[RCD] Roundcube and openldap search hierarchy

Andreas Dick andudi at gmx.ch
Wed Feb 29 21:24:24 CET 2012


can you please publish some output of ldapsearch... with at least a contact 
and group record?

what is exactly your problem? you can not assing a contact to a specific group? 
can you try to do it with using ldapmodify on the command line?
e.g. like
----------------------------
echo "
dn: cn=Group,dc=example,dc=com
add: member
member: cn=Contact,dc=example,dc=com
" | ldapmodify -x -H $server -D $bind_dn -w $bind_pass
----------------------------

it seems that your bind_dn do not have enough rights for modifying the group 
object... how do you grant that? can you show me the slapd.conf directive?

Andreas

Am Mittwoch, 29. Februar 2012, 06.45:00 schrieben Sie:
> under Private Address Group I have ability to create more groupsofNames
> that works fine and there is no replication issues.
> I can add dn from ldap side to groupofNames via ldap tools (apache
> directory studio)
> Problem is that if user try to drag or associate existing name in public or
> private list to this new groupofNames ldap log chookes.
> essentially there is a problem with association of existing ldap account
> and dn entry with groupofNames object class with attribute member.
> 
> 
> add [dn: cn=IT,ou=addressbook,uid=xxx,ou=People,dc=xxx,dc=xxx]: Array
> (
>     [member] => Array
>         (
>             [0] => ou=addressbook,uid=xxx,ou=People,dc=xxx,dc=xxx
>         )
> 
> )
> 
> [28-Feb-2012 22:03:31 -0500]: S: Insufficient access
> 
> I have right to push changes in ldap via slapd.conf file.
> 
> On Wed, Feb 29, 2012 at 3:52 AM, Andreas Dick <andudi at gmx.ch> wrote:
> > in my setup, this works well. but I know about a problem with showing
> > contacts of new created groups in the listing...
> > can you check if the "empty" group shows more than 0 on the bottom of
> > the
> > list, even when you do not see the contacts?
> > can you check if the ldap group record contain the added contacts?
> > 
> > Andreas
> > 
> > Am 2012-02-29 01:35, schrieb Sasha Kacanski:
> >> Hi Andreas,
> >> one more question?
> >> On the private ldap address group, if I create additional group I am
> >> creating cn= ldap object class groupofNames
> >> 
> >> What is the idea behind this approach.
> >> In rouncube I am unable to add a member of public address group to
> >> private group...
> >> 
> >> example:
> >> 
> >> Public Address Group
> >> name1
> >> name2
> >> name3
> >> 
> >> Private Address Group
> >> external email contact1
> >> external email contact2
> >> 
> >>   Office (group)
> >>   
> >>     member name1 ( will not work) - meaning if I drag contact I
> >> 
> >> cant add it
> >> 
> >>      memeber name2 ( if I flag it as group in contact) cant add
> >>      it
> >> 
> >> I believe that I need to change something in main.inc.php to allow dn
> >> to be transferred from the contact that I want to add to the group to
> >> member attribute value.
> >> 
> >> Could you please point me to  right direction,
> >> 
> >> Regards,
> >> 
> >> On Mon, Feb 27, 2012 at 6:57 PM, Sasha Kacanski <skacanski at gmail.com
> >> 
> >> [5]> wrote:
> >>  U the man Andreas,
> >>  
> >>> Thanks so much for quick, clear and concise answers.
> >>> This works and I can push this for production.
> >>> Thanks much, and this is good stuff ...
> >>> --sasha
> >>> 
> >>> On Mon, Feb 27, 2012 at 11:44 AM, Andreas Dick <andudi at gmx.ch [4]>
> >>> 
> >>> wrote:
> >>>  I hope you did not try like that:
> >>>> **************************
> >>>> 
> >>>>  groups =>
> >>>>  
> >>>>    array (
> >>>>    
> >>>>      base_dn => ,
> >>>>      filter => (objectClass=groupOfNames),
> >>>>      object_classes =>
> >>>>      array (
> >>>>      
> >>>>        0 => top,
> >>>>        1 => groupOfNames,
> >>>>      
> >>>>      ),
> >>>>      member_attr => member,
> >>>>      name_attr => cn,
> >>>>    
> >>>>    ),
> >>>>    
> >>>>        scope => one
> >>>>  
> >>>>  ),
> >>>>  private =>
> >>>>  array (
> >>>>  
> >>>>    name => Private LDAP Addressbook,
> >>>>    
> >>>>    hosts =>
> >>>> 
> >>>> ....
> >>>> **************************
> >>>> 
> >>>> the scope must be INSIDE the groups array, e.g. like
> >>>> **************************
> >>>> 
> >>>>  groups =>
> >>>>  
> >>>>    array (
> >>>>    
> >>>>      base_dn => ,
> >>>>      scope => one
> >>>>      
> >>>>      filter => (objectClass=groupOfNames),
> >>>>      object_classes =>
> >>>>      array (
> >>>>      
> >>>>        0 => top,
> >>>>        1 => groupOfNames,
> >>>>      
> >>>>      ),
> >>>>      member_attr => member,
> >>>>      name_attr => cn,
> >>>>    
> >>>>    ),
> >>>> 
> >>>> **************************
> >>>> 
> >>>> Andreas
> >>>> 
> >>>> Am 2012-02-27 14:26, schrieb Sasha Kacanski:
> >>>>  Andreas,
> >>>>  
> >>>>> your suggestion did not work ether:
> >>>>>  groups =>
> >>>>>  
> >>>>>     array (
> >>>>>     
> >>>>>       base_dn => ,
> >>>>>       filter => (objectClass=groupOfNames),
> >>>>>       
> >>>>>        object_classes =>
> >>>>>       
> >>>>>       array (
> >>>>>       
> >>>>>         0 => top,
> >>>>>         1 => groupOfNames,
> >>>>>       
> >>>>>       ),
> >>>>>       member_attr => member,
> >>>>>       name_attr => cn,
> >>>>>      
> >>>>>      ),
> >>>>>      
> >>>>>         SCOPE => ONE
> >>>>>   
> >>>>>   ),
> >>>>>   private =>
> >>>>>   array (
> >>>>>   
> >>>>>     name => Private LDAP Addressbook,
> >>>>>     
> >>>>>     hosts =>
> >>>>> 
> >>>>> ....
> >>>>> 
> >>>>>  I tried with sub, list base options, just to see if it makes
> >>>>> 
> >>>>> a
> >>>>> difference and nothing is happening ...
> >>>>> 
> >>>>> in ldap log "rounde cube"
> >>>>> C: Search [(objectClass=inetOrgPerson)][**dn:
> >>>>> ou=People,dc=xxxxxx,dc=xxx]
> >>>>> 
> >>>>> so it seems that option is not being passed ...
> >>>>> 
> >>>>> --sasha
> >>>>> 
> >>>>> On Sun, Feb 26, 2012 at 2:14 PM, Sasha Kacanski
> >>>>> <skacanski at gmail.com [3]
> >>>>> 
> >>>>> [1]> wrote:
> >>>>>  Ok,
> >>>>>  
> >>>>>> Ill let u know how it went!
> >>>>>> 
> >>>>>> On Sunday, February 26, 2012, Andreas Dick wrote:
> >>>>>>  Am Sonntag, 26. Februar 2012, 07.00:08 schrieben Sie:
> >>>>>>> > Curious, Why would you separate searches per group
> >>>>>>> > and/or
> >>>>>>> 
> >>>>>>> contact?
> >>>>>>> I think it makes sense to seperate...
> >>>>>>> 
> >>>>>>> but well, the concerning option is not yet prepared in the
> >>>>>>> default config
> >>>>>>> 
> >>>>>>> file... please try to add:
> >>>>>>>    scope     => one,
> >>>>>>> 
> >>>>>>> in the groups array... it is allready implemented in the
> >>>>>>> code :-)
> >>>>>>> 
> >>>>>>> Andreas
> >>>>>>> 
> >>>>>>> > anyway, is there anything else we can do in the mean
> >>>>>>> 
> >>>>>>> time.
> >>>>>>> 
> >>>>>>> > I am not good in php, but pretty good with python and
> >>>>>>> 
> >>>>>>> java.
> >>>>>>> 
> >>>>>>> > Regards, --sasha
> >>>>>>> > 
> >>>>>>> > On Sat, Feb 25, 2012 at 6:37 PM, Andreas Dick
> >>>>>>> 
> >>>>>>> <andudi at gmx.ch [1]>
> >>>>>>> 
> >>>>>>> wrote:
> >>>>>>> > > I suppose the search scope is not yet imlemented for
> >>>>>>> 
> >>>>>>> groups... just for
> >>>>>>> 
> >>>>>>> > > contacts... maybe il check that soon...
> >>>>>>> > > 
> >>>>>>> > > 
> >>>>>>> > > Andreas
> >>>>>>> > > 
> >>>>>>> > > Sasha Kacanski <skacanski at gmail.com [2]> schrieb:
> >>>>>>> > > >Absolutely,
> >>>>>>> > > >
> >>>>>>> > > >btw, roundcube works great otherwise. This is a
> >>>>>>> > > >first
> >>>>>>> 
> >>>>>>> product that can
> >>>>>>> 
> >>>>>>> > > >so
> >>>>>>> > > >well integrate with two imap cyrus servers, one as
> >>>>>>> 
> >>>>>>> main mail
> >>>>>>> server
> >>>>>>> 
> >>>>>>> > > >and
> >>>>>>> > > >other as long term archive. With remote plugin for
> >>>>>>> > > >two
> >>>>>>> 
> >>>>>>> imaps, users
> >>>>>>> 
> >>>>>>> > > >can
> >>>>>>> > > >switch between mail and archive.
> >>>>>>> > > >
> >>>>>>> > > >Anyway here is the main.inc.php
> >>>>>>> > > >
> >>>>>>> > > >$rcmail_config[address_book_**type] = ldap;
> >>>>>>> > > >
> >>>>>>> > > >// In order to enable public ldap search,
> >>>>>>> > > >configure an
> >>>>>>> 
> >>>>>>> array
> >>>>>>> like the
> >>>>>>> 
> >>>>>>> > > >Verisign
> >>>>>>> > > >// example further below. if you would like to
> >>>>>>> > > >test,
> >>>>>>> 
> >>>>>>> simply
> >>>>>>> uncomment
> >>>>>>> 
> >>>>>>> > > >the
> >>>>>>> > > >example.
> >>>>>>> > > >// Array key must contain only safe characters,
> >>>>>>> > > >ie.
> >>>>>>> 
> >>>>>>> a-zA-Z0-9_
> >>>>>>> 
> >>>>>>> > > >$rcmail_config[ldap_public] = array (
> >>>>>>> > > >
> >>>>>>> > > >  public =>
> >>>>>>> > > >  array (
> >>>>>>> > > >  
> >>>>>>> > > >    name => Public Addressbook,
> >>>>>>> > > >    hosts =>
> >>>>>>> > > >    array (
> >>>>>>> > > >    
> >>>>>>> > > >      0 => some IP,
> >>>>>>> > > >    
> >>>>>>> > > >    ),
> >>>>>>> > > >    port => 389,
> >>>>>>> > > >    use_tls => false,
> >>>>>>> > > >    ldap_version => 3,
> >>>>>>> > > >    user_specific => false,
> >>>>>>> > > >    base_dn => ou=People,dc=xxx,dc=xxx,
> >>>>>>> > > >    bind_dn => cn=Some admin,dc=xxx,dc=xxx,
> >>>>>>> > > >    bind_pass => xxxxx,
> >>>>>>> > > >    search_base_dn =>
> >>>>>>> > > >    ou=People,dc=xxxx,dc=xxx,
> >>>>>>> > > >    search_filter =>
> >>>>>>> 
> >>>>>>> (&(objectClass=posixAccount)(**uid=%u)),
> >>>>>>> 
> >>>>>>> > > >    search_bind_dn => cn=Some
> >>>>>>> > > >    admin,dc=xxxxx,dc=xxx,
> >>>>>>> > > >    search_bind_pw => xxxxxxx,
> >>>>>>> > > >    
> >>>>>>> > > >    search_dn_default => ,
> >>>>>>> > > >    auth_cid => ,
> >>>>>>> > > >    auth_method => ,
> >>>>>>> > > >    hidden => false,
> >>>>>>> > > >    searchonly => false,
> >>>>>>> > > >    writable => false,
> >>>>>>> > > >    LDAP_Object_Classes =>
> >>>>>>> > > >    array (
> >>>>>>> > > >    
> >>>>>>> > > >      0 => top,
> >>>>>>> > > >      1 => inetOrgPerson,
> >>>>>>> > > >    
> >>>>>>> > > >    ),
> >>>>>>> > > >    LDAP_rdn => mail,
> >>>>>>> > > >    required_fields =>
> >>>>>>> > > >    array (
> >>>>>>> > > >    
> >>>>>>> > > >      0 => cn,
> >>>>>>> > > >      1 => sn,
> >>>>>>> > > >      2 => mail,
> >>>>>>> > > >      3 => uid,
> >>>>>>> > > >    
> >>>>>>> > > >    ),
> >>>>>>> > > >    search_fields =>
> >>>>>>> > > >    array (
> >>>>>>> > > >    
> >>>>>>> > > >      0 => uid,
> >>>>>>> > > >      1 => mail,
> >>>>>>> > > >      2 => cn,
> >>>>>>> > > >    
> >>>>>>> > > >    ),
> >>>>>>> > > >    fieldmap =>
> >>>>>>> > > >    array (
> >>>>>>> > > >    
> >>>>>>> > > >      name => cn,
> >>>>>>> > > >      surname => sn,
> >>>>>>> > > >      firstname => givenName,
> >>>>>>> > > >      email => mail,
> >>>>>>> > > >      phone:home => homePhone,
> >>>>>>> > > >      phone:work => telephoneNumber,
> >>>>>>> > > >      phone:mobile => mobile,
> >>>>>>> > > >      street => street,
> >>>>>>> > > >      zipcode
> >>>>>> 
> >>>>>> --
> >>>>>> Aleksandar Kacanski
> >>> 
> >>> --
> >>> Aleksandar Kacanski
_______________________________________________
List info: http://lists.roundcube.net/dev/
BT/aba52c80



More information about the Dev mailing list