Hello list (and first post):
I followed the excellent tutorial http://trac.roundcube.net/wiki/Howto_Ldap to successfully implement successfully public and private address books: importing (via abxldap), searching and browsing works "as advertised".
Thank you for a great job so far :-)
Next task was to use RC to edit the entries in both public and private directories. Permissions are set accordingly in slapd.conf, and editing works fine with iOS 5.0 and 5.1, and jxplorer.
I enclose 5 specific (verbose) experiences with both 0.7.2 and 0.8-beta that I would like to help address:
- Changing the cn, sn, givenname, o, and phone (mobile, home, work)
fields works and updates the contact as expected: the new input is updated on the server, and existing data are preserved. However, an "Object class violation" is raised:
[07-Apr-2012 03:59:37 +0200]: C: Replace [dn: cn=John Doe,ou=public,ou=rcabook,dc=hostname,dc=tld]: Array ( [cn] => John Doe [sn] => Doe [givenname] => John Doe [o] => ORIG )
[07-Apr-2012 03:59:37 +0200]: S: OK [07-Apr-2012 03:59:37 +0200]: C: Rename [dn: cn=John Doe,ou=public,ou=rcabook,dc=hostname,dc=tld] [dn: mail=john@acme.com] [07-Apr-2012 03:59:37 +0200]: S: Object class violation [07-Apr-2012 03:59:37 +0200]: C: Read [dn: cn=John Doe,ou=public,ou=rcabook,dc=hostname,dc=tld] [(objectclass=*)] [07-Apr-2012 03:59:37 +0200]: S: OK [07-Apr-2012 03:59:37 +0200]: C: Search [(objectClass=groupOfNames)][dn: ou=public,ou=rcabook,dc=hostname,dc=tld] [07-Apr-2012 03:59:37 +0200]: S: 0 record(s) [07-Apr-2012 03:59:37 +0200]: C: Close
RESULT: Works OK, but we get a red error message "An error occured while saving." on top of the web page.
- Adding a new contact to LDAP also works (NO exception this time):
[07-Apr-2012 16:45:59 +0200]: C: Connect [calendarserver:389] [Public] [07-Apr-2012 16:46:00 +0200]: S: OK [07-Apr-2012 16:46:00 +0200]: C: Bind [dn: cn=user@hostname.net,ou=private,ou=rcabook,dc=hostname,dc=tld] [pass: XXXXXXXXXXXXX] [07-Apr-2012 16:46:00 +0200]: S: OK [07-Apr-2012 16:46:00 +0200]: C: Search [(&(objectClass=inetOrgPerson)(|(mail=new_contact@example.com)))][dn: ou=public,ou=rcabook,dc=hostname,dc=tld] [07-Apr-2012 16:46:00 +0200]: S: 0 record(s) [07-Apr-2012 16:46:00 +0200]: C: Add [dn: mail=new_contact@example.com,ou=public,ou=rcabook,dc=hostname,dc=tld]: Array ( [cn] => Last, First [sn] => First [givenname] => Last [mail] => new_contact@example.com [objectClass] => Array ( [0] => top [1] => inetOrgPerson )
)
[07-Apr-2012 16:46:00 +0200]: S: OK [07-Apr-2012 16:46:00 +0200]: C: Close
- Adding an address does not work:
[07-Apr-2012 21:29:43 +0200]: C: Replace [dn: mail=new_contact@example.com,ou=public,ou=rcabook,dc=hostname,dc=tld]: Array ( [cn] => Last, First [sn] => First [givenname] => Last [mail] => new_contact@example.com )
[07-Apr-2012 21:29:43 +0200]: S: OK [07-Apr-2012 21:29:43 +0200]: C: Add [dn: mail=new_contact@example.com,ou=public,ou=rcabook,dc=hostname,dc=tld]: Array ( [street] => Array ( [0] => street )
[postalcode] => Array
(
[0] => zip
)
[l] => Array
(
[0] => place
)
[c] => Array
(
[0] => country
)
)
[07-Apr-2012 21:29:43 +0200]: S: Object class violation [07-Apr-2012 21:29:43 +0200]: C: Read [dn: mail=new_contact@example.com,ou=public,ou=rcabook,dc=hostname,dc=tld] [(objectclass=*)] [07-Apr-2012 21:29:43 +0200]: S: OK [07-Apr-2012 21:29:43 +0200]: C: Search [(objectClass=groupOfNames)][dn: ou=public,ou=rcabook,dc=hostname,dc=tld] [07-Apr-2012 21:29:43 +0200]: S: 0 record(s) [07-Apr-2012 21:29:43 +0200]: C: Close
In addition, I can see the following PHP error again:
Warning: ldap_mod_add(): Modify: Object class violation in program/include/rcube_ldap.php on line 1116
RESULT: Does NOT work, and we get a red error message "An error occured while saving." on top of the web page.
- Adding groups under the LDAP directory fails:
[07-Apr-2012 22:40:47 +0200]: C: Connect [calendarserver:389] [Private] [07-Apr-2012 22:40:47 +0200]: S: OK [07-Apr-2012 22:40:47 +0200]: C: Bind [dn: cn=user@hostname.net,ou=private,ou=rcabook,dc=hostname,dc=tld] [pass: XXXXXXXXXXXXX] [07-Apr-2012 22:40:47 +0200]: S: OK [07-Apr-2012 22:40:47 +0200]: C: Add [dn: cn=Testgroup,cn=user@hostname.net,ou=private,ou=rcabook,dc=hostname,dc=tld]: Array ( [objectClass] => Array ( [0] => top [1] => groupOfNames )
[cn] => Testgroup
[] =>
)
[07-Apr-2012 22:40:47 +0200]: S: Undefined attribute type [07-Apr-2012 22:40:47 +0200]: C: Close
RESULT: Does NOT work, and we get a red error message "An error occured while saving." on top of the web page.
In addition, the input mask for "Adress" shows 4 text boxes (street, postal, l, c fields), but the one for Region (st field) only shows a placeholder string "{region}" (no text box, just the text).
- Contact photos that show fine in iOS and jxplorer don't show at all
in the web UI. No need to be able to update the photo here, but showing the already existing contact photo would be awesome ;-)
Could you please indicate whether these are know issues, and what to do about them? Again, editing etc. in iOS and jxplorer on the same LDAP directory with the same credentials works correctly in all of the above cases.
Thank you in advance, Achim
Hello again:
On 08.04.2012 00:41, Achim wrote:
In addition, the input mask for "Adress" shows 4 text boxes (street, postal, l, c fields), but the one for Region (st field) only shows a placeholder string "{region}" (no text box, just the text).
First, that comment was of course supposed to go under the previous point about adding an address.
Second, this was solved by adding a mapping to the LDAP fieldmap in main.inc.php
'region' => 'st'
The UI now shows a text box, the value is passed in the "st"-field of the resulting array.
However, adding/updating an address still fails.
Best regards, Achim
Hello list:
Some additional insights on my original points:
On 08/04/2012 00:41, Achim wrote:
- Changing the cn, sn, givenname, o, and phone (mobile, home, work)
fields works and updates the contact as expected: the new input is updated on the server, and existing data are preserved. However, an "Object class violation" is raised
And here are the slightly redacted LDAP log entries:
Apr 8 01:20:59 mail slapd[25146]: hdb_modify: updated id=00000316 dn="cn=Testuser,ou=public,ou=rcabook,dc=calserver,dc=tld"Apr 8 01:20:59 mail slapd[25146]: send_ldap_result: conn=1014 op=2 p=3 Apr 8 01:20:59 mail slapd[25146]: send_ldap_result: err=0 matched="" text="" Apr 8 01:20:59 mail slapd[25146]: send_ldap_response: msgid=3 tag=103 err=0Apr 8 01:20:59 mail slapd[25146]: connection_get(21)Apr 8 01:20:59 mail slapd[25146]: connection_get(21): got connid=1014 Apr 8 01:20:59 mail slapd[25146]: connection_read(21): checking for input on id=1014Apr 8 01:20:59 mail slapd[25146]: op tag 0x6c, time 1333840859 Apr 8 01:20:59 mail slapd[25146]: conn=1014 op=3 do_modrdn Apr 8 01:20:59 mail slapd[25146]: do_modrdn: dn (cn=Testuser,ou=public,ou=rcabook,dc=calserver,dc=tld) newrdn (mail=user@example.com) newsuperior () Apr 8 01:20:59 mail slapd[25146]: >>> dnPrettyNormal: <cn=Testuser,ou=public,ou=rcabook,dc=calserver,dc=tld> Apr 8 01:20:59 mail slapd[25146]: <<< dnPrettyNormal: <cn=Testuser,ou=public,ou=rcabook,dc=calserver,dc=tld>, <cn=Testuser,ou=public,ou=rcabook,dc=calserver,dc=tld> Apr 8 01:20:59 mail slapd[25146]: >>> dnPrettyNormal: mail=user@example.com Apr 8 01:20:59 mail slapd[25146]: <<< dnPrettyNormal: mail=user@example.com, mail=user@example.com Apr 8 01:20:59 mail slapd[25146]: bdb_dn2entry("cn=Testuser,ou=public,ou=rcabook,dc=calserver,dc=tld") Apr 8 01:20:59 mail slapd[25146]: ==>hdb_modrdn(cn=Testuser,ou=public,ou=rcabook,dc=calserver,dc=tld,mail=user@example.com,NULL) Apr 8 01:20:59 mail slapd[25146]: bdb_dn2entry("cn=Testuser,ou=public,ou=rcabook,dc=calserver,dc=tld") Apr 8 01:20:59 mail slapd[25146]: hdb_modrdn: wr to children of entry ou=public,ou=rcabook,dc=calserver,dc=tld OK Apr 8 01:20:59 mail slapd[25146]: hdb_modrdn: parent dn=ou=public,ou=rcabook,dc=calserver,dc=tld Apr 8 01:20:59 mail slapd[25146]: >>> dnNormalize: <mail=user@example.com,ou=public,ou=rcabook,dc=calserver,dc=tld> Apr 8 01:20:59 mail slapd[25146]: <<< dnNormalize: <mail=user@example.com,ou=public,ou=rcabook,dc=calserver,dc=tld> Apr 8 01:20:59 mail slapd[25146]: hdb_modrdn: new ndn=mail=user@example.com,ou=public,ou=rcabook,dc=calserver,dc=tld Apr 8 01:20:59 mail slapd[25146]: => hdb_dn2id("mail=user@example.com,ou=public,ou=rcabook,dc=calserver,dc=tld") Apr 8 01:20:59 mail slapd[25146]: <= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988) Apr 8 01:20:59 mail slapd[25146]: => hdb_dn2id_delete 0x316: "cn=Testuser,ou=public,ou=rcabook,dc=calserver,dc=tld" Apr 8 01:20:59 mail slapd[25146]: <= hdb_dn2id_delete 0x316: 0 Apr 8 01:20:59 mail slapd[25146]: => hdb_dn2id_add 0x316: "mail=user@example.com,ou=public,ou=rcabook,dc=calserver,dc=tld" Apr 8 01:20:59 mail slapd[25146]: <= hdb_dn2id_add 0x316: 0 Apr 8 01:20:59 mail slapd[25146]: bdb_modify_internal: 0x00000316: mail=user@example.com,ou=public,ou=rcabook,dc=calserver,dc=tld Apr 8 01:20:59 mail slapd[25146]: bdb_modify_internal: delete cn Apr 8 01:20:59 mail slapd[25146]: bdb_modify_internal: softadd mail Apr 8 01:20:59 mail slapd[25146]: bdb_modify_internal: replace entryCSN Apr 8 01:20:59 mail slapd[25146]: bdb_modify_internal: replace modifiersName Apr 8 01:20:59 mail slapd[25146]: bdb_modify_internal: replace modifyTimestamp Apr 8 01:20:59 mail slapd[25146]: oc_check_required entry (mail=user@example.com,ou=public,ou=rcabook,dc=calserver,dc=tld), objectClass "inetOrgPerson" Apr 8 01:20:59 mail slapd[25146]: Entry (mail=user@example.com,ou=public,ou=rcabook,dc=calserver,dc=tld): object class 'inetOrgPerson' requires attribute 'cn' Apr 8 01:20:59 mail slapd[25146]: entry failed schema check: object class 'inetOrgPerson' requires attribute 'cn' Apr 8 01:20:59 mail slapd[25146]: <=- hdb_modrdn: modify failed: Package not installed (65) Apr 8 01:20:59 mail slapd[25146]: send_ldap_result: conn=1014 op=3 p=3 Apr 8 01:20:59 mail slapd[25146]: send_ldap_result: err=65 matched="" text="object class 'inetOrgPerson' requires attribute 'cn'" Apr 8 01:20:59 mail slapd[25146]: send_ldap_response: msgid=4 tag=109 err=65
For some reason, "bdb_modify_internal: delete cn" is issued, which of course in turns causes the violation of the inetOrgPerson schema requirements.
The question is: why is the existing CN deleted during an update operation?
BTW, when I try to change that CN via the UI, I get: Warning: ldap_mod_replace(): Modify: Naming violation in program/include/rcube_ldap.php on line 1105
And what does the error "hdb_modrdn: modify failed: Package not installed (65)" mean? Is this from sladp or from RC?
- Adding an address does not work:
After adding the region=>st mapping outlined in my other message, I used the UI to set the 6 address fields.
Submitting a new address that way, the following happens:
Apr 8 01:11:03 mail slapd[25146]: Entry (mail=new_contact@example.com,ou=public,ou=rcabook,dc=hostname,dc=tld), attribute 'c' not allowed Apr 8 01:11:03 mail slapd[25146]: entry failed schema check: attribute 'c' not allowed Apr 8 01:11:03 mail slapd[25146]: hdb_modify: modify failed (65) Apr 8 01:11:03 mail slapd[25146]: send_ldap_result: conn=1003 op=3 p=3 Apr 8 01:11:03 mail slapd[25146]: send_ldap_result: err=65 matched="" text="attribute 'c' not allowed"
And indeed, using the web UI to only fill out street, postalCode, l and st fields (ie. leaving c[ountry] empty) seems to work!
Turns out that 'c' is actually NOT part of the inetOrgPerson schema [1], wheras other really important fields like "Pager", "Teletex Id", or "X.121 Address" are... Why on earth no country field is part of this schema is beyond me. Perhaps somebody was already envisioning a future without borders :-)
Any idea on how to add 'c' to the existing public/private directories with standard inetOrgPerson schema without having to re-import the existing data? And one we are at it, a field for birthdays, etc would also be nice ;-)
As a work-around, I removed "country" from fieldmap and address_template for the time being.
- Adding groups under the LDAP directory fails:
slapd says:
Apr 8 01:40:03 mail slapd[25146]: send_ldap_result: conn=1022 op=1 p=3 Apr 8 01:40:03 mail slapd[25146]: send_ldap_result: err=17 matched="" text=": empty AttributeDescription" Apr 8 01:40:03 mail slapd[25146]: send_ldap_response: msgid=2 tag=105 err=17
Could this be related to how I set up the LDAP repos (as described in http://trac.roundcube.net/wiki/Howto_Ldap): perhaps there is a limitation that groups are not allowed in that setup? Or RC is not sending a required attribute? Or that this is a specific right (apart from "write") that I need to give to the LDAP user that tries to create the group? Or is this functionality not supported yet, as described here: http://trac.roundcube.net/ticket/1487837
- Contact photos that show fine in iOS and jxplorer don't show at
all in the web UI. No need to be able to update the photo here, but showing the already existing contact photo would be awesome ;-)
It appears that there have been some efforts in the past (2006!) about this [2], and even some recent success [3]. I cannot find any reference to jpegPhoto in the current code though.
Thank you in advance, Achim
[1] http://arstechnica.com/civis/viewtopic.php?f=16&t=47451 [2] http://www.mail-archive.com/dev@lists.roundcube.net/msg02382.html [3] http://thread.gmane.org/gmane.mail.roundcube.devel/9713/focus=9714
More progress:
On 08.04.2012 02:48, Achim wrote:
- Contact photos that show fine in iOS and jxplorer don't show at
all in the web UI. No need to be able to update the photo here, but showing the already existing contact photo would be awesome ;-)
It appears that there have been some efforts in the past (2006!) about this [2], and even some recent success [3]. I cannot find any reference to jpegPhoto in the current code though.
Inspired by [1] I simply added the mapping
'photo' => 'jpegPhoto',
and voila, contact pictures are shown and even become editable/deletable: very elegant! Perhaps this should be in the tutorial and/or the default main.inc.php examples?
At the same time, once a contact has an image, they indeed become ineditable in RC as already described here [2] (which also seems to contain the solution): Warning: ldap_mod_del(): Modify: Inappropriate matching in program/include/rcube_ldap.php on line 1082
If I remove the photo (which itself is not possible from within RC, so I use iOS for that), the contact becomes editable again.
While I was at it, I also added some additional fields, based on [3, 4]
'prefix' => 'title',
'phone:fax' => 'facsimileTelephoneNumber',
'website' => 'labeledURI',
'notes' => 'description',
These would be nice but don't seem to work:
'department' => 'departmentNumber', // can be added in UI, but
gets "emptied" when pressing save 'manager' => 'manager', // does not show up in UI 'assistant' => 'secretary', // does not show up in UI
Is there perhaps an existing (complete?) inetOrgPerson fieldmap [3] for RC? Or should I be using another schema completely (with birthdate etc)?
One (very small) suggestion: it would be great if the (old/current) image would be replaced by a small thumbnail of the new picture: the old one is visible in the UI until you "save" the contact. This is contrary to the behaviour of the other elements, where you can see the *new* values on screen before you press Save.
Best regards, Achim
[1] http://lists.roundcube.net/pipermail/users/2011-December/008182.html [2] http://permalink.gmane.org/gmane.mail.roundcube.devel/9714 [3] http://www.zytrax.com/books/ldap/ape/inetorgperson.html [4] http://www.roundcubeforum.net/index.php?topic=9146.msg37348#msg37348
Final message for the evening:
It turns out that
'phone:fax' => 'facsimileTelephoneNumber',
works for adding and editing a fax number, but you will not be able to remove or clear an existing one, at least not with the current code:
Warning: ldap_mod_del(): Modify: Inappropriate matching in program/include/rcube_ldap.php on line 1082
This is actually the same issue as with the profile pictures, as you can see comparing
Apr 8 03:36:28 mail slapd[25146]: bdb_modify_internal: 18 modify/delete: jpegPhoto: no equality matching rule Apr 8 03:36:28 mail slapd[25146]: send_ldap_result: err=18 matched="" text="modify/delete: jpegPhoto: no equality matching rule"
and these entries:
Apr 8 04:07:02 mail slapd[25146]: bdb_modify_internal: 18 modify/delete: facsimileTelephoneNumber: no equality matching rule Apr 8 04:07:02 mail slapd[25146]: send_ldap_result: err=18 matched="" text="modify/delete: facsimileTelephoneNumber: no equality matching rule"
Perhaps we could add two special cases for replacing/removing facsimileTelephoneNumber and jpegPhoto? I managed to find some information on this issue [1, 2, 3] that might help solve it.
Thank you very much in advance, Achim
[1] http://www.openldap.org/lists/openldap-technical/200907/msg00083.html [2] http://www.openldap.org/lists/openldap-software/200812/msg00040.html [3] http://www.openldap.org/lists/openldap-bugs/200304/msg00008.html
Hei Achim
Am Sonntag, 8. April 2012, 00.41:03 schrieb Achim:
Hello list (and first post):
I followed the excellent tutorial http://trac.roundcube.net/wiki/Howto_Ldap to successfully implement successfully public and private address books: importing (via abxldap), searching and browsing works "as advertised".
Thank you for a great job so far :-)
first, thanks for the "excellent" :-)
Next task was to use RC to edit the entries in both public and private directories. Permissions are set accordingly in slapd.conf, and editing works fine with iOS 5.0 and 5.1, and jxplorer.
I enclose 5 specific (verbose) experiences with both 0.7.2 and 0.8-beta that I would like to help address:
I am runnng latest SVN, but I suppose 0.7+ works similar for ldap addressbook.
ldap support in RC is far from good tested, since I just have my setup, and the core devs do not use it much... ...but you have to give us more information... here some tips:
- can you show us your LDAP part in main.inc.php ?
- I know that openLDAP needs sn and cn as mandatory fields!
- in one log line bellow I found:
[07-Apr-2012 16:46:00 +0200]: C: Add [dn: mail=new_contact@example.com,ou=public,ou=rcabook,dc=hostname,dc=tld]:
this seems that RC uses a wrong dn config here.... have you an idea why?
- somewhere bellow I have seen
[postalcode] => Array
maybe RC is converting the right "postalCode" to lower case, anyway, if you used somewhere lower case in config, LDAP is rececting that!
- if you have an Object class violation, the openLDAP is rejecting the commit:
can you please test your commits with command line tools like ldapadd ldapmodify, and ldapmodrdn ? the syntax looks like: ****adding minimum record*********************************** echo " dn: $new_dn objectClass: top objectClass: inetOrgPerson cn: Fullname sn: Surname " | ldapadd -x -H ldap://$server -D $bind_dn -w $bind_pass *****changing record****************************************** echo " dn: $old_dn changetype: modify replace: sn sn: Othername
add: mail mail: new@mail.tdl " | ldapmodify -x -H ldap://$server -D $bind_dn -w $bind_pass
see the manuals in case of questions. If that works wirh your data as you expected and RC commit is rejected as you described bellow, we have to think deeper :-)
Andreas
- Changing the cn, sn, givenname, o, and phone (mobile, home, work)
fields works and updates the contact as expected: the new input is updated on the server, and existing data are preserved. However, an "Object class violation" is raised:
[07-Apr-2012 03:59:37 +0200]: C: Replace [dn: cn=John Doe,ou=public,ou=rcabook,dc=hostname,dc=tld]: Array ( [cn] => John Doe [sn] => Doe [givenname] => John Doe [o] => ORIG )
[07-Apr-2012 03:59:37 +0200]: S: OK [07-Apr-2012 03:59:37 +0200]: C: Rename [dn: cn=John Doe,ou=public,ou=rcabook,dc=hostname,dc=tld] [dn: mail=john@acme.com] [07-Apr-2012 03:59:37 +0200]: S: Object class violation [07-Apr-2012 03:59:37 +0200]: C: Read [dn: cn=John Doe,ou=public,ou=rcabook,dc=hostname,dc=tld] [(objectclass=*)] [07-Apr-2012 03:59:37 +0200]: S: OK [07-Apr-2012 03:59:37 +0200]: C: Search [(objectClass=groupOfNames)][dn: ou=public,ou=rcabook,dc=hostname,dc=tld] [07-Apr-2012 03:59:37 +0200]: S: 0 record(s) [07-Apr-2012 03:59:37 +0200]: C: Close
RESULT: Works OK, but we get a red error message "An error occured while saving." on top of the web page.
- Adding a new contact to LDAP also works (NO exception this time):
[07-Apr-2012 16:45:59 +0200]: C: Connect [calendarserver:389] [Public] [07-Apr-2012 16:46:00 +0200]: S: OK [07-Apr-2012 16:46:00 +0200]: C: Bind [dn: cn=user@hostname.net,ou=private,ou=rcabook,dc=hostname,dc=tld] [pass: XXXXXXXXXXXXX] [07-Apr-2012 16:46:00 +0200]: S: OK [07-Apr-2012 16:46:00 +0200]: C: Search [(&(objectClass=inetOrgPerson)(|(mail=new_contact@example.com)))][dn: ou=public,ou=rcabook,dc=hostname,dc=tld] [07-Apr-2012 16:46:00 +0200]: S: 0 record(s) [07-Apr-2012 16:46:00 +0200]: C: Add [dn: mail=new_contact@example.com,ou=public,ou=rcabook,dc=hostname,dc=tld]: Array ( [cn] => Last, First [sn] => First [givenname] => Last [mail] => new_contact@example.com [objectClass] => Array ( [0] => top [1] => inetOrgPerson )
)
[07-Apr-2012 16:46:00 +0200]: S: OK [07-Apr-2012 16:46:00 +0200]: C: Close
- Adding an address does not work:
[07-Apr-2012 21:29:43 +0200]: C: Replace [dn: mail=new_contact@example.com,ou=public,ou=rcabook,dc=hostname,dc=tld]: Array ( [cn] => Last, First [sn] => First [givenname] => Last [mail] => new_contact@example.com )
[07-Apr-2012 21:29:43 +0200]: S: OK [07-Apr-2012 21:29:43 +0200]: C: Add [dn: mail=new_contact@example.com,ou=public,ou=rcabook,dc=hostname,dc=tld]: Array ( [street] => Array ( [0] => street )
[postalcode] => Array ( [0] => zip ) [l] => Array ( [0] => place ) [c] => Array ( [0] => country ))
[07-Apr-2012 21:29:43 +0200]: S: Object class violation [07-Apr-2012 21:29:43 +0200]: C: Read [dn: mail=new_contact@example.com,ou=public,ou=rcabook,dc=hostname,dc=tld] [(objectclass=*)] [07-Apr-2012 21:29:43 +0200]: S: OK [07-Apr-2012 21:29:43 +0200]: C: Search [(objectClass=groupOfNames)][dn: ou=public,ou=rcabook,dc=hostname,dc=tld] [07-Apr-2012 21:29:43 +0200]: S: 0 record(s) [07-Apr-2012 21:29:43 +0200]: C: Close
In addition, I can see the following PHP error again:
Warning: ldap_mod_add(): Modify: Object class violation in program/include/rcube_ldap.php on line 1116
RESULT: Does NOT work, and we get a red error message "An error occured while saving." on top of the web page.
- Adding groups under the LDAP directory fails:
[07-Apr-2012 22:40:47 +0200]: C: Connect [calendarserver:389] [Private] [07-Apr-2012 22:40:47 +0200]: S: OK [07-Apr-2012 22:40:47 +0200]: C: Bind [dn: cn=user@hostname.net,ou=private,ou=rcabook,dc=hostname,dc=tld] [pass: XXXXXXXXXXXXX] [07-Apr-2012 22:40:47 +0200]: S: OK [07-Apr-2012 22:40:47 +0200]: C: Add [dn: cn=Testgroup,cn=user@hostname.net,ou=private,ou=rcabook,dc=hostname,dc=tld]: Array ( [objectClass] => Array ( [0] => top [1] => groupOfNames )
[cn] => Testgroup [] =>)
[07-Apr-2012 22:40:47 +0200]: S: Undefined attribute type [07-Apr-2012 22:40:47 +0200]: C: Close
RESULT: Does NOT work, and we get a red error message "An error occured while saving." on top of the web page.
In addition, the input mask for "Adress" shows 4 text boxes (street, postal, l, c fields), but the one for Region (st field) only shows a placeholder string "{region}" (no text box, just the text).
- Contact photos that show fine in iOS and jxplorer don't show at all
in the web UI. No need to be able to update the photo here, but showing the already existing contact photo would be awesome ;-)
Could you please indicate whether these are know issues, and what to do about them? Again, editing etc. in iOS and jxplorer on the same LDAP directory with the same credentials works correctly in all of the above cases.
Thank you in advance, Achim _______________________________________________ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
On 04/08/2012 11:08 PM, Andreas Dick wrote:
ldap support in RC is far from good tested, since I just have my setup, and the core devs do not use it much...
I think it's because most setups use LDAP addressbook in read-only mode. To OP, provide your config and access to your LDAP server and I'll try to help you with this.
Am Montag, 9. April 2012, 09.53:44 schrieb A.L.E.C:
On 04/08/2012 11:08 PM, Andreas Dick wrote:
ldap support in RC is far from good tested, since I just have my setup, and the core devs do not use it much...
I think it's because most setups use LDAP addressbook in read-only mode. To OP, provide your config and access to your LDAP server and I'll try to help you with this.
probably yes. I use it hardly as read and write, but I have just my homebrew setup and can not test it with different ones... thus it is cool when others like Achim try to use it as well... yes, we need the config (only the LDAP part) to be able to reproduce or even to fix problems.
Andreas
Hello again:
On 09.04.2012 12:22, Andreas Dick wrote:
yes, we need the config (only the LDAP part) to be able to reproduce or even to fix problems.
OK, here it goes (slightly redacted):
$rcmail_config['ldap_public'] = array ();
$rcmail_config['ldap_public']['public'] = array( 'name' => 'Private', 'hosts' => array('ldap.domain.tld'), 'port' => 389, // this is importnat, otherwise the user specific bind_pass is not populated! 'user_specific' => true, // %fu - The full username provided, assumes the username is an email // address, uses the username_domain value if not an email address. // %u - The username prior to the '@'. // %d - The domain name after the '@'. // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" // %dn - DN found by ldap search when search_filter/search_base_dn are used 'base_dn' => 'cn=%fu,ou=private,ou=rcabook,dc=domain,dc=tld', 'bind_dn' => 'cn=%fu,ou=private,ou=rcabook,dc=domain,dc=tld', 'bind_pass' => '', // the user login password is used 'filter' => '(objectClass=inetOrgPerson)', 'writable' => true, 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), 'LDAP_rdn' => 'mail', 'required_fields' => array('cn', 'sn', 'mail', 'givenName'), // mapping of contact fields to directory attributes 'fieldmap' => array( // Roundcube => LDAP 'name' => 'cn', 'surname' => 'sn', 'firstname' => 'givenName', 'email' => 'mail', 'phone:home' => 'homePhone', 'phone:work' => 'telephoneNumber', 'phone:mobile' => 'mobile', 'street' => 'street', 'zipcode' => 'postalCode', 'locality' => 'l', 'country' => 'c', 'organization' => 'o', ), 'search_fields' => array('mail', 'cn', 'sn', 'givenName'), // fields to search in 'sort' => 'cn', // The field to sort the listing by. 'scope' => 'sub', // search mode: sub|base|list 'fuzzy_search' => true, // server allows wildcard search 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. 'groups' => array( 'base_dn' => '', // in this Howto, the same base_dn as for the contacts is used 'filter' => '(objectClass=groupOfNames)', 'object_classes' => array("top", "groupOfNames"), ), )
$rcmail_config['autocomplete_addressbooks'] = array('sql','public');
$rcmail_config['address_template'] = '{street}<br/>{locality} {zipcode}<br/>{region}';
You will see that this is a "public" address book, but it is editable for all users (only testing for now): changes from iOS work fine with the exact same configuration for base_dn, bind_dn and bind_pass.
Thank you in advance, Achim
PS: If useful, I can also provide access to the underlying OpenLDAP server!
hei Achim on the first sight, I miss 'ldap_version' => 3, // using LDAPv3
this could explain a lot... or did you just stiped it out?
Am Montag, 9. April 2012, 20.36:17 schrieb Achim:
Hello again:
On 09.04.2012 12:22, Andreas Dick wrote:
yes, we need the config (only the LDAP part) to be able to reproduce or even to fix problems.
OK, here it goes (slightly redacted):
$rcmail_config['ldap_public'] = array ();
$rcmail_config['ldap_public']['public'] = array( 'name' => 'Private', 'hosts' => array('ldap.domain.tld'), 'port' => 389, // this is importnat, otherwise the user specific bind_pass is not populated! 'user_specific' => true, // %fu - The full username provided, assumes the username is an email // address, uses the username_domain value if not an email address. // %u - The username prior to the '@'. // %d - The domain name after the '@'. // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" // %dn - DN found by ldap search when search_filter/search_base_dn are used 'base_dn' => 'cn=%fu,ou=private,ou=rcabook,dc=domain,dc=tld', 'bind_dn' => 'cn=%fu,ou=private,ou=rcabook,dc=domain,dc=tld', 'bind_pass' => '', // the user login password is used 'filter' => '(objectClass=inetOrgPerson)', 'writable' => true, 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), 'LDAP_rdn' => 'mail', 'required_fields' => array('cn', 'sn', 'mail', 'givenName'), // mapping of contact fields to directory attributes 'fieldmap' => array( // Roundcube => LDAP 'name' => 'cn', 'surname' => 'sn', 'firstname' => 'givenName', 'email' => 'mail', 'phone:home' => 'homePhone', 'phone:work' => 'telephoneNumber', 'phone:mobile' => 'mobile', 'street' => 'street', 'zipcode' => 'postalCode', 'locality' => 'l', 'country' => 'c', 'organization' => 'o', ), 'search_fields' => array('mail', 'cn', 'sn', 'givenName'), // fields to search in 'sort' => 'cn', // The field to sort the listing by. 'scope' => 'sub', // search mode: sub|base|list 'fuzzy_search' => true, // server allows wildcard search 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. 'groups' => array( 'base_dn' => '', // in this Howto, the same base_dn as for the contacts is used 'filter' => '(objectClass=groupOfNames)', 'object_classes' => array("top", "groupOfNames"), ), )
$rcmail_config['autocomplete_addressbooks'] = array('sql','public');
$rcmail_config['address_template'] = '{street}<br/>{locality} {zipcode}<br/>{region}';
You will see that this is a "public" address book, but it is editable for all users (only testing for now): changes from iOS work fine with the exact same configuration for base_dn, bind_dn and bind_pass.
Thank you in advance, Achim
PS: If useful, I can also provide access to the underlying OpenLDAP server! _______________________________________________ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
another hint: is the bind dn existing?
'bind_dn' => cn=%fu,ou=private,ou=rcabook,dc=domain,dc=tld
your have to create it by hand for now!
Am Montag, 9. April 2012, 20.36:17 schrieb Achim:
Hello again:
On 09.04.2012 12:22, Andreas Dick wrote:
yes, we need the config (only the LDAP part) to be able to reproduce or even to fix problems.
OK, here it goes (slightly redacted):
$rcmail_config['ldap_public'] = array ();
$rcmail_config['ldap_public']['public'] = array( 'name' => 'Private', 'hosts' => array('ldap.domain.tld'), 'port' => 389, // this is importnat, otherwise the user specific bind_pass is not populated! 'user_specific' => true, // %fu - The full username provided, assumes the username is an email // address, uses the username_domain value if not an email address. // %u - The username prior to the '@'. // %d - The domain name after the '@'. // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" // %dn - DN found by ldap search when search_filter/search_base_dn are used 'base_dn' => 'cn=%fu,ou=private,ou=rcabook,dc=domain,dc=tld', 'bind_dn' => 'cn=%fu,ou=private,ou=rcabook,dc=domain,dc=tld', 'bind_pass' => '', // the user login password is used 'filter' => '(objectClass=inetOrgPerson)', 'writable' => true, 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), 'LDAP_rdn' => 'mail', 'required_fields' => array('cn', 'sn', 'mail', 'givenName'), // mapping of contact fields to directory attributes 'fieldmap' => array( // Roundcube => LDAP 'name' => 'cn', 'surname' => 'sn', 'firstname' => 'givenName', 'email' => 'mail', 'phone:home' => 'homePhone', 'phone:work' => 'telephoneNumber', 'phone:mobile' => 'mobile', 'street' => 'street', 'zipcode' => 'postalCode', 'locality' => 'l', 'country' => 'c', 'organization' => 'o', ), 'search_fields' => array('mail', 'cn', 'sn', 'givenName'), // fields to search in 'sort' => 'cn', // The field to sort the listing by. 'scope' => 'sub', // search mode: sub|base|list 'fuzzy_search' => true, // server allows wildcard search 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. 'groups' => array( 'base_dn' => '', // in this Howto, the same base_dn as for the contacts is used 'filter' => '(objectClass=groupOfNames)', 'object_classes' => array("top", "groupOfNames"), ), )
$rcmail_config['autocomplete_addressbooks'] = array('sql','public');
$rcmail_config['address_template'] = '{street}<br/>{locality} {zipcode}<br/>{region}';
You will see that this is a "public" address book, but it is editable for all users (only testing for now): changes from iOS work fine with the exact same configuration for base_dn, bind_dn and bind_pass.
Thank you in advance, Achim
PS: If useful, I can also provide access to the underlying OpenLDAP server! _______________________________________________ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Hello Andreas:
I have added the setting you mentioned in the previous message:
'ldap_version' => 3, // using LDAPv3
In addition:
On 09.04.2012 22:18, Andreas Dick wrote:
another hint: is the bind dn existing?
'bind_dn' =>cn=%fu,ou=private,ou=rcabook,dc=domain,dc=tld
your have to create it by hand for now!
I am aware of that, and they are created manually or via script ;-)
As I mentioned, I can edit several attributes just fine with the existing configuration via other clients such as iOS.
I will start a new thread with a better (summarised) description of the current situation, OK?
Best regards, Achim
-
A.L.E.C -
Achim -
Andreas Dick