1 Topic by martin.blom (edited by martin.blom 2015-02-16 23:45:26)

  • martin.blom
  • Member
  • Offline
  • Registered: 2014-04-28
  • Posts: 15

Topic: LDAP (posixAccount) User Creation

==== Required information ====
- iRedMail version: 0.9.0
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: Debian 7
- Related log if you're reporting an issue:
====

I am trying to connect our EMC Isilon storage to the iRedMail LDAP database for user authentication.

This didn't work as expected, so I talked to EMC support who explained that all users need to have an "objectClass: posixAccount" attribute, for the Isilon to recognize them.

I have an .ldif file with all our users, exported from our old LDAP (OD on OS X 10.6 Server). I tried to just add the "objectClass: posixAccount" line for every user in the file, but when I run 'slapadd' on the ldif it complains that: "object class 'posixAccount' requires attribute 'uidNumber'". I guess it will also need a 'gidNumber' for it to work.

'uidNumber' and 'gidNumber' have to be unique I'm sure? So, now my question is:

* How do I add my users (ca. 250) to iRedMail's LDAP, including the extra objectClass, uidNumber and gidNumber (with uid, and gid being unique)?

* And, how do I make sure that when I add new users with iRedAdmin-Pro, after the initial import, they get an 'objectClass:posixAccount' and a unique 'uidNumber' and 'gidNumber'?

I'm new at LDAP and scripting, so it's not easy for me to do this without help;

If it's too big a task, my company is willing to pay for a solution (code/script) made by you, ZhangHuangbin.

Thanks,
Martin

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by martin.blom

  • martin.blom
  • Member
  • Offline
  • Registered: 2014-04-28
  • Posts: 15

Re: LDAP (posixAccount) User Creation

ZhangHuangbin,

I really need your help on this, please.

As iRedMail is our main user directory, we really need the Isilon to be able to read users/groups from the LDAP.

I think we need some extra objectClass attributes for it to work (posixAccount and posixGroup).

I have looked at 'iredldif.py' but I'm not sure how to modify it, to make it work.

Again, we are willing to pay you for your time, if needed.

Thanks

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: LDAP (posixAccount) User Creation

Dear Martin,

Sorry about the late reply, it's Chinese New Year here (just like Christmas in US / UK /...).

About your issue, I suggest you contact EMC support first, ask them whether it's able to set custom ldap query filter to query ldap server and return results. If it's ok, I think you don't need to add 'objectclass=posixaccount' for existing ldap users.

If objectclass=posixaccount is required, then we have to add it and other required ldap attribute/value pairs. This way, we need a little scripting skill to update existing ldap users, and we need to improve iRedAdmin-Pro to add required objectclass + attributes for new users automatically. 

It's hard to give more details without knowing your application settings, please contact me directly if you want: zhb _at_ iredmail.org

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: LDAP (posixAccount) User Creation

By the way, I'm available on BlackBerry Messenger if you use it too: pin:2BE0604F

5 Reply by martin.blom

  • martin.blom
  • Member
  • Offline
  • Registered: 2014-04-28
  • Posts: 15

Re: LDAP (posixAccount) User Creation

Thanks for the reply!

I will send you an email now.