1 Topic by slovenka

  • slovenka
  • Member
  • Offline
  • Registered: 2014-12-14
  • Posts: 51

Topic: Mass LDAP schema edit

==== Required information ====
- iRedMail version: 0.9.0
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Linux/BSD distribution name and version: CentOS
- Related log if you're reporting an issue:
====
Hello!
First let me say thank you for everything! Very very good peace of software! Thank you for your work!

We started to implement iRedMail LDAP everywhere, because email is our primary account. Now we want to do a step forward and edit/edit the LDAP schema so it will fit more integrations.

I already edited your script for adding attributes and object classes to LDAP upon creation. It works very well.

But now we want to update the object classes and add attributes to all the users in LDAP.

So I kindly ask you if you can share with us an example script for mass updating(edit, add) LDAP schema. You probably have some examples when you wrote the scripts for updating LDAP schema in the past.

I added schema into "schema" directory and included it into slapd config.

So for now I only add the following objects to the new users with a bash script (this is part of it, only ldapmodify:

ldapmodify -x -D "${BINDDN}" -w "${BINDPW}" <<EOF
dn: mail=${MAIL},${OU_USER_DN},${DOMAIN_DN},${BASE_DN}
changetype: modify
add: objectClass
objectClass: ownCloud
-
add: ownCloudQuota
ownCloudQuota: $QUOTA

So we need to add:
objectClass: ownCloud
ownCloudQuota: '10 G'

And one additional question. What is the timeline for iRedAdmin API (add, edit, etc)?

Oh btw, we wrote a script that creates the DKIM key and adds it into config. But the coding isn't the best, it's hacked up together, but it works. I will clean it a little bit and post it, maybe someone will help to improve it.

Thank you very much!
slovenka

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Mass LDAP schema edit

slovenka wrote:

So I kindly ask you if you can share with us an example script for mass updating(edit, add) LDAP schema. You probably have some examples when you wrote the scripts for updating LDAP schema in the past.

Check these scripts for example:
https://bitbucket.org/zhb/iredmail/src/ … at=default

slovenka wrote:

And one additional question. What is the timeline for iRedAdmin API (add, edit, etc)?

Please keep pushing me to offer API. And show me detailed APIs you want to see. Also, it's better to create an issue in iRedMail repo to track this request:
https://bitbucket.org/zhb/iredmail/issues

I'm refactoring iRedAdmin-Pro SQL editions, in the near future, i will merge iRedAdmin-Pro-MySQL and iRedAdmin-Pro-PGSQL to only one edition: iRedAdmin-Pro-SQL.

slovenka wrote:

Oh btw, we wrote a script that creates the DKIM key and adds it into config. But the coding isn't the best, it's hacked up together, but it works. I will clean it a little bit and post it, maybe someone will help to improve it.

Please don't hesitate to share it. maybe we can merge it into iRedMail or iRedAdmin-Pro.

By the way, i think a better way to manage mail accounts with your additional LDAP schema/attributes is to create a "plugin" in iRedAdmin-Pro. I'm willing to improve iRedAdmin-Pro to offer some kind of hooks to allow this customization, this way it's easier for you to maintain it. Just show me more (non-sensitive) info related to your customization as detailed as possible.

3 Reply by slovenka

  • slovenka
  • Member
  • Offline
  • Registered: 2014-12-14
  • Posts: 51

Re: Mass LDAP schema edit

Thank you very much for a quick reply!

The scripts helped very much. I was able to add ownCloud object class and quota attribute to all the users after some tweaking. So thank you very much for pointing that out smile I'm not a python developer, only a little bash and php, but the code was very clean, so there were no problems wink

I have some questions regarding the LDAP attributes:
-Can I add another attribute EnabledService: owncloud to all the users that I want so I can use it as a filter, without destroying anything in the logic behind iredmail?
-If yes, can I manipulate with the attribute EnabledService: owncloud through iRedAdmin (does it parses EnabledServices from ldap?) or would you need to add the check button and edit function to the control panel? I can manipulate it through bash but not everybody likes the console, they like to click, enable, apply smile

I will add the request for the API on the repo, so we will continue the api topic there

I will also open a topic on the forums regarding DKIM creation script

I will gather together all the info regarding the integrations and customizations and will update you very soon.

Thank you very much for now!

Greetings from Slovenia smile

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Mass LDAP schema edit

slovenka wrote:

-Can I add another attribute EnabledService: owncloud to all the users that I want so I can use it as a filter, without destroying anything in the logic behind iredmail?

It's safe to add NEW value for enabledService attribute. but please do NOT drop existing ones added by iRedMail & iRedAdmin.

slovenka wrote:

-If yes, can I manipulate with the attribute EnabledService: owncloud through iRedAdmin (does it parses EnabledServices from ldap?) or would you need to add the check button and edit function to the control panel? I can manipulate it through bash but not everybody likes the console, they like to click, enable, apply smile

With the latest iRedAdmin-Pro release, you can add a setting in iRedAdmin-Pro config file:

# it's ok to add as many service names as possible.
ADDITION_USER_SERVICES = ['ownCloud']

# Another sample: add vpn, ftp services
#ADDITION_USER_SERVICES = ['ownCloud', 'vpn', 'ftp']

After restarting Apache or uwsgi (if you're running Nginx) service, NEWLY created mail users will have "enabledService=ownCloud".

NOTE: i just realize the English word "ADDITION_" is incorrect, so the parameter name will be changed to 'ADDITIONAL_USER_SERVICES' in new iRedAdmin-Pro release. If you have old parameter in config file, upgrade script shipped in iRedAdmin-Pro (tools/upgrade_iredadmin.sh) will fix it automatically. So, you don't need to do anything, it's just a remind.

5 Reply by slovenka

  • slovenka
  • Member
  • Offline
  • Registered: 2014-12-14
  • Posts: 51

Re: Mass LDAP schema edit

Hello!
I changed your update script and added enableService: owncloud to all the users. The script was again very helpfull.
I added this entry to the iRedAdmin setings:
ADDITION_USER_SERVICES = ['owncloud']

Restarted uwsgi and nginx

And it works fine, the admin has an gui option to disable the owncloud service. This is very good! Thank you for implementing this. I didn't check if it creates the attribute when creating a user because I ran into some problems.
There is a bug I think.

When I uncheck the owncloud service (only this one, everything else is left as is) and hit apply, it deletes enableService: owncloud AND  enableService: indexer-worker
That is not good I guess. I put the indexer-worker back and deleted the owncloud by hand.

Probably something in the code?

Thank you very much for you answer

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Mass LDAP schema edit

slovenka wrote:

There is a bug I think.
When I uncheck the owncloud service (only this one, everything else is left as is) and hit apply, it deletes enableService: owncloud AND  enableService: indexer-worker
That is not good I guess. I put the indexer-worker back and deleted the owncloud by hand.

It's a bug.
Below patch fixes it:

diff -r 7986a00c0a30 templates/default/macros/ldap.html
--- a/templates/default/macros/ldap.html    Sun Mar 22 12:58:40 2015 +0800
+++ b/templates/default/macros/ldap.html    Sun Mar 22 16:03:58 2015 +0800
@@ -85,6 +85,7 @@
                 ('hidden', 'internal', ''),
                 ('hidden', 'doveadm', ''),
                 ('hidden', 'lib-storage', ''),
+                ('hidden', 'indexer-worker', ''),
                 ('checkbox', 'domainadmin', _('Mark as domain administrator')),
                 ('checkbox', 'smtp', _('Sending mails via SMTP')),
                 ('checkbox', 'smtpsecured', _('Sending mails via SMTP over TLS/SSL')),

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Mass LDAP schema edit

NOTE: the parameter name 'ADDITION_USER_SERVICES' will be replaced by 2 new parameters in new iRedAdmin-Pro release:

*) ADDITIONAL_ENABLED_USER_SERVICES
*) ADDITIONAL_DISABLED_USER_SERVICES

Comments:

*) both ADDITIONAL_ENABLED_USER_SERVICES, ADDITIONAL_DISABLED_USER_SERVICES
   are manageable in user profile page.
*) ADDITIONAL_ENABLED_USER_SERVICES will be added for newly created mail
   users automatically.
*) ADDITIONAL_DISABLED_USER_SERVICES won't be added for newly created mail
   users automatically, admin must go to user profile page to enable them
   for certain users.

For example, if you allow all users to use FTP service, you can set:

ADDITIONAL_ENABLED_USER_SERVICES = ['ftp']

But if you allow just few users to use ftp service, you should set below one instead, then go to user profile page of these allowed users to enable this service:

ADDITIONAL_DISABLED_USER_SERVICES = ['ftp']

If you have old parameter in config file, upgrade script shipped in iRedAdmin-Pro (tools/upgrade_iredadmin.sh) will fix it automatically. So, you don't need to do anything, it's just a remind.

8 Reply by slovenka

  • slovenka
  • Member
  • Offline
  • Registered: 2014-12-14
  • Posts: 51

Re: Mass LDAP schema edit

Thank you very much for the patch, it works great!

I'm looking forward to ADDITIONAL_DISABLED_USER_SERVICES, I was just thinking about this option when I was setting this up, if it would be possible to disabled additional services by default upon creation. 

One other question or better a suggestion. How about the possibility of setting the additional services global for the domain? So we could set default enable/disable states for additional services for the specific domain upon user creation.

Thank you very much!

9 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Mass LDAP schema edit

slovenka wrote:

How about the possibility of setting the additional services global for the domain? So we could set default enable/disable states for additional services for the specific domain upon user creation.

Do you mean make it a per-domain setting and stored in SQL/LDAP so that no need to touch config file?

10 Reply by slovenka

  • slovenka
  • Member
  • Offline
  • Registered: 2014-12-14
  • Posts: 51

Re: Mass LDAP schema edit

If that could be possible it would be great, but it's really not mandatory. There are things that are more necessary, like api, for which I will post a request on the bitbucket soon.

Thank you very much for now!
Greetings from Slovenia

11 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Mass LDAP schema edit

slovenka wrote:

There are things that are more necessary, like api, for which I will post a request on the bitbucket soon.

OK, i'm looking forward to your requests. smile