[turba] IMP ldap prefs/Turba personal ldap addresses
Lee
lee at disinfo.com
Sat Dec 7 02:59:15 2002
Gary,
If I'm understanding you correctly, what you're trying to do should be
very doable.
If you IMAP server is authenticating off ldap, then you just need to
tell horde/tuba to bind to the same ldap directory using the user
account data.
Based on the info you provided below, the horde.php should probably
look something like:
horder/config/horde.php:
/**
** Preference System Settings
**/
// What preferences driver should we use? Valid values are 'none'
// (meaning use system defaults and don't save any user preferences),
// 'session' (preferences only persist during the login), 'ldap',
// and 'sql'.
$conf['prefs']['driver'] = 'ldap';
// Any parameters that the preferences driver needs. This includes
// database or ldap server, username/password to connect with, etc.
$conf['prefs']['params'] = array();
$conf['prefs']['driver'] = 'ldap';
$conf['prefs']['params']['hostspec'] = 'ldap.ourcompany.com';
$conf['prefs']['params']['port'] = '389';
$conf['prefs']['params']['basedn'] = 'dc=webmail,dc=example,dc=org';
$conf['prefs']['params']['uid'] = 'cn';
The last line above assumes that you propagate the ldap directory under
dc=webmail,dc=... with hordePersons who have a cn = to the uid (i.e.
test_example_org) of the user who's prefs will be stored there.
Also because you want to bind using the other part of the directory I
think your going to need something like the following also:
$usermail=Auth::getAuth();
$uid = preg_replace('|@.*|i', '', $usermail);
$pass=Auth::getCredential('password');
$conf['prefs']['params']['rootdn'] = 'uid=' . $uid .
',ou=users,ispmanDomain=example.org,dc=example,dc=com';
$conf['prefs']['params']['username'] = $uid;
$conf['prefs']['params']['password'] = $pass;
I'm not 100% positive on the above code. I suggest you print the values
above to see if they are what we expect them to be when you login.
Make sure you also add the appropriate ACLS in slapd so that
"uid=test_example_org,ou=users..." can modify
"cn=test_example_org,dc=webmail,dc=...."
Lee
On Friday, December 6, 2002, at 06:53 PM, Gary C. New wrote:
> Lee,
>
> I am also using an ldap directory to supply user
> information to postfix, etc (I am using ISPMan).
>
> The ldap error messages I provided in my last posting
> were changed to ensure data security.
>
> I am currently able to access a test IMAP account
> (user data back-ended in an ISPMan generated ldap
> directory) via IMP, but with ldap error messages
> appearing in IMP. I am sure this is due to horde
> prefs not being read/written into a second ldap
> directory I have especially created for it
> (dc=webmail,dc=example,dc=org).
>
> To be clear, I have 2 ldap directories. The first is
> the directory created by ISPMan (using an
> ispman.schema) who's suffix is dc=example,dc=org. The
> following is an example entry from it (modified for
> security):
>
> (I should probably note that I am using a mail proxy
> server to transcribe the ISPMan uid from the form
> test_example_org to test@example.org and visa-versa.)
>
> dn: uid=test_example_org, ou=users,
> ispmanDomain=example.org, dc=example,
> dc=org
> ispmanStatus: active
> ispmanCreateTimestamp: 1038433499
> uid: test_example_org
> ispmanUserId: test
> ispmanDomain: example.org
> uidNumber: 1010
> gidNumber: 1002
> mailHost: example
> homeDirectory:
> /home/example.org/users/test_example_org/
> loginShell: /bin/false
> mailQuota: 25600
> creatorsName: cn=root,dc=example,dc=org
> createTimestamp: 20021127214500Z
> userPassword:: secret
> mailRoutingAddress: test_example_org@example
> FTPStatus: disabled
> objectClass: top
> objectClass: person
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: ispmanDomainUser
> objectClass: PureFTPdUser
> mailLocalAddress: test@example.org
> cn:: IFNhbGVz
> sn: Test
>
> The second directory is one I have newly created with
> the suffix dc=webmail,dc=example,dc=org and with the
> explicit use of maintaining the horde prefs and turba
> personal addresses. It currently has not been
> initialized and has nothing in it. I was kind of
> surprised that horde did not come with a basic ldif
> file, but did come with its own schema. I guess I was
> assuming that all I needed to do was drop in the
> horde.schema and configure my slapd.conf and horde.php
> and it would initialize the new directory for the
> prefs.
>
> What I do know is that IMP is able to
> authenticate/access via IMAP my test account, but it
> can't read/write horde prefs.
>
> What I would like to do is authenticate using IMP with
> my ISPMan directory and then read/write horde
> prefs/turba personal addresses into the newly created
> dc=webmail,dc=example,dc=org directory.
>
> Does this sound possible?
>
> Thank you, again, for your much appreciated
> assistance.
>
> Respectfully,
>
>
> Gary
>
>
> --- Lee <lee@disinfo.com> wrote:
>>> 1. Was a ldif file required when creating the new
>>> ldap directory. Do you have a sample of it?
>>>
>> all the OUs were created in the beginning with a
>> simple ldif. I dont
>> have it but, but it would look something like:
>>
>> dn: ou=users,dc=companyname,dc=com
>> objectclass: top
>> objectclass: organizationalUnit
>> ou: users
>>
>> We actually add users via a custom php signup
>> application, but here is
>> a minimal user account ldif:
>>
>> dn: uid=someuser201,ou=users,dc=companyname,dc=com
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: inetOrgPerson
>> objectClass: emailService
>> uid: someUser201
>> userPassword:: hjkdsUKADh
>> cn: joe shmoe
>> sn: shmoe
>> givenName: joe
>>
>> Since Im guessing you havent created your own
>> schema, you probably just
>> want to use the standard hordePerson schema instead:
>>
>> dn: cn=username,ou=users,dc=companyname,dc=com
>> objectClass: top
>> objectClass: person
>> objectClass: hordePerson
>> cn=username
>>
>>
>> (hordePrefs etc... are filled in automatically by
>> horde/imp)
>>
>> if you use this, make sure you set the ldap source
>> in horde and turba
>> to search for cn=username (not uid=username like i
>> did in the example.
>> Also you might have to change the config stuff so
>> that horde/turba bind
>> as an ldap administrator (that you added to ldap,
>> and has applicative
>> privileges -ACLS- to read and write to all the user
>> accounts in the
>> ldap directory) not the individual user, unless
>> each of the user
>> accounts in the ldap directory can have the same
>> password as the
>> useraccount's IMAP password)
>>
>>
>>
>>
>>> 2. What attributes did you index with the new
>>> directory in your slapd.conf file?
>>
>> # Indices to maintain
>> index default pres,eq
>> index
>> objectClass,uid,cn,publicEmailAddress,domainName
>>
>> (publicEmailAddress and domainName are to speed up
>> postfix mail
>> delivery, for which we use ldap as a backend as
>> well)
>>
>>
>>> 3. What is required in just getting the horde
>> prefs
>>> working with ldap (I figured I'd get the prefs
>> working
>>> before going on to the personal addresses).
>>>
>> Off the top of my head:
>> 1)Edit the horde prefs file (use the config I sent
>> as an example)
>> 2) add "include
>> /usr/local/etc/openldap/schema/horde.schema"
>> to the top of slapd.conf . Make sure you put the
>> horde.schema file in
>> that location as well.
>> 3) Add the requisite ACLs to slapd.conf (again you
>> can use the ones I
>> sent you as an example)
>> 3) Add a hordePerson to your ldap directory
>>
>>
>>> 4. Do you have any experience with the patch
>>> suggested @
>>> http://cvs.horde.org/co.php/turba/docs/LDAP
>>
>> We didnt use it, but it looks like its there to
>> mainly save users some
>> time.
>>
>>>
>>> 5. These are the errors I am currently getting
>> when
>>> trying to login to IMP with the ldap errors (I
>>> corrected my horde.php settings per your sample,
>> but
>>> it doesn't look like the new directory is being
>>> initialized or populated):
>>>
>>
>> The key here is to understand who horde/imp is
>> trying to bind as and
>> what horde/imp is trying to read/write. It looks
>> like horde is trying
>> to bind as
>> uid=test@example.org,dc=webmail,dc=example,dc=org.
>> Does this
>> exist? Is the password horde is using for that
>> account (if you use the
>> config I did, its the IMAP password) the same
>> password that is set for
>> that user account in the ldap directory? Try running
>> ldapsearch from
>> the command line using that dn / password and see if
>> you can
>> succesfully bind to the server.
>>
>> here is a sample command:
>> ldapsearch -h ldap.companyname.com -LLL -b
>> "dc=companyname,dc=com" -s
>> sub -x -D
>> "uid=test@example.org,dc=webmail,dc=example,dc=org"
>> -W
>> "(uid=*)"
>>
>> that should return:
>> uid=test@example.org,dc=webmail,dc=example,dc=org
>>
>> I should reemphasize that our IMAP server uses LDAP
>> to authenticate
>> users, so each user's ldap password is the same as
>> their imap password.
>> We use this fact to tell horde to bind to ldap as
>> the IMAP username
>> appended to "ou=users,dc=companyname,dc=com" and to
>> use the IMAP
>> password. Unless you do the same, you will need to
>> change the bind_dn,
>> bind_password to a fixed administrator account that
>> you create and has
>> the the appropriate privileges in the ldap
>> directory.
>>
>> L
>>
>>> IMP:
>>> Warning: LDAP: Unable to perform the search: No
>> such
>>> object in /home/sites/www/horde/lib/Prefs/ldap.php
>> on
>>> line 292
>>>
>>> Warning: LDAP: modify operation could not be
>>> completed. in
>> /home/sites/www/horde/lib/Prefs/ldap.php
>>> on line 415
>>>
>>> Warning: Cannot add header information - headers
>>> already sent by (output started at
>>> /home/sites/www/horde/lib/Prefs/ldap.php:292) in
>>> /home/sites/www/horde/imp/redirect.php on line 84
>>>
>>> LDAP:
>>> Dec 5 17:07:04 mail slapd[5150]: conn=594 op=0
>> BIND
>>>
>>
> dn="UID=TEST@EXAMPLE.ORG,DC=WEBMAIL,DC=EXAMPLE,DC=ORG"
>>> method=128
>>> Dec 5 17:07:04 mail slapd[5150]: conn=594 op=0
>> RESULT
>>> tag=97 err=49 text=
>>> Dec 5 17:07:04 mail slapd[5145]: conn=594 op=1
>> SRCH
>>> base="dc=webmail,dc=example,dc=org" scope=2
>>> fil
>>> ="(uid=test@example.org)"
>>> Dec 5 17:07:04 mail slapd[5145]: conn=594 op=1
>> RESULT
>>> tag=101 err=32 text=
>>> Dec 5 17:07:04 mail slapd[5147]: conn=594 op=2
>> MOD
>>>
>>
> dn="uid=test@example.org,dc=webmail,dc=example,dc=org"
>>>
>>> Dec 5 17:07:04 mail slapd[5147]: conn=594 op=2
>> RESULT
>>> tag=103 err=32 text=
>>>
>>> Thanks again for your assistance.
>>>
>>> Respectfully,
>>>
>>>
>>> Gary
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
More information about the turba
mailing list