I have successfully deployed Kopano using FreeIPA as the LDAP/Authentication backend, with a few changes to the normal Kopano install process. I changed “olcAttributeTypes” to “attributetypes” and “olcObjectClasses” to “objectclasses” in the example ldif file. I also changed the dn of the schema to the correct location for 389ds (i think):
dn: cn=schema objectclass: top objectclass: ldapSubentry objectclass: subschema
This is the file I ended up using: https://pastebin.com/TA7GRUkD Lastly, instead of using ldapadd or ldapmodify, I placed the kopano99.ldif file in /etc/dirsrv/slapd-INSTANCE/schema/ and restarted the service.
As it stands now, I can see all the new objectclasses and attributes in the schema, and Kopano seems to be reading them correctly. To get Postfix to read the correct addresses/groups/aliases, use the Active Directory style configuration in your /etc/postfix/ldap*.cf config files (as seen in the wiki). Ex ldap-users.cf:
server_host = ldap://_server_ search_base = cn=users,cn=accounts,dc=base,dc=domain,dc=com version = 3 scope = sub bind = yes bind_dn = uid=binduser,cn=users,cn=accounts,dc=base,dc=domain,dc=com bind_pw = binduserpass #query_filter = (uid=%s) query_filter = (&(objectClass=posixaccount)(mail=%s)) result_attribute = mail
The default user objectclasses, like “kopano-user” can be added in the FreeIPA web UI, under IPA Server -> Configuration. For the rest of the objectclasses and attribute types, I use phpLDAPAdmin to manage the accounts after they have been created in FreeIPA. It’s important that the accounts are first created in FreeIPA, so that the appropriate attributes are created.
Eventually, I would like to create a Web UI and CLI plugin for FreeIPA that would allow for the editing of these attributes and objectclasses directly within the FreeIPA Web UI and console.