Hi, new to Roundcube, I have still some confusion about configuring the LDAP address book. Please, is somewhere a little detailed description of the configuration scenarios and individual options?
Now I have something as this (found somewhere on the net):
$config['ldap_public']['public'] = array( 'name' => 'Public LDAP Addressbook', 'hosts' => array('ldap.mydomain'), 'base_dn' => 'o=spse', 'bind_dn' => 'cn=binduser,o=myorg', 'bind_pass' => 'binduseracces', 'filter' => '(&(objectClass=inetOrgPerson)(cn=z*))', 'sort' => 'sn', 'global_search' => true, 'fuzzy_search' => true, 'groups' => array( 'base_dn' => '', 'mail' => '{Mail-Address}@mydomain.com', 'filter' => '(&(objectClass=groupOfNames)(Mail-Address=*))', 'object_classes' => array("top", "groupOfNames"), 'class_member_attr' => array( 'groupofnames' => 'member', 'groupofuniquenames' => 'uniquemember' ), ), 'name_field' => 'uid', 'email_field' => 'mail', 'surname_field' => 'sn', 'firstname_field' => 'givenName', 'scope' => 'sub' );
and although as I understand the description for individual people, I do not even understand the description of groups - whole this block:
'groups' => array(
'base_dn' => '',
'mail' => '{Mail-Address}@mydomain.com',
'filter' => '(&(objectClass=groupOfNames)(Mail-Address=*))',
'object_classes' => array("top", "groupOfNames"),
'class_member_attr' => array(
'groupofnames' => 'member',
'groupofuniquenames' => 'uniquemember'
),
),
- why it is included just where it is?
- what is meant by:
'object_classes' => array("top", "groupOfNames"),
? what is block:
'class_member_attr' => array(
'groupofnames' => 'member',
'groupofuniquenames' => 'uniquemember'
),
In spite of all the confusion, RC puts something out. But what bothers me and I need to have it differently:
- when in new mail I write recipient address, autocompletion offers me
the required group. But when I click on it, in the address bar appears no single address (groupname@mydomain), but mail addresses of all group members! What with this?
- in address book menu, I want to display group names (as is now), but
not their members (or at least not to all RC users). Is this possible somehow?
I'm trying Roundcube version 1.3.4, LDAP DB is some commercial one with schema roughly corresponding with Openldap core, and groups are defined as:
dn: cn=_groupName_,ou=Groups,o=myorg Mail-Address: _groupName_ objectClass: groupOfNames objectClass: Top objectClass: Mail-Group member: cn=_user1_,ou=XX,o=myorg member: cn=_user2_,ou=YY,o=myorg ... cn: _groupName_
(there isn't complete mail address - only part before '@'. All groups in addressbook are in one domain)
Thanks in advance for your help! Franta Hanzlik
On 02/10/2018 12:03 AM, Franta Hanzlík wrote:
'groups' => array( 'base_dn' => '', 'mail' => '{Mail-Address}@mydomain.com', 'filter' => '(&(objectClass=groupOfNames)(Mail-Address=*))', 'object_classes' => array("top", "groupOfNames"), 'class_member_attr' => array( 'groupofnames' => 'member', 'groupofuniquenames' => 'uniquemember' ), ),
Here's an example from defaults.inc.php file:
// definition for contact groups (uncomment if no groups are supported) // for the groups base_dn, the user replacements %fu, %u, %d and %dc work as for base_dn (see above) // if the groups base_dn is empty, the contact base_dn is used for the groups as well // -> in this case, assure that groups and contacts are separated due to the concernig filters! 'groups' => array( 'base_dn' => '', 'scope' => 'sub', // Search mode: sub|base|list 'filter' => '(objectClass=groupOfNames)', 'object_classes' => array('top', 'groupOfNames'), // Object classes to be assigned to new groups 'member_attr' => 'member', // Name of the default member attribute, e.g. uniqueMember 'name_attr' => 'cn', // Attribute to be used as group name 'email_attr' => 'mail', // Group email address attribute (e.g. for mailing lists) 'member_filter' => '(objectclass=*)', // Optional filter to use when querying for group members 'vlv' => false, // Use VLV controls to list groups 'class_member_attr' => array( // Mapping of group object class to member attribute used in these objects 'groupofnames' => 'member', 'groupofuniquenames' => 'uniquemember' ), ),
So, there's no such thing as your "composite" 'mail' attribute specification. A group with an email_attr that contains an email address will not resolve to members' addresses.
On Sun, 11 Feb 2018 10:23:09 +0100 "A.L.E.C" alec@alec.pl wrote:
On 02/10/2018 12:03 AM, Franta Hanzlík wrote:
'groups' => array( 'base_dn' => '', 'mail' => '{Mail-Address}@mydomain.com', 'filter' => '(&(objectClass=groupOfNames)(Mail-Address=*))', 'object_classes' => array("top", "groupOfNames"), 'class_member_attr' => array( 'groupofnames' => 'member', 'groupofuniquenames' => 'uniquemember' ), ),Here's an example from defaults.inc.php file:
// definition for contact groups (uncomment if no groups are supported) // for the groups base_dn, the user replacements %fu, %u, %d and %dc work as for base_dn (see above) // if the groups base_dn is empty, the contact base_dn is used for the groups as well // -> in this case, assure that groups and contacts are separated due to the concernig filters! 'groups' => array( 'base_dn' => '', 'scope' => 'sub', // Search mode: sub|base|list 'filter' => '(objectClass=groupOfNames)', 'object_classes' => array('top', 'groupOfNames'), // Object classes to be assigned to new groups 'member_attr' => 'member', // Name of the default member attribute, e.g. uniqueMember 'name_attr' => 'cn', // Attribute to be used as group name 'email_attr' => 'mail', // Group email address attribute (e.g. for mailing lists) 'member_filter' => '(objectclass=*)', // Optional filter to use when querying for group members 'vlv' => false, // Use VLV controls to list groups 'class_member_attr' => array( // Mapping of group object class to member attribute used in these objects 'groupofnames' => 'member', 'groupofuniquenames' => 'uniquemember' ), ),
So, there's no such thing as your "composite" 'mail' attribute specification. A group with an email_attr that contains an email address will not resolve to members' addresses.
Hi Aleksander, thanks for Your reply - now it is clear. The problem is that group e-mail address is stored in LDAP DB in form as user part only (without '@domain), and I perhaps cannot change this. It is solvable somehow?
(something that would replace my "composite" expression. Dovecot server has for it this: https://wiki.dovecot.org/AuthDatabase/LDAP/Userdb?highlight=%28You+can+mix+s...
Some form of GAWK gensub() (regexp based substitution) would be IMO best...
And, please, is some page, where are those RC '*_attr' listed/described, or it is necessary to search in RC php code?
-
A.L.E.C -
Franta Hanzlík