Zarafa Red Hat Directory Server integration

From Zarafa wiki

Revision as of 10:17, 19 September 2008

Through the flexible LDAP user backend of Zarafa, you can integrate it with all LDAP based systems.

Below you will find how to integrate Zarafa with an Red Hat Directory Server (RHDS).

The following is an example ldap.cfg file for RHDS:

##############################################################
#  LDAP/ACTIVE DIRECTORY USER PLUGIN SETTINGS
#
# Any of these directives that are required, are only required if the
# userplugin parameter is set to ldap.

# LDAP host name/IP address
# Optional, default = localhost
ldap_host = ip-address

# LDAP port
# Optional, default = 389
# Use 636 for ldaps
ldap_port = 389

# LDAP protocol
# Optional, default = ldap
# use 'ldaps' for SSL encryption. Make sure /etc/ldap/ldap.conf is
# configured correctly with TLS_CACERT
ldap_protocol = ldap

# The DN of the user to bind as for normal operations (not used for
# authentication if ldap_authentication_method is set to "bind"
# Optional, default = empty (anonymous bind)
# The userPassword attribute must be readable for this user if the
# ldap_authentication_method option is set to password.
ldap_bind_user = uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot

# LDAP bind password
# Optional, default = empty (no password)
ldap_bind_passwd = password

# Search for users starting from this DN
# Required
ldap_user_search_base = ou=people,dc=zarafa,dc=com

# Search method to find a user, can be: base, one or sub
# Default: sub
ldap_user_scope = sub

# Search for users using this LDAP filter.  See ldap_search(3) or RFC
# 2254 for details on the filter syntax.
ldap_user_search_filter = (objectClass=person)

# unique user id for find the user
# Required
# For active directory, use:
#    objectSid
# For LDAP with posixAccount, use:
#    uidNumber
ldap_user_unique_attribute = uid

# Type of unique user id
# default: text
# For active directory, use:
#               binary
# For LDAP with posix user, use:
#               text
ldap_user_unique_attribute_type = text

# Search for groups starting from this DN
# Required
ldap_group_search_base = ou=groups,dc=zarafa,dc=com

# Search method to find a group, can be: base, one or sub
# Default: sub
ldap_group_scope = sub

# Search for groups using this LDAP filter.  See ldap_search(3) for
# details on the filter syntax.
# Optional, default = empty (match everything)
ldap_group_search_filter = (objectClass=posixGroup)

# unique group id for find the group
# Required
# For active directory, use:
#    objectSid
# For LDAP with posix group, use:
#    gidNumber
ldap_group_unique_attribute = gid

# Type of unique group id
# default: text
# For active directory, use:
#               binary
# For LDAP with posix group, use:
#               text
ldap_group_unique_attribute_type = text

# Optional, default = cn
# For active directory, use:
#   displayName
# For LDAP with posix user, use:
#   cn
ldap_fullname_attribute = cn

# Optional, default = uid
# Active directory: sAMAccountName
# LDAP: uid
ldap_loginname_attribute = uid

# Optional, default = userPassword
# Active directory: unicodePwd
# LDAP: userPassword
ldap_password_attribute = userPassword

# Optional, default = mail
# Active directory: mail
# LDAP: mail
ldap_emailaddress_attribute = mail

# Whether the user is an admin.  The field is interpreted as a
# boolean, 0 and false (case insensitive) meaning no, all other values
# yes.
# Optional, default = zarafaAdmin
# Active directory: zarafaAdmin
# LDAP: zarafaAdmin
ldap_isadmin_attribute = zarafaAdmin

# Whether a user is a non-active user. This means that the user will
# not count towards your user count, but the user will also not be
# able to log in
# Optional, default = zarafaSharedStoreOnly
# Active directory: zarafaSharedStoreOnly
# LDAP: zarafaSharedStoreOnly
ldap_nonactive_attribute = zarafaSharedStoreOnly

# If set to bind, users are authenticated by trying to bind to the
# LDAP tree using their username + password.  Otherwise, the
# ldap_password_attribute is requested and checked.
# Optional, default = bind
# Choices: bind, password
# Active directory: bind
# LDAP: password
ldap_authentication_method = bind

# Whether to override the system wide quota settings
ldap_quotaoverride_attribute = zarafaQuotaOverride

ldap_warnquota_attribute = zarafaQuotaWarn
ldap_softquota_attribute = zarafaQuotaSoft
ldap_hardquota_attribute = zarafaQuotaHard

# Mapping from the quota attributes to a number of bytes.  Qmail-LDAP
# schema uses bytes (1), ADS uses kilobytes (1024).
ldap_quota_multiplier = 1

# Optional, default = cn
# Active directory: cn
# LDAP: cn
ldap_groupname_attribute = cn

# Optional, default = member
# Active directory: member
# LDAP: member
ldap_groupmembers_attribute = member

# Optional, default = name
# Active directory: dn
# LDAP: name
ldap_groupmembers_attribute_type = name

# The attribute of the user which is listed in ldap_groupmember_attribute
# Empty default, using ldap_user_unique_attribute
ldap_groupmembers_relation_attribute =

# The charset that strings are stored in on the LDAP server. Normally this
# is utf-8, but this can differ according to your setup. The charset specified
# here must be supported by your iconv(1) setup. See iconv -l for all charset
ldap_server_charset = utf-8

Import Zarafa schema

To import the Zarafa schema extension, use the following commands:

1. Download the following script: http://directory.fedoraproject.org/download/ol-schema-migrate.pl
2. Make the script executable.
3. Run the following command to import the Zarafa schema in RHDS: perl ol-schema-migrate.pl -b /usr/share/zarafa/zarafa.schema > /etc/dirsrv/slapd-rhds/schema/61zarafa.ldif
4. Restart the dirsrv to activate the new schema