Hi,
I am testing roundcube 0.7-stable. I configured LDAP Adressbook with the following groups properties:
'groups' => array( 'base_dn' => 'dc=mydomain', 'filter' => '(objectClass=rmailGroup)', 'object_classes' => array("top", "mailGroup"), 'member_attr' => 'rfc822member', // name of the member attribute, e.g. uniqueMember 'name_attr' => 'cn', // attribute to be used as group name ),
I can see the users and groups emails in address book but not group members. When i click on group no member listed. After enabling rouncube debug, I saw the following LDAP query. It seems that RC users full dn as a filter value.
[29-Dec-2011 17:20:55 +0200]: C: Search [(|(member=uid=user@test.com,ou=test.com,o=mail,dc=mydomain)(uniqueMember=uid=user@test.com,ou=test.com,o=mail,dc=mydomain)(*rfc822member=uid=user@test.com,ou=test.com,o=mail,dc=mydomain*))][dn: dc=mydomain]
But the filter value must be username not full dn as above. Any idea?
Am Donnerstag, 29. Dezember 2011, 18.12:30 schrieb Ismail YENIGUL:
Hi,
I am testing roundcube 0.7-stable. I configured LDAP Adressbook with the following groups properties:
'groups' => array( 'base_dn' => 'dc=mydomain', 'filter' => '(objectClass=rmailGroup)', 'object_classes' => array("top", "mailGroup"), 'member_attr' => 'rfc822member', // name of the member attribute, e.g. uniqueMember 'name_attr' => 'cn', // attribute to be used as group name ),
what is now your correct objectClass? rmailGroup or mailGroup?
I can see the users and groups emails in address book but not group members. When i click on group no member listed. After enabling rouncube debug, I saw the following LDAP query. It seems that RC users full dn as a filter value.
yes. this is how the groupOfNames structure works.
[29-Dec-2011 17:20:55 +0200]: C: Search [(|(member=uid=user@test.com,ou=test.com,o=mail,dc=mydomain)(uniqueMember=ui d=user@test.com,ou=test.com,o=mail,dc=mydomain)(*rfc822member=uid=user@test. com,ou=test.com,o=mail,dc=mydomain*))][dn: dc=mydomain]
But the filter value must be username not full dn as above.
maybe in the group implementation of your server, but not in the one implemented in RC today.
Any idea?
Now, my questions are:
exsample?
just to be correct: I am not a LDAP prof, I have just the knowledge about my homebrew openLDAP server and its standard classes/schemas... but maybe other servers are verry different and we have to improve the behaviour of RC? On the other hand I am not willing to adapt RC for all proprietary and undocumented group implementations out in the real (comercial) world!
Andreas
Hi,
On 30.12.2011 12:38, Andreas Dick wrote:
Am Donnerstag, 29. Dezember 2011, 18.12:30 schrieb Ismail YENIGUL:
Hi,
I am testing roundcube 0.7-stable. I configured LDAP Adressbook with the following groups properties:
'groups' => array( 'base_dn' => 'dc=mydomain', 'filter' => '(objectClass=rmailGroup)', 'object_classes' => array("top", "mailGroup"), 'member_attr' => 'rfc822member', // name of the member attribute, e.g. uniqueMember 'name_attr' => 'cn', // attribute to be used as group name ),
what is now your correct objectClass? rmailGroup or mailGroup?
sorry for typo. it should be mailGroup
I can see the users and groups emails in address book but not group members. When i click on group no member listed. After enabling rouncube debug, I saw the following LDAP query. It seems that RC users full dn as a filter value.
yes. this is how the groupOfNames structure works.
Any idea? Now, my questions are:
- what server do you use?
It is openldap 2.4 server running on centos 6
- do you control this server? or are you just user of it?
I am admin on this server.
- if you set it up, is this mailGroup someting like a standard?
- how do your schema look like? -> how is objectClass=rmailGroup defined? -> how is rfc822member defined... is it based on member?
- can you please give us an output of ldapsearch with a group object as
exsample?
This is actually qmail-ldap distribution list. I only changed qmailGroup attribute to mailGroup attribute in schema file. You can get the full list of schema at http://www.qmail-ldap.org/wiki/index.php/Qmail.schema Here is the full ldiff entry:
dn: uid=mylist@test.com,ou=test.com,o=mail,dc=mydomain bounceadmin: mylist@admin.com mailQuotaCount: 0 mailQuotaSize: 0 senderconfirm: FALSE deliveryMode: nolocal deliveryMode: noprogram sn: listname mail: mylist@test.com mailMessageStore: /mailstore/test.com/mylist membersonly: FALSE mailHost: mail.domain.com givenName: listname uid: mylist@test.com accountStatus: noaccess cn: list full name mailAlternateAddress: mylist-catchall@test.com objectClass: top objectClass: person objectClass: inetOrgPerson objectClass: mailUser objectClass: mailGroup rfc822member: member1@domain.com rfc822member: member2@domain.com rfc822member: member3@domain.com
just to be correct: I am not a LDAP prof, I have just the knowledge about my homebrew openLDAP server and its standard classes/schemas... but maybe other servers are verry different and we have to improve the behaviour of RC? On the other hand I am not willing to adapt RC for all proprietary and undocumented group implementations out in the real (comercial) world!
Andreas
On 30.12.2011 12:30, Ismail YENIGUL wrote:
This is actually qmail-ldap distribution list. I only changed qmailGroup attribute to mailGroup attribute in schema file. You can get the full list of schema at http://www.qmail-ldap.org/wiki/index.php/Qmail.schema Here is the full ldiff entry:
dn: uid=mylist@test.com,ou=test.com,o=mail,dc=mydomain bounceadmin: mylist@admin.com mailQuotaCount: 0 mailQuotaSize: 0 senderconfirm: FALSE deliveryMode: nolocal deliveryMode: noprogram sn: listname mail: mylist@test.com mailMessageStore: /mailstore/test.com/mylist membersonly: FALSE mailHost: mail.domain.com givenName: listname uid: mylist@test.com accountStatus: noaccess cn: list full name mailAlternateAddress: mylist-catchall@test.com objectClass: top objectClass: person objectClass: inetOrgPerson objectClass: mailUser objectClass: mailGroup rfc822member: member1@domain.com rfc822member: member2@domain.com rfc822member: member3@domain.com
What about dnmember attribute? It should work with Roundcube.
attributetype ( 1.3.6.1.4.1.7914.1.3.1.1 NAME 'dnmember' DESC 'Group member specified as distinguished name.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
Could you provide test account (read-only)?
Hi
What about dnmember attribute? It should work with Roundcube.
attributetype ( 1.3.6.1.4.1.7914.1.3.1.1 NAME 'dnmember' DESC 'Group member specified as distinguished name.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
Yes dnmember is another option. But I prefer to use rfc822member attribute for easy management NS to be able add external email addresses(gmail, yahoo etc) which are not exist in LDAP
Could you provide test account (read-only)?
List info: http://lists.roundcube.net/users/ BT/9b404e9e
This is actually qmail-ldap distribution list. I only changed qmailGroup attribute to mailGroup attribute in schema file. You can get the full list of schema at http://www.qmail-ldap.org/wiki/index.php/Qmail.schema Here is the full ldiff entry:
dn: uid=mylist@test.com,ou=test.com,o=mail,dc=mydomain bounceadmin: mylist@admin.com mailQuotaCount: 0 mailQuotaSize: 0 senderconfirm: FALSE deliveryMode: nolocal deliveryMode: noprogram sn: listname mail: mylist@test.com mailMessageStore: /mailstore/test.com/mylist membersonly: FALSE mailHost: mail.domain.com givenName: listname uid: mylist@test.com accountStatus: noaccess cn: list full name mailAlternateAddress: mylist-catchall@test.com objectClass: top objectClass: person objectClass: inetOrgPerson objectClass: mailUser objectClass: mailGroup rfc822member: member1@domain.com rfc822member: member2@domain.com rfc822member: member3@domain.com
what I miss here is a strategy for finding the dn of the contact record. For me, this is verry qmail proprietarry, but I let the decision done by the core devs....
List info: http://lists.roundcube.net/users/ BT/9b404e9e
Hi Andreas,
Why do you want to dn of the contact record? You can search group members with rfc822member attribute.
Thanks
Thanks. Ismail YENIGUL On 30.12.2011 18:18, Andreas Dick wrote:
This is actually qmail-ldap distribution list. I only changed qmailGroup attribute to mailGroup attribute in schema file. You can get the full list of schema at http://www.qmail-ldap.org/wiki/index.php/Qmail.schema Here is the full ldiff entry:
dn: uid=mylist@test.com,ou=test.com,o=mail,dc=mydomain bounceadmin: mylist@admin.com mailQuotaCount: 0 mailQuotaSize: 0 senderconfirm: FALSE deliveryMode: nolocal deliveryMode: noprogram sn: listname mail: mylist@test.com mailMessageStore: /mailstore/test.com/mylist membersonly: FALSE mailHost: mail.domain.com givenName: listname uid: mylist@test.com accountStatus: noaccess cn: list full name mailAlternateAddress: mylist-catchall@test.com objectClass: top objectClass: person objectClass: inetOrgPerson objectClass: mailUser objectClass: mailGroup rfc822member: member1@domain.com rfc822member: member2@domain.com rfc822member: member3@domain.com
what I miss here is a strategy for finding the dn of the contact record. For me, this is verry qmail proprietarry, but I let the decision done by the core devs....
Andreas