Announcement

Collapse
No announcement yet.

global addressbook: LDAP bind

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • global addressbook: LDAP bind

    Hello

    I've started testing community edition of OX6 sp5, for my organization.
    I am now successfully authenticating users with LDAP, and synchronizing LDAP users with oxldapsynch to OX. that went very well.

    I have an issue with the global address book: currently it displays info about every OX user. and I'd like to change that, and make LDAP the only source for the global addressbook. how do I do that?

    I found out that its related to ldap.conf, but no matter what I type in there, it does not effect on anything. is there a certain procedure?

    thanks in advance
    schattenjager

  • #2
    Configs

    I've configured ldap for many clients (horde/kmail/evolution/outlook/claws/thunderbird) but I can't work out how to config for open-xchange-contacts-ldap.

    I can't find any documentation for this
    (I'm using open-xchange-6.10.0.0-6_6.1)

    Any pointers anywhere, or example configs.
    I've modified the configs that come with it, but nothing seems to happen - no error messages or anything.

    Comment


    • #3
      Hi,

      have you installed the open-xchange-contacts-ldap bundle? This does not make the normal global addressbook disappear, but it adds a public contact folder which contains contact data from LDAP or ADS.

      Greetings

      Comment


      • #4
        ldap contacts error

        I found the error in the log after reinstalling and reconfiguring again:

        SEVERE:
        Start-up of bundle "com.openexchange.contacts.ldap" failed: DBP-0002 Category=8 Message=Resolving database for context 111 and server 2 not possible! exceptionID=1494794476-1

        Does this mean you can't have database auth and ldap contacts?

        Comment


        • #5
          Hi,

          no that has nothing to do with authentication. Its just that the ldap configuration is active for context 111 which does not seem to exist on your server. Please check the contacts-ldap directory. The subdirectory where the configuration is located needs to be equally named to the context ID. Typically the first context is 1.

          Greetings

          Comment


          • #6
            ldap error

            Thanks for that I worked out the problems with my config there, I see the new folder, but now I'm getting this error.

            I am using redhat directory server btw, I tried altering the page size but that made no difference (I set it to 1,100,1000 and 1500)

            Jul 28, 2009 6:10:22 PM com.openexchange.tools.exceptions.DefaultLoggingLo gic internalError
            SEVERE: An internal error occurred: PERMISSION-0002 Category=7 Message=An error occured while trying to read an LDAP attribute: [LDAP: error code 12 - Unavailable Critical Extension] exceptionID=-904208431-7
            PERMISSION-0002 Category=7 Message=An error occured while trying to read an LDAP attribute: [LDAP: error code 12 - Unavailable Critical Extension] exceptionID=-904208431-7

            The ldap logs show:

            [28/Jul/2009:19:37:02 +0100] conn=6083 op=2 SRCH base="ou=Address Book,dc=xxxxxx,dc=com" scope=1 filter="(|(objectClass=top)(objectClass=person)(ob jectClass=organizationalPerson)(objectClass=inetOr gPerson))", failed to decode LDAP controls

            I got the search filter from horde which works fine, but I've tried every search filter, and the username stuff is fine.

            Comment


            • #7
              ldap contacts

              I've pretty much given up on this, there is no real clue as to what the issue is or any documentation for it so I think it's probably best if I drop using open-xchange and try it again in a year or to

              Thanks for you help so far

              Comment


              • #8
                Just seen this Thread. If you are still interested in resolving this problem, please paste your config files all below /opt/open-xchange/etc/groupware/contacts-ldap are needed.

                Thanks in advance,

                Dennis

                Comment


                • #9
                  Thank you for all the information.

                  Comment


                  • #10
                    ldap working

                    As promised I said I'd try again ;-)

                    It seems to be working much much better now, same configs but it just works.
                    One thing I can't work out is that although the contacts appear I get
                    "You do not have write permission for this object"

                    From what I can see this has nothing to do with ldap, as I have set everything to use AdminDN and set the admin DN correctly.
                    Is there any way of setting this to read/write?

                    If this is ldap, how does open-xchange pick up the user access?
                    From what I can see its either anonymous or admin ?

                    Am I missing something?
                    Attached Files
                    Last edited by deadmalc; 02-10-2010, 06:57 PM.

                    Comment


                    • #11
                      Yes, contacts-ldap is currently read-only, this is hard-coded so there no way to change this at the moment.

                      For the access 3 types are possible: anonymous, admin and user. The difference between admin and user is that the first one has fixed credentials and passwords set in the config file while user searches the user to authenticate with in the ldap tree before authentication. Just see the config file and the documentation for details.

                      Regards,

                      Dennis

                      Comment


                      • #12
                        Thanks

                        Great, Thanks for that.
                        I'll modify my config not to use AdminDN then for the moment.
                        It's an annoyance, but not a show stopper by any means for me.

                        Great I've got ldap working now though :-D

                        Thanks for your help again

                        Comment


                        • #13
                          not usable

                          Although I can see the users in ldap, I cannot use them for anything.
                          Users don't auto complete and I can't click on a user to send an email.
                          Guess I'll have to leave it for another 6 months again :-(

                          Comment


                          • #14
                            Autocomplete is disabled at the moment due to load issues. Every keyboard hit will search the ldap directory, which will cause a lot of load, especially in big environments. But you can click on "To:" and select the the folder, then it will work.

                            HTH,

                            Dennis

                            Comment


                            • #15
                              Would it be possible to cache the ldap search response for a search at the autocomplete and search at the cached results instead of querying ldap over and over for a subset of the already delivered response?

                              Comment

                              Working...
                              X