Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Kopano LDAP schema usage with FreeIPA

    Kopano Groupware Core
    1
    1
    1151
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dcuser
      dcuser last edited by

      We would like to to use Kopano directly with FreeIPA-LDAP, but it looks as if you need to ask the FreeIPA people for reserving you attributeType-IDs for regularly importing a schema with new attributeTypes.

      I converted your schema from the source code , but I got errors with the token numbers when trying to import the attributeTypes.
      I can’t upload, so please take a look here: http://paste.ubuntu.com/24039244/

      The error is:

      ipa-ldap-updater --schema kopano_schema_attributes.ldif -d
....
ipa.ipaserver.install.ipa_ldap_updater.LDAPUpdater_NonUpgrade: DEBUG:   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_ldap_updater.py", line 138, in run
    ldapi=True) or modified
  File "/usr/lib/python2.7/site-packages/ipaserver/install/schemaupdate.py", line 128, in update_schema
    dn, new_schema = ldap.schema.subentry.urlfetch(filename)
  File "/usr/lib64/python2.7/site-packages/ldap/schema/subentry.py", line 494, in urlfetch
    parsed_sub_schema = ldap.schema.SubSchema(subschemasubentry_entry)
  File "/usr/lib64/python2.7/site-packages/ldap/schema/subentry.py", line 102, in __init__
    se_instance = se_class(attr_value)
  File "/usr/lib64/python2.7/site-packages/ldap/schema/models.py", line 59, in __init__
    d = extract_tokens(l,self.token_defaults)
  File "/usr/lib64/python2.7/site-packages/ldap/schema/tokenizer.py", line 56, in extract_tokens
    assert l[0].strip()=="(" and l[-1].strip()==")",ValueError(l)

ipa.ipaserver.install.ipa_ldap_updater.LDAPUpdater_NonUpgrade: DEBUG: The ipa-ldap-updater command failed, exception: AssertionError: ['(', '1.3.6.1.4.1.47732.1.1.1.1']
ipa.ipaserver.install.ipa_ldap_updater.LDAPUpdater_NonUpgrade: ERROR: Unexpected error - see /var/log/ipaupgrade.log for details:
AssertionError: ['(', '1.3.6.1.4.1.47732.1.1.1.1']
....

      In the code the AssertionError comes from the fact, that it is not a known_token., which guided me to here:

      http://www.freeipa.org/page/Schema_Handling
      and this chapter

      *OIDs

      The FreeIPA project have been assigned its own OID space under the original 389ds OID space. The FreeIPA toplevel OID is: 2.16.840.1.113730.3.8 If you plan to create new attributes and objectclasses please announce that on the development list and ask for assignment, with a full schema description if available. If you haven’t worked out the details of each new object but you know exactly how many you will need, you can get an allotment reserved too.*

      With the objectClasses it seems there was no problem, which is a little bit weird. It looks as if those IDs are used already.
      http://paste.ubuntu.com/24039276/

      As both are FLOSS-projects it should be easy to integrate the Kopano LDAP-schema to FreeIPA or provide an update.

      Greetings
      dcuser

      1 Reply Last reply Reply Quote 0
      • First post
        Last post