[turba] IMP ldap prefs/Turba personal ldap addresses

Jean-Michel Besnard besnard at tekkno.net
Sat Dec 7 12:16:44 2002 

Hi,

I don't see any reason why you would a second ldap directory. You should be able
to do everything with ispman's ldap.
If you ask on irc channel #ispman (irc.openprojects.net) you should find people
that have achieved this (I know some who did that way) or you can ask this in
the ispman mailing list, since most of the ispman users also use horde.

JM


Quoting "Gary C. New" <garycnew@yahoo.com>:

> Lee,
> 
> I am also using an ldap directory to supply user
> information to postfix, etc (I am using ISPMan).
> 
> The ldap error messages I provided in my last posting
> were changed to ensure data security.
> 
> I am currently able to access a test IMAP account
> (user data back-ended in an ISPMan generated ldap
> directory) via IMP, but with ldap error messages
> appearing in IMP.  I am sure this is due to horde
> prefs not being read/written into a second ldap
> directory I have especially created for it
> (dc=webmail,dc=example,dc=org).
> 
> To be clear, I have 2 ldap directories.  The first is
> the directory created by ISPMan (using an
> ispman.schema) who's suffix is dc=example,dc=org.  The
> following is an example entry from it (modified for
> security):
> 
> (I should probably note that I am using a mail proxy
> server to transcribe the ISPMan uid from the form
> test_example_org to test@example.org and visa-versa.)
> 
> dn: uid=test_example_org, ou=users,
> ispmanDomain=example.org, dc=example,
>  dc=org
> ispmanStatus: active
> ispmanCreateTimestamp: 1038433499
> uid: test_example_org
> ispmanUserId: test
> ispmanDomain: example.org
> uidNumber: 1010
> gidNumber: 1002
> mailHost: example
> homeDirectory:
> /home/example.org/users/test_example_org/
> loginShell: /bin/false
> mailQuota: 25600
> creatorsName: cn=root,dc=example,dc=org
> createTimestamp: 20021127214500Z
> userPassword:: secret
> mailRoutingAddress: test_example_org@example
> FTPStatus: disabled
> objectClass: top
> objectClass: person
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: ispmanDomainUser
> objectClass: PureFTPdUser
> mailLocalAddress: test@example.org
> cn:: IFNhbGVz
> sn: Test
> 
> The second directory is one I have newly created with
> the suffix dc=webmail,dc=example,dc=org and with the
> explicit use of maintaining the horde prefs and turba
> personal addresses.  It currently has not been
> initialized and has nothing in it.  I was kind of
> surprised that horde did not come with a basic ldif
> file, but did come with its own schema.  I guess I was
> assuming that all I needed to do was drop in the
> horde.schema and configure my slapd.conf and horde.php
> and it would initialize the new directory for the
> prefs.
> 
> What I do know is that IMP is able to
> authenticate/access via IMAP my test account, but it
> can't read/write horde prefs.
> 
> What I would like to do is authenticate using IMP with
> my ISPMan directory and then read/write horde
> prefs/turba personal addresses into the newly created
> dc=webmail,dc=example,dc=org directory.
> 
> Does this sound possible?
> 
> Thank you, again, for your much appreciated
> assistance.
> 
> Respectfully,
> 
> 
> Gary
> 
> 
> --- Lee <lee@disinfo.com> wrote:
> > > 1.  Was a ldif file required when creating the new
> > > ldap directory.  Do you have a sample of it?
> > >
> > all the OUs were created in the beginning with a
> > simple ldif. I dont
> > have it but, but it would look something like:
> >
> > dn: ou=users,dc=companyname,dc=com
> > objectclass: top
> > objectclass: organizationalUnit
> > ou: users
> >
> > We actually add users via a custom php signup
> > application, but here is
> > a minimal user account ldif:
> >
> > dn: uid=someuser201,ou=users,dc=companyname,dc=com
> > objectClass: top
> > objectClass: person
> > objectClass: organizationalPerson
> > objectClass: inetOrgPerson
> > objectClass: emailService
> > uid: someUser201
> > userPassword:: hjkdsUKADh
> > cn: joe shmoe
> > sn: shmoe
> > givenName: joe
> >
> > Since Im guessing you havent created your own
> > schema, you probably just
> > want to use the standard hordePerson schema instead:
> >
> > dn: cn=username,ou=users,dc=companyname,dc=com
> > objectClass: top
> > objectClass: person
> > objectClass: hordePerson
> > cn=username
> >
> >
> > (hordePrefs etc... are filled in automatically by
> > horde/imp)
> >
> > if you use this, make sure you set the ldap source
> > in horde and turba
> > to search for cn=username (not uid=username like i
> > did in the example.
> > Also you might have to change the config stuff so
> > that horde/turba bind
> > as an ldap administrator (that you added to ldap,
> > and has applicative
> > privileges -ACLS- to read and write to all the user
> > accounts in the
> > ldap directory)  not the individual user, unless
> > each of the user
> > accounts in the ldap directory can have the same
> > password as the
> > useraccount's IMAP password)
> >
> >
> >
> >
> > > 2.  What attributes did you index with the new
> > > directory in your slapd.conf file?
> >
> > # Indices to maintain
> > index default pres,eq
> > index
> > objectClass,uid,cn,publicEmailAddress,domainName
> >
> > (publicEmailAddress and domainName are to speed up
> > postfix mail
> > delivery, for which we use ldap as a backend as
> > well)
> >
> >
> > > 3.  What is required in just getting the horde
> > prefs
> > > working with ldap (I figured I'd get the prefs
> > working
> > > before going on to the personal addresses).
> > >
> > Off the top of my head:
> > 1)Edit the horde prefs file (use the config I sent
> > as an example)
> > 2) add  "include
> > /usr/local/etc/openldap/schema/horde.schema"
> > to the top of slapd.conf . Make sure you put the
> > horde.schema file in
> > that location as well.
> > 3) Add the requisite ACLs to slapd.conf (again you
> > can use the ones I
> > sent you as an example)
> > 3) Add a hordePerson to your ldap directory
> >
> >
> > > 4.  Do you have any experience with the patch
> > > suggested @
> > > http://cvs.horde.org/co.php/turba/docs/LDAP
> >
> > We didnt use it, but it looks like its there to
> > mainly save users some
> > time.
> >
> > >
> > > 5.  These are the errors I am currently getting
> > when
> > > trying to login to IMP with the ldap errors (I
> > > corrected my horde.php settings per your sample,
> > but
> > > it doesn't look like the new directory is being
> > > initialized or populated):
> > >
> >
> > The key here is to understand who horde/imp is
> > trying to bind as and
> > what horde/imp is trying to read/write. It looks
> > like horde is trying
> > to bind as
> > uid=test@example.org,dc=webmail,dc=example,dc=org.
> > Does this
> > exist? Is the password horde is using for that
> > account (if you use the
> > config I did, its the IMAP password) the same
> > password that is set for
> > that user account in the ldap directory? Try running
> > ldapsearch from
> > the command line using that dn / password and see if
> > you can
> > succesfully bind to the server.
> >
> > here is a sample command:
> > ldapsearch -h ldap.companyname.com -LLL -b
> > "dc=companyname,dc=com" -s
> > sub -x -D
> > "uid=test@example.org,dc=webmail,dc=example,dc=org"
> > -W
> > "(uid=*)"
> >
> > that should return:
> > uid=test@example.org,dc=webmail,dc=example,dc=org
> >
> > I should reemphasize that our IMAP server uses LDAP
> > to authenticate
> > users, so each user's ldap password is the same as
> > their imap password.
> > We use this fact to tell horde to bind to ldap as
> > the IMAP username
> > appended to "ou=users,dc=companyname,dc=com" and to
> > use the IMAP
> > password. Unless you do the same, you will need to
> > change the bind_dn,
> > bind_password to a fixed administrator account that
> > you create and has
> > the the appropriate privileges in the ldap
> > directory.
> >
> > L
> >
> > > IMP:
> > > Warning: LDAP: Unable to perform the search: No
> > such
> > > object in /home/sites/www/horde/lib/Prefs/ldap.php
> > on
> > > line 292
> > >
> > > Warning: LDAP: modify operation could not be
> > > completed. in
> > /home/sites/www/horde/lib/Prefs/ldap.php
> > > on line 415
> > >
> > > Warning: Cannot add header information - headers
> > > already sent by (output started at
> > > /home/sites/www/horde/lib/Prefs/ldap.php:292) in
> > > /home/sites/www/horde/imp/redirect.php on line 84
> > >
> > > LDAP:
> > > Dec  5 17:07:04 mail slapd[5150]: conn=594 op=0
> > BIND
> > >
> >
> dn="UID=TEST@EXAMPLE.ORG,DC=WEBMAIL,DC=EXAMPLE,DC=ORG"
> > > method=128
> > > Dec  5 17:07:04 mail slapd[5150]: conn=594 op=0
> > RESULT
> > > tag=97 err=49 text=
> > > Dec  5 17:07:04 mail slapd[5145]: conn=594 op=1
> > SRCH
> > > base="dc=webmail,dc=example,dc=org" scope=2
> > > fil
> > > ="(uid=test@example.org)"
> > > Dec  5 17:07:04 mail slapd[5145]: conn=594 op=1
> > RESULT
> > > tag=101 err=32 text=
> > > Dec  5 17:07:04 mail slapd[5147]: conn=594 op=2
> > MOD
> > >
> >
> dn="uid=test@example.org,dc=webmail,dc=example,dc=org"
> > >
> > > Dec  5 17:07:04 mail slapd[5147]: conn=594 op=2
> > RESULT
> > > tag=103 err=32 text=
> > >
> > > Thanks again for your assistance.
> > >
> > > Respectfully,
> > >
> > >
> > > Gary
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
> 
> --
> Turba mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: turba-unsubscribe@lists.horde.org

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

More information about the turba mailing list