Groups from FreeIPA

MrManor

Hello

Playing around to get to know kopano I’v reached quite far in using FreeIPA as LDAP source for user management.

Now I have a small problem regarding group membership. In the example in the manual group membership is based on memberUid, but on in FreeIPA group membership is defined by the attribute member which contains a full dn

dn: cn=somegroup,cn=groups,cn=accounts,dc=int,dc=vink-slott,dc=dk
objectClass: ipausergroup
objectClass: nestedgroup
objectClass: nestedGroup
objectClass: posixgroup
objectClass: groupofnames
objectClass: ipantgroupattrs
objectClass: kopano-group
objectClass: groupOfNames
objectClass: ipaobject
objectClass: top
cn: somegroup
description:: Bla bla bla
gidNumber: *
ipaNTSecurityIdentifier: *
ipaUniqueID: *
member: uid=klaus,cn=users,cn=accounts,dc=int,dc=vink-slott,dc=dk
memberUid: klaus

The last line (memberUid ) is added manually as a workaround - I cant figure out how to configure ldap.cfg to make kopano read members based on the member attribute.

fbartels

Hello @MrManor ,

inside of your ldap.cfg you can customise how groups should be resolved and how groupmembers are resolved. you should apply customisations in /etc/kopano/ldap.cfg and can find the default values below /usr/share/kopano.

In your case you want to set:

# Optional, default = member
# Active directory: member
# LDAP: memberUid
ldap_groupmembers_attribute = member

# Optional, default = text
# Active directory: dn
# LDAP: text
ldap_groupmembers_attribute_type = dn

MrManor

Thank you @fbartels

I could have sworn I tried something like that yesterday, but I must have overlooked something. Today it works!

Also thanks for the pointer to commented cfg files with default values. They will make my tinkering easier.