Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Groups from FreeIPA

    Kopano Groupware Core
    2
    3
    1084
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • MrManor
      MrManor last edited by

      Hello

      Playing around to get to know kopano I’v reached quite far in using FreeIPA as LDAP source for user management.

      Now I have a small problem regarding group membership. In the example in the manual group membership is based on memberUid, but on in FreeIPA group membership is defined by the attribute member which contains a full dn

      dn: cn=somegroup,cn=groups,cn=accounts,dc=int,dc=vink-slott,dc=dk
      objectClass: ipausergroup
      objectClass: nestedgroup
      objectClass: nestedGroup
      objectClass: posixgroup
      objectClass: groupofnames
      objectClass: ipantgroupattrs
      objectClass: kopano-group
      objectClass: groupOfNames
      objectClass: ipaobject
      objectClass: top
      cn: somegroup
      description:: Bla bla bla
      gidNumber: *
      ipaNTSecurityIdentifier: *
      ipaUniqueID: *
      member: uid=klaus,cn=users,cn=accounts,dc=int,dc=vink-slott,dc=dk
      memberUid: klaus
      

      The last line (memberUid ) is added manually as a workaround - I cant figure out how to configure ldap.cfg to make kopano read members based on the member attribute.

      fbartels 1 Reply Last reply Reply Quote 0
      • fbartels
        fbartels Kopano @MrManor last edited by

        Hello @MrManor ,

        inside of your ldap.cfg you can customise how groups should be resolved and how groupmembers are resolved. you should apply customisations in /etc/kopano/ldap.cfg and can find the default values below /usr/share/kopano.

        In your case you want to set:

        # Optional, default = member
        # Active directory: member
        # LDAP: memberUid
        ldap_groupmembers_attribute = member
        
        # Optional, default = text
        # Active directory: dn
        # LDAP: text
        ldap_groupmembers_attribute_type = dn
        

        Regards Felix

        Resources:
        https://kopano.com/blog/how-to-get-kopano/
        https://documentation.kopano.io/
        https://kb.kopano.io/

        Support overview:
        https://kopano.com/support/

        MrManor 1 Reply Last reply Reply Quote 0
        • MrManor
          MrManor @fbartels last edited by

          Thank you @fbartels

          I could have sworn I tried something like that yesterday, but I must have overlooked something. Today it works!

          Also thanks for the pointer to commented cfg files with default values. They will make my tinkering easier.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post