header information - headers
> > already sent by (output started at
> > /home/sites/www/horde/lib/Prefs/ldap.php:292) in
> > /home/sites/www/horde/imp/redirect.php on line 84
> >
> > LDAP:
> > Dec  5 17:07:04 mail slapd[5150]: conn=594 op=0
> BIND
> >
>
dn="UID=TEST@EXAMPLE.ORG,DC=WEBMAIL,DC=EXAMPLE,DC=ORG"
> > method=128
> > Dec  5 17:07:04 mail slapd[5150]: conn=594 op=0
> RESULT
> > tag=97 err=49 text=
> > Dec  5 17:07:04 mail slapd[5145]: conn=594 op=1
> SRCH
> > base="dc=webmail,dc=example,dc=org" scope=2
> > fil
> > ="(uid=test@example.org)"
> > Dec  5 17:07:04 mail slapd[5145]: conn=594 op=1
> RESULT
> > tag=101 err=32 text=
> > Dec  5 17:07:04 mail slapd[5147]: conn=594 op=2
> MOD
> >
>
dn="uid=test@example.org,dc=webmail,dc=example,dc=org"
> >
> > Dec  5 17:07:04 mail slapd[5147]: conn=594 op=2
> RESULT
> > tag=103 err=32 text=
> >
> > Thanks again for your assistance.
> >
> > Respectfully,
> >
> >
> > Gary

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

More information about the turba mailing list