Hi Roundcube experts!
We've got an ldap structure like this one
{{{ dc=tld,dc=dn,ou=people,ou=company,uid=foo dc=tld,dc=dn,ou=people,ou=contacts,ou=foo,cn=foocontact1 dc=tld,dc=dn,ou=specialUser,cn=contactWriter }}}
With the following roundcube configuration for contacts (company ldap is another one), we're using this configuration:
{{{ $rcmail_config['ldap_public']['Personal'] = array( 'name' => 'Personal', 'hosts' => array('<% if @dirsrvprefix %><%= @dirsrvprefix %>.<% end %><%= @dn %>.<%= @tld %>'), 'port' => 389, 'use_tls' => false, 'ldap_version' => 3, // using LDAPv3 'network_timeout' => 10, // The timeout (in seconds) for connect + bind arrempts. This is only supported in PHP >= 5.3.0 with OpenLDAP 2.x 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. 'base_dn' => 'ou=%u,ou=contacts,ou=people,dc=<%= @dn %>,dc=<%= @tld %>',// 'bind_dn' => 'cn=<%= @contactSO %>,ou=Special users,dc=<%= @dn %>,dc=<%= @tld %>', 'bind_pass' => '<%= @contactSOPwd %>', 'search_base_dn' => 'ou=%u,ou=<%= @contactOu %>,ou=people,dc=<%= @dn %>,dc=<%= @tld %>', 'search_filter' => '(objectClass=inetOrgPerson)', (uid=%u))' 'search_bind_dn' => 'cn=<%= @contactSO %>,ou=Special users,dc=<%= @dn %>,dc=<%= @tld %>', 'search_bind_pw' => '<%= @contactSOPwd %>', 'hidden' => false, 'searchonly' => false, 'writable' => true, 'LDAP_Object_Classes' => array('top', 'person','organizationalPerson','inetOrgPerson'), 'LDAP_rdn' => 'cn', 'required_fields' => array('cn', 'sn', 'mail'), 'search_fields' => array('mail', 'sn', 'cn'), // fields to search in 'fieldmap' => array( 'name' => 'givenName', 'surname' => 'sn', 'firstname' => 'cn', 'email' => 'mail', ), ), 'sort' => 'cn', // The field to sort the listing by. 'scope' => 'sub', // search mode: sub|base|list 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act 'fuzzy_search' => true, // server allows wildcard search 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. 'referrals' => false, );
}}}
With this configuration, we'll hope that creating a new 'foocontact1' via the GUI while logging with 'foo' would add it as dc=tld,dc=dn,ou=people,ou=contacts,ou=foo,cn=foocontact1, and that search for this user will only resolve entries that are located in dc=tld,dc=dn,ou=people,ou=contacts,ou=foo
Unfortunately, using roundcube V 0.9.5-1.fc19 , entries are not created, and the log seems to show that {{{ %u }}} doesn't seem to be resolved while adding or searching:
{{{ [12-Apr-2015 17:28:44 +0000]: S: OK [12-Apr-2015 17:28:44 +0000]: C: Bind [dn: cn=roundcubeContactsWriter,ou=Special Users,dc=osgiliath.is-a-chef,dc=net] [pass: MyUltraProtectedRouncubeLdapContactsPassword] [12-Apr-2015 17:28:44 +0000]: S: OK [12-Apr-2015 17:28:44 +0000]: C: Close [12-Apr-2015 17:28:51 +0000]: C: Connect [ contacts.osgiliath.is-a-chef.net:389] [Personal] [12-Apr-2015 17:28:51 +0000]: S: OK [12-Apr-2015 17:28:51 +0000]: C: Bind [dn: cn=roundcubeContactsWriter,ou=Special Users,dc=osgiliath.is-a-chef,dc=net] [pass: MyUltraProtectedRouncubeLdapContactsPassword] [12-Apr-2015 17:28:51 +0000]: S: OK [12-Apr-2015 17:28:51 +0000]: C: Search [(&(objectClass=inetOrgPerson)(|(mail=aa@aa.a)))][dn: ou=%u,ou=contacts,ou=people,dc=osgiliath.is-a-chef,dc=net] [12-Apr-2015 17:28:51 +0000]: S: No such object [12-Apr-2015 17:28:51 +0000]: C: Search [(&(objectClass=inetOrgPerson)(|(mail=aa@aa.a)))][dn: ou=%u,ou=contacts,ou=people,dc=osgiliath.is-a-chef,dc=net] [12-Apr-2015 17:28:51 +0000]: S: No such object [12-Apr-2015 17:28:51 +0000]: C: Add [dn: cn=aa,ou=%u,ou=contacts,ou=people,dc=osgiliath.is-a-chef,dc=net]: Array ( [givenname] => aa aa [sn] => aa [cn] => aa [mail] => aa@aa.a [objectClass] => Array ( [0] => top [1] => person [2] => organizationalPerson [3] => inetOrgPerson )
) }}}
Regards,