[turba] Re: turba sources.conf

Edwin L. Culp eculp at encontacto.net
Wed Feb 2 06:14:12 PST 2005


Forgot the attachment, sorry.

ed

Quoting David Irvine <david at david-irvine.com>:

> ?Hi
>
> I wonder if you would be able to give me some pointers I am having load
> of difficulties in setting up turba and ldap and really would like to. I
> note in teh lst you offered somebody a copy of your sources files.
>
> If you would not mind I would love a copy and also perhaps your acl bits
> from slapd.conf as well
>
> I am having a terrrible time
>
> Many thanks
> in advance

Hi David,

How about our keeping this on the list so others can have an oportunity
to help
you also or to correct my advise;)

Your explanation doesn't tell me much as to what your problem is but I'll send
you some things that you asked for that will hopefully help.

My acl bits are basic and should be clear.  I've only added three
rules, one for
each user accessable addressbook to allow folks to modify their entries and it
is trivial to add additional DN's for other reasons. My ldap tree structure
should also be obvious.

access to dn.regex=".*,mail=(.*),ou=personal,o=domain.com"
   by      dn.regex="mail=$1,ou=people,o=domain.com"   write

access to dn.regex=".*,mail=(.*),ou=temporal,o=domain.com"
   by      dn.regex="mail=$1,ou=people,o=domain.com"   write

access to dn.regex=".*,mail=(.*),ou=addressbook,o=domain.com"
   by      dn.regex="mail=$1,ou=people,o=domain.com"   write


access to *
   by self write
   by * read
   by anonymous auth

-----------------------------------------------------
I'm attaching the personal addressbook config, the others are just copies with
minor changes such as the corporate addressbook, that isn't in the ACL's
because only admins (me:) can modify anything except their entry and it is
generated automatically when a user is created with the corporate.com virtual
domain in his email and is the base dn for all changes to his directories.
example:

mail=eculp at encontacto.net,ou=people,o=domain.com

so the attached addressbook configuration changing the binddn to root so it
can´t be changed and a

'filter' => 'mail=' . '*@' . $vdomain,

will pop out all the corporate users.  Of course this is all so flexible that
any local requirements can be met with minor modification.

Hope this helps,

ed





-- 
Turba mailing list - Join the hunt: http://horde.org/bounties/#turba
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: turba-unsubscribe at lists.horde.org

-------------- next part --------------
/* David, You may or may not need these general variables but I use them everywhere just in case.. */

if (isset($_SERVER['HTTP_HOST'])) {
  $vdomain = strtolower(preg_replace('/^mail\.|^www\.|^www\.mail\./i', '', $_SERVER['HTTP_HOST']));
} else {
  $vdomain='domain.com';
}
$mail=Auth::getAuth();
$uid=Auth::getBareAuth();
$pass=Auth::getCredential('password');
$basedn = 'o=domain.com';


$cfgSources['personal'] = array(
    'title' => _("Mis Direcciones"),
    'type' => 'ldap',
    'params' => array(
        'server' => 'localhost',
        'tls' => false,
        'root' => 'mail=' . $mail . ',ou=personal,' . $basedn,
        'bind_dn' => 'mail=' . $mail . ',ou=People,' . $basedn,
        'bind_password' => $pass,
/*        The following two lines are in the configuration and are for testing ACLs     */
//        'bind_dn' => 'cn=root,o=domain.com',
//        'bind_password' => '***************',
        'dn' => array('mail'),
        'objectclass' => array(
             'top',
             'person',
             'inetOrgPerson',
             'evolutionPerson',
             'hordePerson',
             'turbaContact',
             'calEntry'
         ),
//        'charset' => 'utf-8',
        'charset' => 'iso-8859-1',
        'checkrequired' => true,
        // string to put in missing required attributes.
        'checkrequired_string' => ' ',
        'version' => 3
    ),
    'map' => array(
        '__key' => 'dn',
        '__uid' => 'uid',
        'name' => 'cn',
        'email' => 'mail',
        'lastname' => 'sn',
        'title' => 'title',
        'company' => 'organizationname',
        'businessCategory' => 'businesscategory',
        'workAddress' => 'postaladdress',
        'workPostalCode' => 'postalcode',
        'workPhone' => 'telephonenumber',
        'fax' => 'facsimiletelephonenumber',
        'homeAddress' => 'homepostaladdress',
        'homePhone' => 'homephone',
        'cellPhone' => 'mobile',
        'notes' => 'description',
        // Evolution interopt attributes:  (those that do not require the evolution.schema)
        'office'=> 'roomNumber',
        'department' => 'ou',
        'nickname' => 'displayName',
        'website' => 'labeledURI',

        // These are not stored on the LDAP server.
        'pgpPublicKey' => 'object_pgppublickey',
        'smimePublicKey' => 'object_smimepublickey',

        // From rfc2739.schema:
        'freebusyUrl' => 'calFBURL',

    ),
    'search' => array(
        'name',
        'email',
        'businessCategory',
        'title',
        'homePhone',
        'workPhone',
        'cellPhone',
        'homeAddress'
    ),
    'strict' => array(
        'dn',
    ),
    'public' => true,
    'readonly' => false,
    'admin' => array($mail),
    'export' => true
);



More information about the turba mailing list