[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [phpGroupWare-developers] Re: LDAP documenation
|
From: |
Benoit Hamet |
|
Subject: |
Re: [phpGroupWare-developers] Re: LDAP documenation |
|
Date: |
Wed, 26 Mar 2008 16:02:47 +0100 |
|
User-agent: |
IceDove 1.5.0.14pre (X11/20080305) |
Hi all, hi Roland,
Roland Gruber a écrit :
>
> Hi all,
>
> I built a prerelease of LAM with phpGroupware support. It can manage users
> and groups.
>
> Please try it
> http://lam.sourceforge.net/tmp/ldap-account-manager-2.3.0RC1.tar.gz.
I'm trying it, looks great.
For those who want to test, and - like me - are not familiar with lam,
here are some help :
read the INSTALL file
modify the lam.conf as this :
<snip>
modules: posixAccount_minUID: 10000 <-
modules: posixAccount_maxUID: 30000 <-
modules: posixGroup_minGID: 1000 <-
modules: posixGroup_maxGID: 3000 <-
modules: posixGroup_pwdHash: SSHA
modules: posixAccount_pwdHash: SSHA
# List of active account types.
activeTypes: user,group <-
types: suffix_user: ou=users,dc=phpgroupware,dc=org <-
types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber
types: modules_user: account,posixAccount,shadowAccount,phpGroupwareUser <-
types: suffix_group: ou=groups,dc=phpgroupware,dc=org <-
types: attr_group: #cn;#gidNumber;#memberUID;#description
types: modules_group: posixGroup,phpGroupwareGroup <-
remove the references to samba if you don't have it.
in the setup 2nd step, store accounts in ldap / auth with ldap (so 2
times LDAP, don't store accounts in SQL).
sync the values of account id / group id with the one you put in lam.conf
Create the admin using phpgw (I don't see how to do in an other way,
since acl are in SQL for the .16 version).
Then you should be ready to test, create a new user, it's added to phpgw.
Some remaining pitfalls, things against which we can't really work for
.16 but that should work in .18 :
Groups membership is NOT retrieved in ldap in phpgw, but from ACL. So
you will need to sync it, either with a crontab (need to know how
phpgwapi is working ...), or "manually" by going into the account
management, the created user, and add the group membership there ...
Perhaps Dave or another person will help me on that point, but ...
Another thing for Roland: I forgot to add the "account" in the
modules_group and inetOrgPerson was deleted ... so there was no
Structural objectClass. but the add failed with a rather criptic message
(internal implementation error). Could be cool if you were checking that
the object we are trying to create is using a structural
objectclass,isn't it ?
Thanks for your work, I will look at using lam for some of my ldap
management :).
Regards,
Caeies