1

Topic: Global Address Book / LDAP backend

Hi folks,

I installed the up to date version of irm (as of today, 2009/09/05). So far all seems to work fine. I have a question about the global address book with the LDAP backend though.

In roundcube, when I use my user which has been created upon installing IRM, this user is in the global address book automatically. I log into roundcube with that user name and his password. Then I want to create new contacts which works fine for the personal address book of this user. However, how do I add users to the global address book?

I reckon every user should be able to add/delete contacts to/from the global address book no? Well, I don't see this here with my install i.e. the normal user (NOT postmaster@example.com) created during install can not add/delete users to/from the global address book. What am I missing?

Logging into roundcube via postmaster@example.com does not work. Is this correct? Or is my current install broken?

2 (edited by Suno Ano 2009-09-06 15:29:06)

Re: Global Address Book / LDAP backend

- roundcube seems to have plans for global (per domain) address books too http://trac.roundcube.net/ticket/1442732
- there also seems to be a plan for LDAP integration http://trac.roundcube.net/ticket/1484704 already

3

Re: Global Address Book / LDAP backend

Suno Ano wrote:

However, how do I add users to the global address book?

Roundcube supports writing contact info into LDAP address book, but iRedMail uses LDAP as a public LDAP address, not writeable. Of course you can try to make it writeable. But users can create new contacts in there own (SQL) address book.

In iRedMail, all users with 'enabledService=displayedInGlobalAddressBook' will appears while you type address in roundcube.

I reckon every user should be able to add/delete contacts to/from the global address book no? Well, I don't see this here with my install i.e. the normal user (NOT postmaster@example.com) created during install can not add/delete users to/from the global address book. What am I missing?

Logging into roundcube via postmaster@example.com does not work. Is this correct? Or is my current install broken?

It's correct.

postmaster@example.com is *NOT* a mail user, this is notificed during iRedMail installation and in iRedMail.tips file.

4

Re: Global Address Book / LDAP backend

Suno Ano wrote:

- roundcube seems to have plans for global (per domain) address books too http://trac.roundcube.net/ticket/1442732
- there also seems to be a plan for LDAP integration http://trac.roundcube.net/ticket/1484704 already

- iRedMail already config roundcube to have per-domain global address book in iRedMail-0.5.0.
- Of course you can config roundcube to have a writeable ldap address book.

5

Re: Global Address Book / LDAP backend

ZhangHuangbin wrote:

- iRedMail already config roundcube to have per-domain global address book in iRedMail-0.5.0.

Which means every user (e.g. user1@foo.com, user2@foo.com, ...) within the domainspace of foo.com shows up in this global address book automatically yes? Adding to this global address book however is not possible; a user only sees all other users within his domain e.g. foo.com.

Hmm ... ok, well, as I think about it, maybe it's good as it is i.e. making the global address book writeable by users isn't a good idea since right now you have the guarantee that every user within domain foo.com sees any other user within foo.com but no one else is listed in the global address book. Yes, sounds sane smile

6

Re: Global Address Book / LDAP backend

Suno Ano wrote:
ZhangHuangbin wrote:

- iRedMail already config roundcube to have per-domain global address book in iRedMail-0.5.0.

Which means every user (e.g. user1@foo.com, user2@foo.com, ...) within the domainspace of foo.com shows up in this global address book automatically yes? Adding to this global address book however is not possible; a user only sees all other users within his domain e.g. foo.com.

Hmm ... ok, well, as I think about it, maybe it's good as it is i.e. making the global address book writeable by users isn't a good idea since right now you have the guarantee that every user within domain foo.com sees any other user within foo.com but no one else is listed in the global address book. Yes, sounds sane smile

just like microsoft exchange, the user only can see the doumain user ,

and the user can not add the contact to AD and the address book.

maybe have the second global address book, include all the useful contacts of company.

the global address book was maintain by admin.

7

Re: Global Address Book / LDAP backend

You can use ONE LDAP server, but configure two LDAP address book with different LDAP basedn in Roundcube, one is read-only, another one is writeable.

8

Re: Global Address Book / LDAP backend

Here is what i've done.
I've now a per domain address book for external contacts too.

* First, you need to create an new ou=AddressBook for each domain
for example :
dn: ou=AddressBook,domainName=domain.tld,ou=organismes,dc=domain,dc=tld
objectClass: organizationalUnit
objectClass: top
ou: AddressBook

* Roundcube :
add at the end of main.inc.php

$rcmail_config['ldap_public']["external-address-book"] = array(
    'name'          => 'External Address Book',
    'hosts'         => array("127.0.0.1"),
    'port'          => 389,
    'use_tls'       => false,
    'user_specific' => true,
    'base_dn'       => "ou=AddressBook,domainName=%d,o=domains,dc=domain,dc=tld",
    'bind_dn'       => "mail=%u@%d,ou=Users,domainName=%d,o=domains,dc=domain,dc=tld",
    'writable'      => true,
    'LDAP_Object_Classes' => array("top","inetOrgPerson","organizationalPerson","person"),     'required_fields'     => array("cn", "sn", "mail"),     
    'LDAP_rdn'      => "mail",
    'ldap_version'  => "3",     
    'search_fields' => array('mail', 'cn', 'givenName', 'sn'),
    'name_field'    => 'cn',
    'email_field'   => 'mail',
    'surname_field' => 'sn',
    'firstname_field' => 'givenName',
    'sort'          => 'cn',
    'scope'         => 'sub',
    'filter'        => "(objectClass=inetOrgPerson)",
    'fuzzy_search'  => true);

and add "external-address-book" to $rcmail_config['autocomplete_addressbooks'] option

* Openldap
in /etc/openldap/slapd.conf

After ACL : access to dn="cn=vmail,dc=domain,dc=tld"...
Add :
access to dn.regex="ou=AddressBook,domainName=([^,]+),o=domains,dc=domain,dc=tld$"
    by anonymous                    auth
    by self                         write
    by dn.exact="cn=vmail,dc=domain,dc=tld"   read
    by dn.exact="cn=vmailadmin,dc=domain,dc=tld"  write
    by dn.regex="mail=[^,]+@$1,ou=domainAdmins,dc=domain,dc=tld$" write
    by dn.regex="mail=[^,]+@$1,ou=Users,domainName=$1,o=domains,dc=domain,dc=tld$" write
    by users                        none

service ldap restart

I may be wrong but it seems to work. (Please, tell me if i'm wrong)

9

Re: Global Address Book / LDAP backend

Hi, mael.

Per-domain global ldap address book is implemented in iRedMail-0.5.0.

In roundcube, you can find this in global address book config:

    // ---- Used to search accounts only in the same domain. ----
    'user_specific' => true, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login.
    'base_dn'       => "domainName=%d,o=domains,dc=iredmail,dc=org",
    'bind_dn'       => "mail=%u@%d,ou=Users,domainName=%d,o=domains,dc=iredmail,dc=org",

    ... SKIP SOME LINES HERE ...

    'filter'        => "(&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(&(objectClass=mailList)(hasMember=yes))(objectClass=mailAlias)(objectClass=mailUser)))", // Search mail users, lists, aliases.

Roundcube will use username and password of current login user to contact LDAP server.
And as you see in 'filter' setting, you can use 'enabledService=displayedInGlobalAddressBook' to control it.

10 (edited by mael 2009-10-08 00:03:18)

Re: Global Address Book / LDAP backend

I'm okay, and I use this way of doing too for internal address book (everyone inside my organisations/per organisations)
I've added this other option for adding people/contacts outside my organisations(domains) like clients, providers, etc.

Two Address book are defined in roundcube main.inc.php

In this way, a contact is defined like this :

dn: mail=test1@test.fr,ou=AddressBook,domainName=domain.tld,o=domains,dc=domain,dc=tld
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: test1
sn: 1
givenName: test
mail: test1@test.fr

And can be added by roundcube interface and by each users.

Is it a good solution ?

11

Re: Global Address Book / LDAP backend

mael wrote:

Is it a good solution ?

Great idea and implementation smile
Thanks for your sharing.

12

Re: Global Address Book / LDAP backend

i tried to configure as written above but does not allow me to save what can be?

13

Re: Global Address Book / LDAP backend

Hi Folks,
How do i share Global Address book in MS. outlook and outlook express. Because in webmail (Roundcube) it works automatically, is it any way to share Global address book in ms outlook and outlook express. i have iredmail on centos 5.5