Zarafa Novell eDirectory integration

From Zarafa wiki

Revision as of 09:38, 28 November 2008 by Admin (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The following ldap configuration file can be used to integrate Zarafa with a Novell eDirectory.

############################################################## # LDAP/ACTIVE DIRECTORY USER PLUGIN SETTINGS # # Any of these directives that are required, are only required if the # userplugin parameter is set to ldap. # LDAP host name/IP address # Optional, default = localhost ldap_host = # LDAP port # Optional, default = 389 # Use 636 for ldaps ldap_port = 389 # LDAP protocol # Optional, default = ldap # use 'ldaps' for SSL encryption. Make sure /etc/ldap/ldap.conf is # configured correctly with TLS_CACERT ldap_protocol = ldap # The DN of the user to bind as for normal operations (not used for # authentication if ldap_authentication_method is set to "bind" # Optional, default = empty (anonymous bind) # The userPassword attribute must be readable for this user if the # ldap_authentication_method option is set to password. ldap_bind_user = cn=admin,o=zarafa # LDAP bind password # Optional, default = empty (no password) ldap_bind_passwd = zarafa # Search for users starting from this DN # Required ldap_user_search_base = o=zarafa # Search method to find a user, can be: base, one or sub # Default: sub ldap_user_scope = sub # Search for users using this LDAP filter. See ldap_search(3) or RFC # 2254 for details on the filter syntax. # Optional, default = empty (match everything) # For active directory, use: # (&(objectClass=person)(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=zarafa,DC=com)) # For LDAP with posix users, use: # (objectClass=posixAccount) ldap_user_search_filter = (objectClass=Person) # unique user id for find the user # Required # For active directory, use: # objectSid # For LDAP with posixAccount, use: # uidNumber ldap_user_unique_attribute = uid # Type of unique user id # default: text # For active directory, use: # binary # For LDAP with posix user, use: # text ldap_user_unique_attribute_type = text # Search for groups starting from this DN # Required ldap_group_search_base = o=zarafa # Search method to find a group, can be: base, one or sub # Default: sub ldap_group_scope = sub # Search for groups using this LDAP filter. See ldap_search(3) for # details on the filter syntax. # Optional, default = empty (match everything) # For active directory, use: # (objectClass=group) # For LDAP with posix groups, use: # (objectClass=posixGroup) ldap_group_search_filter = (objectClass=Group) # unique group id for find the group # Required # For active directory, use: # objectSid # For LDAP with posix group, use: # gidNumber ldap_group_unique_attribute = cn # Type of unique group id # default: text # For active directory, use: # binary # For LDAP with posix group, use: # text ldap_group_unique_attribute_type = text # Optional, default = cn # For active directory, use: # displayName # For LDAP with posix user, use: # cn ldap_fullname_attribute = cn # Optional, default = uid # Active directory: sAMAccountName # LDAP: uid ldap_loginname_attribute = uid # Optional, default = userPassword # Active directory: unicodePwd # LDAP: userPassword ldap_password_attribute = userPassword # Optional, default = mail # Active directory: mail # LDAP: mail ldap_emailaddress_attribute = mail # Whether the user is an admin. The field is interpreted as a # boolean, 0 and false (case insensitive) meaning no, all other values # yes. # Optional, default = zarafaAdmin # Active directory: zarafaAdmin # LDAP: zarafaAdmin ldap_isadmin_attribute = zarafaAdmin # Whether a user is a non-active user. This means that the user will # not count towards your user count, but the user will also not be # able to log in # Optional, default = zarafaSharedStoreOnly # Active directory: zarafaSharedStoreOnly # LDAP: zarafaSharedStoreOnly ldap_nonactive_attribute = zarafaSharedStoreOnly # If set to bind, users are authenticated by trying to bind to the # LDAP tree using their username + password. Otherwise, the # ldap_password_attribute is requested and checked. # Optional, default = bind # Choices: bind, password # Active directory: bind # LDAP: password ldap_authentication_method = bind # Whether to override the system wide quota settings ldap_quotaoverride_attribute = zarafaQuotaOverride ldap_warnquota_attribute = zarafaQuotaWarn ldap_softquota_attribute = zarafaQuotaSoft ldap_hardquota_attribute = zarafaQuotaHard # Mapping from the quota attributes to a number of bytes. Qmail-LDAP # schema uses bytes (1), ADS uses kilobytes (1024). ldap_quota_multiplier = 1048576 # Optional, default = cn # Active directory: cn # LDAP: cn ldap_groupname_attribute = cn # Optional, default = member # Active directory: member # LDAP: member ldap_groupmembers_attribute = uniqueMember # Optional, default = name # Active directory: dn # LDAP: name ldap_groupmembers_attribute_type = dn # The attribute of the user which is listed in ldap_groupmember_attribute # Empty default, using ldap_user_unique_attribute ldap_groupmembers_relation_attribute = # The charset that strings are stored in on the LDAP server. Normally this # is utf-8, but this can differ according to your setup. The charset specified # here must be supported by your iconv(1) setup. See iconv -l for all charset ldap_server_charset = utf-8

Personal tools