1 Topic by berezin

  • berezin
  • Member
  • Offline
  • Registered: 2015-08-11
  • Posts: 11

Topic: Round cube GlobalAdressBook

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.8.6
- Linux/BSD distribution name and version: Debian Lenny
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):Ldap
- Web server (Apache or Nginx):Apache
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====
What you need to do to global Address book in roundcube displays the contacts of all users of all virtual domains, not only the specific domain to which the user belongs.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,768

Re: Round cube GlobalAdressBook

Please update LDAP address book setting in Roundcube config file, use 'cn=vmail,dc=xx,dc=xx' as bind dn, and 'o=domains,dc=xx,dc=xx' as base dn, then you will get ALL users hosted on your server.

Sample:

$config['ldap_public']["global_ldap_abook"] = array(                           
    ...
    'user_specific' => false,
    'base_dn'       => 'o=domains,dc=xx,dc=xx',
    'bind_dn'       => 'cn=vmail,dc=xx,dc=xx',
    'bnid_pw'      => '[xxxx]',
    ...

Note: you can find values of base_dn, bind_dn and bind_pw in Postfix config file under /etc/postfix/ldap/.

3 Reply by berezin

  • berezin
  • Member
  • Offline
  • Registered: 2015-08-11
  • Posts: 11

Re: Round cube GlobalAdressBook

ZhangHuangbin wrote:

Please update LDAP address book setting in Roundcube config file, use 'cn=vmail,dc=xx,dc=xx' as bind dn, and 'o=domains,dc=xx,dc=xx' as base dn, then you will get ALL users hosted on your server.

Sample:

$config['ldap_public']["global_ldap_abook"] = array(                           
    ...
    'user_specific' => false,
    'base_dn'       => 'o=domains,dc=xx,dc=xx',
    'bind_dn'       => 'cn=vmail,dc=xx,dc=xx',
    'bnid_pw'      => '[xxxx]',
    ...

Note: you can find values of base_dn, bind_dn and bind_pw in Postfix config file under /etc/postfix/ldap/.


!!!!!!!
you described the solution I came up, the solution I came up

$config['ldap_public']["global_ldap_abook"] = array( 
'base_dn'       => 'o=domains,dc=xxx,dc=xx',
'bind_dn'       => 'mail=%u@%d,ou=Users,domainName=%d,o=domains,dc=xxx,dc=xx',

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,768

Re: Round cube GlobalAdressBook

user (mail=%u@%d,ou=Users,...) is allowed to query under its domain (domainName=xxx,o=domains,dc=xx,dc=xx), but it doesn't have permission to query the whole o=domains,dc=xx,dc=xx tree.

5 Reply by berezin

  • berezin
  • Member
  • Offline
  • Registered: 2015-08-11
  • Posts: 11

Re: Round cube GlobalAdressBook

I understand that perfectly, but it works that way and not differently. It is clear that cn=vmail is full of dash to the entire ldap tree for the virtual domains , but oddly enough works just as I described above I can send YOU the necessary configuration files to e-mail if YOU need it.

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,768

Re: Round cube GlobalAdressBook

I figured it out.

In /etc/ldap/slapd.conf, you can find ACL control like below (The ldap suffix dc=xx,dc=xx will be different on your server):

#                                                                               
# Grant correct privileges to vmail/vmailadmin.                                 
#                                                                               
access to dn.subtree="o=domains,dc=example,dc=com"                              
    by anonymous                    auth                                        
    by self                         write                                       
    by dn.exact="cn=vmail,dc=example,dc=com"    read                            
    by dn.exact="cn=vmailadmin,dc=example,dc=com"  write
    by dn.regex="mail=[^,]+,ou=Users,domainName=$1,o=domains,dc=example,dc=com" read
    by users                        none

We should remove this line in above ACL control:

    by dn.regex="mail=[^,]+,ou=Users,domainName=$1,o=domains,dc=example,dc=com" read

Then restart OpenLDAP service.