can you please publish some output of ldapsearch... with at least a contact and group record?
what is exactly your problem? you can not assing a contact to a specific group? can you try to do it with using ldapmodify on the command line? e.g. like
echo " dn: cn=Group,dc=example,dc=com add: member member: cn=Contact,dc=example,dc=com " | ldapmodify -x -H $server -D $bind_dn -w $bind_pass
it seems that your bind_dn do not have enough rights for modifying the group object... how do you grant that? can you show me the slapd.conf directive?
Andreas
Am Mittwoch, 29. Februar 2012, 06.45:00 schrieben Sie:
under Private Address Group I have ability to create more groupsofNames that works fine and there is no replication issues. I can add dn from ldap side to groupofNames via ldap tools (apache directory studio) Problem is that if user try to drag or associate existing name in public or private list to this new groupofNames ldap log chookes. essentially there is a problem with association of existing ldap account and dn entry with groupofNames object class with attribute member.
add [dn: cn=IT,ou=addressbook,uid=xxx,ou=People,dc=xxx,dc=xxx]: Array ( [member] => Array ( [0] => ou=addressbook,uid=xxx,ou=People,dc=xxx,dc=xxx )
)
[28-Feb-2012 22:03:31 -0500]: S: Insufficient access
I have right to push changes in ldap via slapd.conf file.
On Wed, Feb 29, 2012 at 3:52 AM, Andreas Dick andudi@gmx.ch wrote:
in my setup, this works well. but I know about a problem with showing contacts of new created groups in the listing... can you check if the "empty" group shows more than 0 on the bottom of the list, even when you do not see the contacts? can you check if the ldap group record contain the added contacts?
Andreas
Am 2012-02-29 01:35, schrieb Sasha Kacanski:
Hi Andreas, one more question? On the private ldap address group, if I create additional group I am creating cn= ldap object class groupofNames
What is the idea behind this approach. In rouncube I am unable to add a member of public address group to private group...
example:
Public Address Group name1 name2 name3
Private Address Group external email contact1 external email contact2
Office (group)
member name1 ( will not work) - meaning if I drag contact I
cant add it
memeber name2 ( if I flag it as group in contact) cant add it
I believe that I need to change something in main.inc.php to allow dn to be transferred from the contact that I want to add to the group to member attribute value.
Could you please point me to right direction,
Regards,
On Mon, Feb 27, 2012 at 6:57 PM, Sasha Kacanski <skacanski@gmail.com
[5]> wrote: U the man Andreas,
Thanks so much for quick, clear and concise answers. This works and I can push this for production. Thanks much, and this is good stuff ... --sasha
On Mon, Feb 27, 2012 at 11:44 AM, Andreas Dick <andudi@gmx.ch [4]>
wrote: I hope you did not try like that:
groups =>
array (
base_dn => , filter => (objectClass=groupOfNames), object_classes => array ( 0 => top, 1 => groupOfNames, ), member_attr => member, name_attr => cn,
),
scope => one
), private => array (
name => Private LDAP Addressbook,
hosts =>
....
the scope must be INSIDE the groups array, e.g. like
groups =>
array (
base_dn => , scope => one filter => (objectClass=groupOfNames), object_classes => array ( 0 => top, 1 => groupOfNames, ), member_attr => member, name_attr => cn,
),
Andreas
Am 2012-02-27 14:26, schrieb Sasha Kacanski: Andreas,
your suggestion did not work ether: groups =>
array ( base_dn => , filter => (objectClass=groupOfNames), object_classes => array ( 0 => top, 1 => groupOfNames, ), member_attr => member, name_attr => cn, ), SCOPE => ONE
), private => array (
name => Private LDAP Addressbook, hosts =>
....
I tried with sub, list base options, just to see if it makes
a difference and nothing is happening ...
in ldap log "rounde cube" C: Search [(objectClass=inetOrgPerson)][**dn: ou=People,dc=xxxxxx,dc=xxx]
so it seems that option is not being passed ...
--sasha
On Sun, Feb 26, 2012 at 2:14 PM, Sasha Kacanski <skacanski@gmail.com [3]
[1]> wrote: Ok,
> Ill let u know how it went! > > On Sunday, February 26, 2012, Andreas Dick wrote: > Am Sonntag, 26. Februar 2012, 07.00:08 schrieben Sie: >> > Curious, Why would you separate searches per group >> > and/or >> >> contact? >> I think it makes sense to seperate... >> >> but well, the concerning option is not yet prepared in the >> default config >> >> file... please try to add: >> scope => one, >> >> in the groups array... it is allready implemented in the >> code :-) >> >> Andreas >> >> > anyway, is there anything else we can do in the mean >> >> time. >> >> > I am not good in php, but pretty good with python and >> >> java. >> >> > Regards, --sasha >> > >> > On Sat, Feb 25, 2012 at 6:37 PM, Andreas Dick >> >> <andudi@gmx.ch [1]> >> >> wrote: >> > > I suppose the search scope is not yet imlemented for >> >> groups... just for >> >> > > contacts... maybe il check that soon... >> > > >> > > >> > > Andreas >> > > >> > > Sasha Kacanski <skacanski@gmail.com [2]> schrieb: >> > > >Absolutely, >> > > > >> > > >btw, roundcube works great otherwise. This is a >> > > >first >> >> product that can >> >> > > >so >> > > >well integrate with two imap cyrus servers, one as >> >> main mail >> server >> >> > > >and >> > > >other as long term archive. With remote plugin for >> > > >two >> >> imaps, users >> >> > > >can >> > > >switch between mail and archive. >> > > > >> > > >Anyway here is the main.inc.php >> > > > >> > > >$rcmail_config[address_book_**type] = ldap; >> > > > >> > > >// In order to enable public ldap search, >> > > >configure an >> >> array >> like the >> >> > > >Verisign >> > > >// example further below. if you would like to >> > > >test, >> >> simply >> uncomment >> >> > > >the >> > > >example. >> > > >// Array key must contain only safe characters, >> > > >ie. >> >> a-zA-Z0-9_ >> >> > > >$rcmail_config[ldap_public] = array ( >> > > > >> > > > public => >> > > > array ( >> > > >
>> > > > name => Public Addressbook, >> > > > hosts => >> > > > array ( >> > > >
>> > > > 0 => some IP, >> > > >
>> > > > ), >> > > > port => 389, >> > > > use_tls => false, >> > > > ldap_version => 3, >> > > > user_specific => false, >> > > > base_dn => ou=People,dc=xxx,dc=xxx, >> > > > bind_dn => cn=Some admin,dc=xxx,dc=xxx, >> > > > bind_pass => xxxxx, >> > > > search_base_dn => >> > > > ou=People,dc=xxxx,dc=xxx, >> > > > search_filter => >> >> (&(objectClass=posixAccount)(**uid=%u)), >> >> > > > search_bind_dn => cn=Some >> > > > admin,dc=xxxxx,dc=xxx, >> > > > search_bind_pw => xxxxxxx, >> > > >
>> > > > search_dn_default => , >> > > > auth_cid => , >> > > > auth_method => , >> > > > hidden => false, >> > > > searchonly => false, >> > > > writable => false, >> > > > LDAP_Object_Classes => >> > > > array ( >> > > >
>> > > > 0 => top, >> > > > 1 => inetOrgPerson, >> > > >
>> > > > ), >> > > > LDAP_rdn => mail, >> > > > required_fields => >> > > > array ( >> > > >
>> > > > 0 => cn, >> > > > 1 => sn, >> > > > 2 => mail, >> > > > 3 => uid, >> > > >
>> > > > ), >> > > > search_fields => >> > > > array ( >> > > >
>> > > > 0 => uid, >> > > > 1 => mail, >> > > > 2 => cn, >> > > >
>> > > > ), >> > > > fieldmap => >> > > > array ( >> > > >
>> > > > name => cn, >> > > > surname => sn, >> > > > firstname => givenName, >> > > > email => mail, >> > > > phone:home => homePhone, >> > > > phone:work => telephoneNumber, >> > > > phone:mobile => mobile, >> > > > street => street, >> > > > zipcode > > -- > Aleksandar Kacanski-- Aleksandar Kacanski
List info: http://lists.roundcube.net/dev/ BT/aba52c80