[turba] Mapping Turba fields with GQ-marked-as-red LDAP attributes

Adam Tauno Williams adam at morrison-ind.com
Sat Apr 5 08:54:36 PST 2003

>Hi there
>This question is related to the use of read-only LDAP adressbook.
>Specifically the "map" part of the sources.php where Turba
>attributes are mapped to LDAP ones :
>     'map' => array(
>         '__key' => 'dn',
> 	'name' => 'sn',
>         'email' => 'mail',
>     ),
>I'm facing a problem here due to (I think) the LDAP schema
>used in my corporate Active Directory.
>I can browse my AD with GQ. This tool marks LDAP attributes
>with colors (black, blue, red ..). An explanation of those
>colors was made on the QG mailing list by Peter Stamfest
>Problem is that I can't map a Turba attribute to a *RED* LDAP
>attribute. Seems like no value is returned, and the search
>result page on Turba shows me the "Edit" button in place of
>the real result.

If the turba attributes appear as red it means they are not found to be
permitted by any of the objectclass's of the object.  Either AD is not
presenting all the objectclasses of the object (if is doing objectclass hiding)
or your AD is quite broken/mis-configured.  You should not see ANY red
attributes except operational ones (creation/modification time stamps, etc...)

So I don't think this is a Turba/Horde/PHP problem.  You probably need to fix
your DSA (AD in this case).

>Doing a command line ldapsearch asking specifically for those
>attributes works just fine so this is not security/auth
>related (bind with the same user/pwd in both cases).

If you ldapsearch on the same object do you see the same number of objectclass
attributes?  ldapsearch is pretty "dumb", it doesn't do as much sanity checking
as a tool like GQ.

>2 questions here :
>a) can someone try a clearer explanation for those red-tagged
>attributes as seen in GQ ? Peter's one quite confused me
>(truth is, I'm sure not an LDAP expert :-(

User application usage attributes that appear as red indicate a problem with DSA
configuration unless you have an extensible object class assigned to the object
(and you shouldn't).

>b) is there a workaround (Turba side or Active Directory side)
>to allow me to map such red-tagged attributes in my
>sources.php file ?

Disable objectclass hiding; if and however that is possible with AD.  I suspect
that is your problem.

More information about the turba mailing list