We've got an ldap structure like this one
{{{
dc=tld,dc=dn,ou=people,ou=company,uid=foo
dc=tld,dc=dn,ou=people,ou=contacts,ou=foo,cn=foocontact1
dc=tld,dc=dn,ou=specialUser,cn=contactWriter
}}}
With the following roundcube configuration for contacts (company ldap is another one), we're using this configuration:
{{{
$rcmail_config['ldap_public']['Personal'] = array(
'name' => 'Personal',
'hosts' => array('<% if @dirsrvprefix %><%= @dirsrvprefix %>.<% end %><%= @dn %>.<%= @tld %>'),
'port' => 389,
'use_tls' => false,
'ldap_version' => 3, // using LDAPv3
'network_timeout' => 10, // The timeout (in seconds) for connect + bind arrempts. This is only supported in PHP >= 5.3.0 with OpenLDAP 2.x
'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login.
'base_dn' => 'ou=%u,ou=contacts,ou=people,dc=<%= @dn %>,dc=<%= @tld %>',//
'bind_dn' => 'cn=<%= @contactSO %>,ou=Special users,dc=<%= @dn %>,dc=<%= @tld %>',
'bind_pass' => '<%= @contactSOPwd %>',
'search_base_dn' => 'ou=%u,ou=<%= @contactOu %>,ou=people,dc=<%= @dn %>,dc=<%= @tld %>',
'search_filter' => '(objectClass=inetOrgPerson)', (uid=%u))'
'search_bind_dn' => 'cn=<%= @contactSO %>,ou=Special users,dc=<%= @dn %>,dc=<%= @tld %>',
'search_bind_pw' => '<%= @contactSOPwd %>',
'hidden' => false,
'searchonly' => false,
'writable' => true,
'LDAP_Object_Classes' => array('top', 'person','organizationalPerson','inetOrgPerson'),
'LDAP_rdn' => 'cn',
'required_fields' => array('cn', 'sn', 'mail'),
'search_fields' => array('mail', 'sn', 'cn'), // fields to search in
'fieldmap' => array(
'name' => 'givenName',
'surname' => 'sn',
'firstname' => 'cn',
'email' => 'mail',
),
),
'sort' => 'cn', // The field to sort the listing by.
'scope' => 'sub', // search mode: sub|base|list
'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act
'fuzzy_search' => true, // server allows wildcard search
'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it)
'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit.
'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit.
'referrals' => false,
);
}}}
With this configuration, we'll hope that creating a new 'foocontact1' via the GUI while logging with 'foo' would add it as dc=tld,dc=dn,ou=people,ou=contacts,ou=foo,cn=foocontact1, and that search for this user will only resolve entries that are located in dc=tld,dc=dn,ou=people,ou=contacts,ou=foo
Unfortunately, using roundcube V 0.9.5-1.fc19 , entries are not created, and the log seems to show that
{{{
%u
}}}
doesn't seem to be resolved while adding or searching:
{{{
[12-Apr-2015 17:28:44 +0000]: S: OK
[12-Apr-2015 17:28:44 +0000]: C: Bind [dn: cn=roundcubeContactsWriter,ou=Special Users,dc=osgiliath.is-a-chef,dc=net] [pass: MyUltraProtectedRouncubeLdapContactsPassword]
[12-Apr-2015 17:28:44 +0000]: S: OK
[12-Apr-2015 17:28:44 +0000]: C: Close
[12-Apr-2015 17:28:51 +0000]: S: OK
[12-Apr-2015 17:28:51 +0000]: C: Bind [dn: cn=roundcubeContactsWriter,ou=Special Users,dc=osgiliath.is-a-chef,dc=net] [pass: MyUltraProtectedRouncubeLdapContactsPassword]
[12-Apr-2015 17:28:51 +0000]: S: OK
[12-Apr-2015 17:28:51 +0000]: C: Search [(&(objectClass=inetOrgPerson)(|(mail=aa@aa.a)))][dn: ou=%u,ou=contacts,ou=people,dc=osgiliath.is-a-chef,dc=net]
[12-Apr-2015 17:28:51 +0000]: S: No such object
[12-Apr-2015 17:28:51 +0000]: C: Search [(&(objectClass=inetOrgPerson)(|(mail=aa@aa.a)))][dn: ou=%u,ou=contacts,ou=people,dc=osgiliath.is-a-chef,dc=net]
[12-Apr-2015 17:28:51 +0000]: S: No such object
[12-Apr-2015 17:28:51 +0000]: C: Add [dn: cn=aa,ou=%u,ou=contacts,ou=people,dc=osgiliath.is-a-chef,dc=net]: Array
(
[givenname] => aa aa
[sn] => aa
[cn] => aa
[mail] => aa@aa.a
[objectClass] => Array
(
[0] => top
[1] => person
[2] => organizationalPerson
[3] => inetOrgPerson
)
)
}}}