Zarafa Novell eDirectory integration

From Zarafa wiki

(Difference between revisions)
Jump to: navigation, search
Line 2: Line 2:
<pre>
<pre>
-
    ##############################################################
+
  ldap_host = localhost
-
    #  LDAP/ACTIVE DIRECTORY USER PLUGIN SETTINGS
+
ldap_port = 389
-
    #
+
ldap_protocol = ldap
-
    # Any of these directives that are required, are only required if the
+
ldap_server_charset = utf-8
-
    # userplugin parameter is set to ldap.
+
ldap_bind_user =  cn=zarafa,ou=tu,o=be
-
 
+
ldap_bind_passwd =  password
-
    # LDAP host name/IP address
+
ldap_network_timeout = 30
-
    # Optional, default = localhost
+
ldap_search_base = o=be
-
    ldap_host =
+
ldap_object_type_attribute = objectClass
-
 
+
ldap_user_type_attribute_value = zarafa-user
-
    # LDAP port
+
ldap_group_type_attribute_value = zarafa-group
-
    # Optional, default = 389
+
ldap_contact_type_attribute_value = zarafa-contact
-
    # Use 636 for ldaps
+
ldap_company_type_attribute_value = organizationalUnit
-
    ldap_port = 389
+
ldap_addresslist_type_attribute_value = zarafa-addresslist
-
 
+
ldap_dynamicgroup_type_attribute_value = zarafa-dynamicgroup
-
    # LDAP protocol
+
ldap_user_search_filter =  (objectClass=zarafa-user)
-
    # Optional, default = ldap
+
ldap_user_unique_attribute =  uid
-
    # use 'ldaps' for SSL encryption. Make sure /etc/ldap/ldap.conf is
+
ldap_user_unique_attribute_type = text
-
    # configured correctly with TLS_CACERT
+
ldap_fullname_attribute = fullname
-
    ldap_protocol = ldap
+
ldap_loginname_attribute = uid
-
 
+
ldap_password_attribute = userPassword
-
    # The DN of the user to bind as for normal operations (not used for
+
ldap_authentication_method = bind
-
    # authentication if ldap_authentication_method is set to "bind"
+
ldap_emailaddress_attribute = mail
-
    # Optional, default = empty (anonymous bind)
+
ldap_emailaliases_attribute = zarafaAliases
-
    # The userPassword attribute must be readable for this user if the
+
ldap_isadmin_attribute = zarafaAdmin
-
    # ldap_authentication_method option is set to password.
+
ldap_nonactive_attribute =
-
    ldap_bind_user =  cn=admin,o=zarafa
+
ldap_resource_type_attribute = zarafaResourceType
-
 
+
ldap_resource_capacity_attribute = zarafaResourceCapacity
-
    # LDAP bind password
+
ldap_sendas_attribute = zarafaSendAsPrivilege
-
    # Optional, default = empty (no password)
+
ldap_sendas_attribute_type = text
-
    ldap_bind_passwd =  password
+
ldap_sendas_relation_attribute =
-
 
+
ldap_user_certificate_attribute = userCertificate
-
    # Search for users starting from this DN
+
!propmap /etc/zarafa/ldap.propmap.cfg
-
    # Required
+
ldap_group_search_filter = (objectClass=group)
-
    ldap_user_search_base = o=zarafa
+
ldap_group_unique_attribute = cn
-
 
+
ldap_group_unique_attribute_type = text
-
    # Search method to find a user, can be: base, one or sub
+
ldap_groupname_attribute = cn
-
    # Default: sub
+
ldap_groupmembers_attribute = member
-
    ldap_user_scope = sub
+
ldap_groupmembers_attribute_type = dn
-
 
+
ldap_groupmembers_relation_attribute = 
-
    # Search for users using this LDAP filter.  See ldap_search(3) or RFC
+
ldap_group_security_attribute = zarafaSecurityGroup
-
    # 2254 for details on the filter syntax.
+
ldap_group_security_attribute_type = boolean
-
    # Optional, default = empty (match everything)
+
ldap_company_search_filter =
-
    # For active directory, use:
+
ldap_company_unique_attribute = ou
-
    #  (&(objectClass=person)(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=zarafa,DC=com))
+
ldap_company_unique_attribute_type = text
-
    # For LDAP with posix users, use:
+
ldap_companyname_attribute = ou
-
    #  (objectClass=posixAccount)
+
ldap_company_view_attribute = zarafaViewPrivilege
-
    ldap_user_search_filter =  (objectClass=Person)
+
ldap_company_view_attribute_type = text
-
 
+
ldap_company_view_relation_attribute =
-
    # unique user id for find the user
+
ldap_company_admin_attribute = zarafaAdminPrivilege
-
    # Required
+
ldap_company_admin_attribute_type = text
-
    # For active directory, use:
+
ldap_company_admin_relation_attribute =
-
    #    objectSid
+
ldap_company_system_admin_attribute = zarafaSystemAdmin
-
    # For LDAP with posixAccount, use:
+
ldap_company_system_admin_attribute_type = text
-
    #    uidNumber
+
ldap_company_system_admin_relation_attribute =
-
    ldap_user_unique_attribute =  uid
+
ldap_dynamicgroup_search_filter =
-
 
+
ldap_dynamicgroup_unique_attribute = cn
-
    # Type of unique user id
+
ldap_dynamicgroup_unique_attribute_type = text
-
    # default: text
+
ldap_dynamicgroup_filter_attribute = zarafaFilter
-
    # For active directory, use:
+
ldap_dynamicgroup_search_base_attribute = zarafaBase
-
    #      binary
+
ldap_dynamicgroup_name_attribute = cn
-
    # For LDAP with posix user, use:
+
ldap_quota_userwarning_recipients_attribute = zarafaQuotaUserWarningRecipients
-
    #      text
+
ldap_quota_userwarning_recipients_attribute_type = text
-
    ldap_user_unique_attribute_type = text
+
ldap_quota_userwarning_recipients_relation_attribute =
-
 
+
ldap_quota_companywarning_recipients_attribute = zarafaQuotaCompanyWarningRecipients
-
    # Search for groups starting from this DN
+
ldap_quota_companywarning_recipients_attribute_type = text
-
    # Required
+
ldap_quota_companywarning_recipients_relation_attribute =
-
    ldap_group_search_base = o=zarafa
+
ldap_quotaoverride_attribute = zarafaQuotaOverride
-
 
+
ldap_warnquota_attribute = zarafaQuotaWarn
-
    # Search method to find a group, can be: base, one or sub
+
ldap_softquota_attribute = zarafaQuotaSoft
-
    # Default: sub
+
ldap_hardquota_attribute = zarafaQuotaHard
-
    ldap_group_scope = sub
+
ldap_userdefault_quotaoverride_attribute = zarafaUserDefaultQuotaOverride
-
 
+
ldap_userdefault_warnquota_attribute = zarafaUserDefaultQuotaWarn
-
    # Search for groups using this LDAP filter.  See ldap_search(3) for
+
ldap_userdefault_softquota_attribute = zarafaUserDefaultQuotaSoft
-
    # details on the filter syntax.
+
ldap_userdefault_hardquota_attribute = zarafaUserDefaultQuotaHard
-
    # Optional, default = empty (match everything)
+
ldap_quota_multiplier = 1
-
    # For active directory, use:
+
ldap_addressbook_hide_attribute = zarafaHidden
-
    #  (objectClass=group)
+
-
    # For LDAP with posix groups, use:
+
-
    #  (objectClass=posixGroup)
+
-
    ldap_group_search_filter = (objectClass=Group)
+
-
 
+
-
    # unique group id for find the group
+
-
    # Required
+
-
    # For active directory, use:
+
-
    #    objectSid
+
-
    # For LDAP with posix group, use:
+
-
    #    gidNumber
+
-
    ldap_group_unique_attribute = cn
+
-
 
+
-
    # Type of unique group id
+
-
    # default: text
+
-
    # For active directory, use:
+
-
    #      binary
+
-
    # For LDAP with posix group, use:
+
-
    #      text
+
-
    ldap_group_unique_attribute_type = text
+
-
 
+
-
    # Optional, default = cn
+
-
    # For active directory, use:
+
-
    #  displayName
+
-
    # For LDAP with posix user, use:
+
-
    #  cn
+
-
    ldap_fullname_attribute = cn
+
-
 
+
-
    # Optional, default = uid
+
-
    # Active directory: sAMAccountName
+
-
    # LDAP: uid
+
-
    ldap_loginname_attribute = uid
+
-
 
+
-
    # Optional, default = userPassword
+
-
    # Active directory: unicodePwd
+
-
    # LDAP: userPassword
+
-
    ldap_password_attribute = userPassword
+
-
 
+
-
    # Optional, default = mail
+
-
    # Active directory: mail
+
-
    # LDAP: mail
+
-
    ldap_emailaddress_attribute = mail
+
-
 
+
-
    # Whether the user is an admin.  The field is interpreted as a
+
-
    # boolean, 0 and false (case insensitive) meaning no, all other values
+
-
    # yes.
+
-
    # Optional, default = zarafaAdmin
+
-
    # Active directory: zarafaAdmin
+
-
    # LDAP: zarafaAdmin
+
-
    ldap_isadmin_attribute = zarafaAdmin
+
-
 
+
-
    # Whether a user is a non-active user. This means that the user will
+
-
    # not count towards your user count, but the user will also not be
+
-
    # able to log in
+
-
    # Optional, default = zarafaSharedStoreOnly
+
-
    # Active directory: zarafaSharedStoreOnly
+
-
    # LDAP: zarafaSharedStoreOnly
+
-
    ldap_nonactive_attribute = zarafaSharedStoreOnly
+
-
 
+
-
    # If set to bind, users are authenticated by trying to bind to the
+
-
    # LDAP tree using their username + password.  Otherwise, the
+
-
    # ldap_password_attribute is requested and checked.
+
-
    # Optional, default = bind
+
-
    # Choices: bind, password
+
-
    # Active directory: bind
+
-
    # LDAP: password
+
-
    ldap_authentication_method = bind
+
-
 
+
-
    # Whether to override the system wide quota settings
+
-
    ldap_quotaoverride_attribute = zarafaQuotaOverride
+
-
 
+
-
    ldap_warnquota_attribute = zarafaQuotaWarn
+
-
    ldap_softquota_attribute = zarafaQuotaSoft
+
-
    ldap_hardquota_attribute = zarafaQuotaHard
+
-
 
+
-
    # Mapping from the quota attributes to a number of bytes.  Qmail-LDAP
+
-
    # schema uses bytes (1), ADS uses kilobytes (1024).
+
-
    ldap_quota_multiplier = 1048576
+
-
 
+
-
    # Optional, default = cn
+
-
    # Active directory: cn
+
-
    # LDAP: cn
+
-
    ldap_groupname_attribute = cn
+
-
 
+
-
    # Optional, default = member
+
-
    # Active directory: member
+
-
    # LDAP: member
+
-
    ldap_groupmembers_attribute = uniqueMember
+
-
 
+
-
    # Optional, default = name
+
-
    # Active directory: dn
+
-
    # LDAP: name
+
-
    ldap_groupmembers_attribute_type =  dn
+
-
 
+
-
    # The attribute of the user which is listed in ldap_groupmember_attribute
+
-
    # Empty default, using ldap_user_unique_attribute
+
-
    ldap_groupmembers_relation_attribute =
+
-
 
+
-
    # The charset that strings are stored in on the LDAP server. Normally this
+
-
    # is utf-8, but this can differ according to your setup. The charset specified
+
-
    # here must be supported by your iconv(1) setup. See iconv -l for all charset
+
-
    ldap_server_charset = utf-8
+
</pre>
</pre>

Revision as of 09:14, 27 April 2011

The following ldap configuration file can be used to integrate Zarafa with a Novell eDirectory.

   ldap_host = localhost
ldap_port = 389
ldap_protocol = ldap
ldap_server_charset = utf-8
ldap_bind_user =  cn=zarafa,ou=tu,o=be
ldap_bind_passwd =  password
ldap_network_timeout = 30
ldap_search_base = o=be
ldap_object_type_attribute = objectClass
ldap_user_type_attribute_value = zarafa-user
ldap_group_type_attribute_value = zarafa-group
ldap_contact_type_attribute_value = zarafa-contact
ldap_company_type_attribute_value = organizationalUnit
ldap_addresslist_type_attribute_value = zarafa-addresslist
ldap_dynamicgroup_type_attribute_value = zarafa-dynamicgroup
ldap_user_search_filter =  (objectClass=zarafa-user)
ldap_user_unique_attribute =  uid
ldap_user_unique_attribute_type = text
ldap_fullname_attribute = fullname
ldap_loginname_attribute = uid
ldap_password_attribute = userPassword
ldap_authentication_method = bind
ldap_emailaddress_attribute = mail
ldap_emailaliases_attribute = zarafaAliases
ldap_isadmin_attribute = zarafaAdmin
ldap_nonactive_attribute =
ldap_resource_type_attribute = zarafaResourceType
ldap_resource_capacity_attribute = zarafaResourceCapacity
ldap_sendas_attribute = zarafaSendAsPrivilege
ldap_sendas_attribute_type = text
ldap_sendas_relation_attribute =
ldap_user_certificate_attribute = userCertificate
!propmap /etc/zarafa/ldap.propmap.cfg
ldap_group_search_filter = (objectClass=group)
ldap_group_unique_attribute = cn
ldap_group_unique_attribute_type = text
ldap_groupname_attribute = cn
ldap_groupmembers_attribute = member
ldap_groupmembers_attribute_type = dn
ldap_groupmembers_relation_attribute =  
ldap_group_security_attribute = zarafaSecurityGroup
ldap_group_security_attribute_type = boolean
ldap_company_search_filter =
ldap_company_unique_attribute = ou
ldap_company_unique_attribute_type = text
ldap_companyname_attribute = ou
ldap_company_view_attribute = zarafaViewPrivilege
ldap_company_view_attribute_type = text
ldap_company_view_relation_attribute =
ldap_company_admin_attribute = zarafaAdminPrivilege
ldap_company_admin_attribute_type = text
ldap_company_admin_relation_attribute =
ldap_company_system_admin_attribute = zarafaSystemAdmin
ldap_company_system_admin_attribute_type = text
ldap_company_system_admin_relation_attribute =
ldap_dynamicgroup_search_filter =
ldap_dynamicgroup_unique_attribute = cn
ldap_dynamicgroup_unique_attribute_type = text
ldap_dynamicgroup_filter_attribute = zarafaFilter
ldap_dynamicgroup_search_base_attribute = zarafaBase
ldap_dynamicgroup_name_attribute = cn
ldap_quota_userwarning_recipients_attribute = zarafaQuotaUserWarningRecipients
ldap_quota_userwarning_recipients_attribute_type = text
ldap_quota_userwarning_recipients_relation_attribute =
ldap_quota_companywarning_recipients_attribute = zarafaQuotaCompanyWarningRecipients
ldap_quota_companywarning_recipients_attribute_type = text
ldap_quota_companywarning_recipients_relation_attribute =
ldap_quotaoverride_attribute = zarafaQuotaOverride
ldap_warnquota_attribute = zarafaQuotaWarn
ldap_softquota_attribute = zarafaQuotaSoft
ldap_hardquota_attribute = zarafaQuotaHard
ldap_userdefault_quotaoverride_attribute = zarafaUserDefaultQuotaOverride
ldap_userdefault_warnquota_attribute = zarafaUserDefaultQuotaWarn
ldap_userdefault_softquota_attribute = zarafaUserDefaultQuotaSoft
ldap_userdefault_hardquota_attribute = zarafaUserDefaultQuotaHard
ldap_quota_multiplier = 1
ldap_addressbook_hide_attribute = zarafaHidden 

To extend eDirectory with the Zarafa schema you need to have a ldif file. I added in the attachment the converted Zarafa schema to ldif. With the ICE plugin in the eDirectory iManager you can import the ldif file.

File:Ldif.zip

Personal tools