Addition/OpenLDAP/Personal LDAP Address Book

From iRedMail

Revision as of 18:30, 13 February 2011 by ZhangHuangbin (Talk | contribs)
Jump to: navigation, search

Contents


Summary

Per-user personal LDAP address book allow user to store their personal contacts in LDAP instead of MySQL.

Contact will have 4 LDAP attributes:

  • cn: Common name.
  • givenName: First name.
  • sn: Last name.
  • mail: Email address.

Only cn and mail are required.

Configure OpenLDAP

We need to modify OpenLDAP server setting, add a new access control to allow user add or update their personal contacts.

Open OpenLDAP config file slapd.conf, it could be one of below:

  • RHEL/CentOS/OpenSuSE: /etc/openldap/slapd.conf
  • Debian/Ubuntu: /etc/ldap/slapd.conf
  • FreeBSD: /usr/local/etc/openldap/slapd.conf

Find this line:

File: slapd.conf 
access to attrs="userPassword,mailForwardingAddress"

Then add below lines ABOVE it (NOTE: You must replace dc=iredmail,dc=org by your own LDAP suffix below):

File: slapd.conf 
access to dn.regex="cn=[^,]+,mail=([^,]+)@([^,]+),ou=Users,domainName=([^,]+),o=domains,dc=iredmail,dc=org$"
    by anonymous        none
    by self             none
    by dn.exact="cn=vmail,dc=iredmail,dc=org"   read
    by dn.exact="cn=vmailadmin,dc=iredmail,dc=org"  write
    by dn.regex="mail=$1@$2,ou=Users,domainName=$3,o=domains,dc=iredmail,dc=org$" write
    by users                        none

The final result looks like below:

File: slapd.conf 
access to dn.regex="cn=[^,]+,mail=([^,]+)@([^,]+),ou=Users,domainName=([^,]+),o=domains,dc=iredmail,dc=org$"
    by anonymous        none
    by self             none
    by dn.exact="cn=vmail,dc=iredmail,dc=org"   read
    by dn.exact="cn=vmailadmin,dc=iredmail,dc=org"  write
    by dn.regex="mail=$1@$2,ou=Users,domainName=$3,o=domains,dc=iredmail,dc=org$" write
    by users                        none

access to attrs="userPassword,mailForwardingAddress"
    [...SKIP OTHER LINES HERE...]

Restart OpenLDAP service to make it work.

Configure Roundcube Webmail

Open Roundcube webmail config file main.inc.php, it could be one of below:

  • RHEL/CentOS: /var/www/roundcubemail/config/main.inc.php
  • Debian/Ubuntu: /usr/share/apache2/roundcubemail/config/main.inc.php
  • OpenSuSE: /srv/www/roundcubemail/config/main.inc.php
  • FreeBSD: /usr/local/www/roundcubemail/main.inc.php

Add below lines before the last line ?> (NOTE: You must replace dc=iredmail,dc=org by your own LDAP suffix below):

File: main.inc.php 
$rcmail_config['ldap_public']['ldap_personal'] = array(
    'name'          => 'Personal LDAP Address Book',
    'hosts'         => array('127.0.0.1'),
    'port'          => 389,
    'use_tls'       => false,
    'user_specific' => true,
    'base_dn'       => 'mail=%u@%d,ou=Users,domainName=%d,o=domains,dc=iredmail,dc=org',
    'bind_dn'       => 'mail=%u@%d,ou=Users,domainName=%d,o=domains,dc=iredmail,dc=org',
    'writable'      => true,
    'LDAP_Object_Classes' => array('top', 'inetOrgPerson'),
    'required_fields'     => array('cn', 'mail'),
    'LDAP_rdn'      => 'cn',
    'ldap_version'  => '3',
    'search_fields' => array('mail', 'cn', 'givenName', 'sn'),
    'name_field'    => 'cn',
    'email_field'   => 'mail',
    'surname_field' => 'sn',
    'firstname_field' => 'givenName',
    'sort'          => 'cn',
    'scope'         => 'list',
    'filter'        => '(objectClass=inetOrgPerson)',
    'fuzzy_search'  => true);

Change default personal address book from sql to ldap in same file main.inc.php:

File: main.inc.php 
$rcmail_config['address_book_type'] = 'ldap';

Append ldap_personal in setting autocomplete_addressbooks, and remove sql:

File: main.inc.php 
$rcmail_config['autocomplete_addressbooks'] = array(..., 'ldap_personal');

Restarting apache is optional but strongly recommended.

Test

Note to iRedAdmin-Pro-LDAP customers

Retrieved from "http://www.iredmail.org/wiki/index.php?title=Addition/OpenLDAP/Personal_LDAP_Address_Book"
Personal tools