Subject: Re: Openldap &Openexchange install
To: <>
From: haad <haaaad@gmail.com>
List: tech-pkg
Date: 12/23/2005 23:09:36
This is a multi-part message in MIME format.
--------------020906070603040708050209
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
joerg@britannica.bec.de wrote:
> On Fri, Dec 23, 2005 at 02:45:57PM +0100, haad wrote:
>
>>But some week ago I try to use their ldif written for openldap2.3.11 and
>>got some errors for example with their OpenLDAPaci: structure.
>
>
> Please retry using the 2.3.4 schemata instead of the 2.3.11. Independent
> of whether that fixes the problem, please post the error, we might be
> able to fix it. I just don't have to time to work through the install
> guides myself, since I don't have any need for OpenExchange.
>
> Joerg
>
I attach to files first is initial ldif for creating starting ldap tree
for using in OX environment and second is sh script for adding users to
OX system .
When I try run OX on 2.3.11 I discovered few problems
1)on 2.3.4 dn is like this
dn: uid=mailadmin,ou=Users,ou=OxObjects,dc=blacksun,dnc=sk
on 2.3.11 dn is like this
dn: uid=mailadmin,ou=Users,ou=OxObjects,dc=blacksun,dc=sk
2)I have to recompile openldap with added
CONFIGURE_ARGS+= --enable-aci
after this which is not default OpenLDAPaci should work
3)2.3.4 OpenLDAPaci looks like this
OpenLDAPaci:1#entry#grant;r,w,s,c;cn,initials,mail,title,ou,l,birthday,description,\
street,postalcode,st,c,oxtimezone,homephone,mobile,pager,facsimiletelephonenumber\
,telephonenumber,labeleduri,jpegphoto,loginDestination,sn,givenname,;r,s,c;[all]#self#
in 2.3.11 this line don't work and I don't know why :( error code is this
slapadd -d 7 -vul init_ldap2.ldif
>>> dnPrettyNormal: <uid=mailadmin,ou=Users,ou=OxObjects,dc=blacksun,dc=sk>
<<< dnPrettyNormal:
<uid=mailadmin,ou=Users,ou=OxObjects,dc=blacksun,dc=sk>,
<uid=mailadmin,ou=users,ou=oxobjects,dc=blacksun,dc=sk>
str2entry: invalid value for attributeType OpenLDAPaci #0 (syntax
1.3.6.1.4.1.4203.666.2.1)
slapadd: could not parse entry (line=146)
but when I define permissions for every ellement of aci struct then
slapadd works fine .But I am sure that this is not best solution for my
problem
OpenLDAPaci:
1#entry#grant;r,s,c;initials;r,s,c;mail;r,s,c;title;r,s,c;ou;r,s,c;l;\
r,s,c;birthday;r,s,c;description;r,s,c;street;r,s,c;postalcode;r,s,c;st\
;r,s,c;c;r,s,c;oxtimezone;r,s,c;homephone;r,s,c;mobile;r,s,c;pager\
;r,s,c;facsimiletelephonenumber;r,s,c;telephonenumber;r,s,c;labeleduri\
;r,s,c;jpegphoto;r,s,c;loginDestination;r,s,c;sn;r,s,c;givenname;r,s,c;[all]#self#
any suggestions ??
regards
Cheers
P.S
Merry Christmas for all ;)(I know that this is not correct mailing list
for this)
- --
Adam Hamsik
tel.c 0904 937 495
ICQ 249727910
jabber haad@jabber.org
- --------------------------------------------------------------
There are 10 kinds of people in the world. Those who understand
binary numbers, and those who don't.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (NetBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDrHWg9Wt2FT7y228RAmo/AKCjJsMiRQFSBOEi29giI9xD64PcQgCgmJ3l
5uNqGqqFA+7mOKX1flLp+Ow=
=BMo0
-----END PGP SIGNATURE-----
--------------020906070603040708050209
Content-Type: text/plain;
name="init_ldap.ldif"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="init_ldap.ldif"
dn: dc=blacksun,dnc=sk
objectClass: dcObject
objectClass: organization
dc: blacksun
o: Blacksun networks
dn: ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: organizationalUnit
ou: OxObjects
dn: ou=Users,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: organizationalUnit
ou: Users
dn: ou=Groups,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: organizationalUnit
ou: Groups
dn: ou=ResourceObjects,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: organizationalUnit
ou: ResourceObjects
dn: ou=ResourceGroups,ou=ResourceObjects,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: organizationalUnit
ou: ResourceGroups
dn: ou=Resources,ou=ResourceObjects,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: organizationalUnit
ou: Resources
dn: ou=AdminObjects,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: organizationalUnit
ou: AdminObjects
dn: ou=SMTPObjects,ou=AdminObjects,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: organizationalUnit
ou: SMTPObjects
dn: ou=DNSObjects,ou=AdminObjects,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: organizationalUnit
ou: DNSObjects
dn: o=AddressBook,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: organization
o: AddressBook
dn: cn=AddressAdmins,o=AddressBook,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: groupOfNames
cn: AddressAdmins
member: uid=mailadmin,ou=Users,ou=OxObjects,dc=blacksun,dnc=sk
dn: cn=users,ou=Groups,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: posixGroup
cn: users
gidNumber: 500
dn: cn=OXSMTPAdmins,ou=Administration,ou=Groups,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: groupOfNames
member: uid=mailadmin,ou=Users,ou=OxObjects,dc=blacksun,dnc=sk
cn: OXSMTPAdmins
dn: cn=OXUserAdmins,ou=Administration,ou=Groups,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: groupOfNames
member: uid=mailadmin,ou=Users,ou=OxObjects,dc=blacksun,dnc=sk
cn: OXUserAdmins
dn: cn=OXGroupAdmins,ou=Administration,ou=Groups,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: groupOfNames
cn: OXGroupAdmins
member: uid=mailadmin,ou=Users,ou=OxObjects,dc=blacksun,dnc=sk
dn: cn=OXDNSAdmins,ou=Administration,ou=Groups,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: groupOfNames
cn: OXDNSAdmins
member: uid=mailadmin,ou=Users,ou=OxObjects,dc=blacksun,dnc=sk
dn: cn=OXResourceAdmins,ou=Administration,ou=Groups,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: groupOfNames
cn: OXResourceAdmins
member: uid=mailadmin,ou=Users,ou=OxObjects,dc=blacksun,dnc=sk
dn: cn=OXIMAPAdmins,ou=Administration,ou=Groups,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: groupOfNames
member: uid=mailadmin,ou=Users,ou=OxObjects,dc=blacksun,dnc=sk
cn: OXIMAPAdmins
dn: ou=Administration,ou=Groups,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: organizationalUnit
ou: Administration
dn: uid=mailadmin,ou=Users,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: shadowAccount
objectClass: posixAccount
objectClass: person
objectClass: inetOrgPerson
objectClass: OXUserObject
OpenLDAPaci: 1#entry#grant;r,w,s,c;cn,initials,mail,title,ou,l,birthday,description,street,postalcode,st,c,oxtimezone,homephone,mobile,pager,facsimiletelephonenumber,telephonenumber,labeleduri,jpegphoto,loginDestination,sn,givenname,;r,s,c;[all]#self#
uidNumber: 501
homeDirectory: /home/mailadmin/
loginShell: /bin/bash
mailEnabled: OK
gidNumber: 500
mailDomain: blacksun.sk
ou: Administration
uid: mailadmin
sn: Admin
preferredLanguage: EN
mail: mailadmin@blacksun.sk
o: Blacksun networks
smtpServer: localhost
imapServer: localhost
alias: postmaster@blacksun.sk
alias: root@blacksun.sk
givenName: Admin
cn: Admin Admin
shadowMin: 0
shadowMax: 9999
shadowWarning: 7
shadowExpire: 0
userPassword: secret
OXAppointmentDays: 5
OXGroupID: 500
OXTaskDays: 5
OXTimeZone: Europe/Berlin
dn: ou=addr,uid=mailadmin,ou=Users,ou=OxObjects,dc=blacksun,dnc=sk
ou: addr
objectClass: top
objectClass: organizationalUnit
dn: ou=MailTransports,ou=SMTPObjects,ou=AdminObjects,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: organizationalUnit
ou: MailTransports
dn: smtpDomain=blacksun.sk,ou=MailTransports,ou=SMTPObjects,ou=AdminObjects,ou=OxObjects,dc=blacksun,dnc=sk
smtpDomainTransportNexthop: smtp:192.168.32.134
smtpDomain: blacksun.sk
objectClass: top
objectClass: OXMailTransportObject
cn: example transport map entry
dn: ou=AvailableServers,ou=AdminObjects,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: organizationalUnit
ou: AvailableServers
description: List of available Servers for OX
dn: ou=directoryServer,ou=AvailableServers,ou=AdminObjects,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: organizationalUnit
ou: directoryServer
dn: ou=webmailServer,ou=AvailableServers,ou=AdminObjects,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: organizationalUnit
ou: webmailServer
dn: ou=smtpServer,ou=AvailableServers,ou=AdminObjects,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: organizationalUnit
ou: smtpServer
dn: ou=SharedFolder,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: organizationalUnit
ou: SharedFolder
dn: ou=imapServer,ou=AvailableServers,ou=AdminObjects,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: organizationalUnit
ou: imapServer
dn: domainName=blacksun.sk,ou=DNSObjects,ou=AdminObjects,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: OXVDomainObject
MTALocaldomain: TRUE
domainName: blacksun.sk
dn: ou=groupwareServer,ou=AvailableServers,ou=AdminObjects,ou=OxObjects,dc=blacksun,dnc=sk
objectClass: top
objectClass: organizationalUnit
ou: groupwareServer
--------------020906070603040708050209
Content-Type: text/plain;
name="adduser_ox"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="adduser_ox"
#!/usr/pkg/bin/bash -v
#
# (c) 2004-2100 ;)
# Author: cutmasta AT netline-is D0T de
#
#
# This Script adds a OXLDAP User and creates the rights profile in the DB!
#
#
# GLOBAL CONFIGFILE
prefix=/usr/pkg/OX/openexchange
exec_prefix=${prefix}
GLOBAL_CONF="${prefix}/etc/admintools.conf"
if [ -f $GLOBAL_CONF ]
then
. $GLOBAL_CONF
else
echo "Config File $GLOBAL_CONF not found."
exit 0
fi
if [ $UID != 0 ]
then
echo "Execute as root...or make sure slappasswd is in PATH"
exit 0
fi
ac_prev=
for ac_option
do
if test -n "$ac_prev"; then
eval "$ac_prev=\$ac_option"
ac_prev=
continue
fi
case "$ac_option" in
-*=*) ac_optarg=`echo "$ac_option" | $SED_BIN 's/[-_a-zA-Z0-9]*=//'` ;;
*) ac_optarg= ;;
esac
case "$ac_option" in
--username)
ac_prev=username ;;
--username=*)
USERNAME=$ac_optarg ;;
--passwd)
ac_prev=passwd ;;
--passwd=*)
USR_PASS=$ac_optarg ;;
--name)
ac_prev=name ;;
--name=*)
NAME=$ac_optarg ;;
--sname)
ac_prev=sname ;;
--sname=*)
SNAME=$ac_optarg ;;
--maildomain)
ac_prev=maildomain ;;
--maildomain=*)
MAILDOMAIN=$ac_optarg ;;
--shell)
ac_prev=shell ;;
--shell=*)
USR_SHELL=$ac_optarg ;;
--lang)
ac_prev=lang ;;
--lang=*)
PREF_LANG=$ac_optarg ;;
--mail_enabled)
ac_prev=mail_enabled ;;
--mail_enabled=*)
MAIL_ENAB=$ac_optarg ;;
--inetmail)
ac_prev=inetmail ;;
--inetmail=*)
INET_MAIL=$ac_optarg ;;
--ox_appointment_days)
ac_prev=ox_appointment_days ;;
--ox_appointment_days=*)
OX_APP_DAYS=$ac_optarg ;;
--ox_task_days)
ac_prev=ox_task_days ;;
--ox_task_days=*)
OX_TASK_DAYS=$ac_optarg ;;
--ox_timezone)
ac_prev=ox_timezone ;;
--ox_timezone=*)
OX_TZ=$ac_optarg ;;
--write_global_address)
ac_prev=write_global_address ;;
--write_global_address=*)
WRITE_GLOBAL_ADDR=$ac_optarg ;;
-help | --help | -? | --?)
cat <<EOF
Usage: $0 [Options]
Options:
--username=NAME The new Username - eg. john
--passwd=NAME Password for the new User - eg. secret
--name=NAME The Name of the User - eg. John
--sname=NAME The Surename of the new User - eg. Doe
--maildomain=NAME Your Maildomain (company.org)
--shell=FILE The Shell for the User - eg. /bin/bash/
--lang=NAME Language of the User - eg. EN
--mail_enabled=VALUE Is Mail enabled - eg. OK
--inetmail=BOOL User allowed to send Mail to the Internet - eg. TRUE
--ox_appointment_days=NUMBER How much days should appointments displayed - eg. 5
--ox_task_days=NUMBER How much days should tasks displays - eg. 5
--ox_timezone=NAM Which Timezone for the User - eg. Europe/Berlin
--write_global_address=BOOL User allowed to write in the Global Addressbook - eg. TRUE
EOF
exit 0
;;
*)
echo "Unknown command $ac_option"
echo "Try $0 --help"
exit 1
;;
esac
done
ERROR=
if [ "$USERNAME" = "" ]
then
ERROR="y"
echo "Specify an Username!"
fi
if [ "$USR_PASS" = "" ]
then
ERROR="y"
echo "Specify a Password!"
fi
if [ "$NAME" = "" ]
then
ERROR="y"
echo "Specify a Name!"
fi
if [ "$SNAME" = "" ]
then
ERROR="y"
echo "Specify a Surename!"
fi
if [ "$MAILDOMAIN" = "" ]
then
ERROR="y"
echo "Specify a Maildomain!"
fi
if [ "$OX_TZ" = "" ]
then
ERROR="y"
echo "Specify a Timezone for the User!"
fi
if [ "$USR_SHELL" = "" ]
then
USR_SHELL=$DEFAULT_USR_SHELL
fi
if [ "$PREF_LANG" = "" ]
then
PREF_LANG=$DEFAULT_PREF_LANG
fi
if [ "$MAIL_ENAB" = "" ]
then
MAIL_ENAB=$DEFAULT_MAIL_ENAB
fi
if [ "$INET_MAIL" = "" ]
then
INET_MAIL=$DEFAULT_INET_MAIL
fi
if [ "$OX_APP_DAYS" = "" ]
then
OX_APP_DAYS=$DEFAULT_OX_APP_DAYS
fi
if [ "$OX_TASK_DAYS" = "" ]
then
OX_TASK_DAYS=$DEFAULT_OX_TASK_DAYS
fi
if [ "$WRITE_GLOBAL_ADDR" = "" ]
then
WRITE_GLOBAL_ADDR=$DEFAULT_WRITE_GLOBAL_ADDR
fi
if [ "$ERROR" = "y" ]
then
echo "Please provide all needed Parameters!"
echo "Try $0 --help"
exit 0 ;
fi
### CONVERT TO LOWER CASE IF CHOOSEN ###
CASE_IGNORE=`echo $CASE_IGNORE | tr 'A-Z' 'a-z'`
if [ "$CASE_IGNORE" = "yes" ]
then
USERNAME=`echo $USERNAME | tr 'A-Z' 'a-z'`
fi
########################################
CRYPTPASS=`slappasswd -h {crypt} -s $USR_PASS`
#CRYPTPASS=`perl -e 'print crypt($USR_PASS, pack("C2",(int(rand 26)+65),(int(rand 26)+65)));'`
CURRENT_UID=`$LDAPSEARCH_BIN -h $LDAPHOST -D $BINDDN -w $BINDPW -x -b $USER_BASEDN "(uid=*)" uidNumber | $GREP_BIN uidNumber | $SED_BIN -e 's/^uidNumber://' | $SORT_BIN -nr | $HEAD_BIN -n 1 | $AWK_BIN {'print $1'}`
if [ "$CURRENT_UID" = "#" ]
then
CURRENT_UID=$MIN_UID
else
CURRENT_UID=`$EXPR_BIN $CURRENT_UID + 1`
fi
echo "dn: uid=$USERNAME,$USER_BASEDN" > $TMPDIF
echo "objectClass: top" >> $TMPDIF
echo "objectClass: shadowAccount" >> $TMPDIF
echo "objectClass: posixAccount" >> $TMPDIF
echo "objectClass: person" >> $TMPDIF
echo "objectClass: inetOrgPerson" >> $TMPDIF
echo "objectClass: OXUserObject" >> $TMPDIF
#echo "OpenLDAPaci: 1#entry#grant;r,w,s,c;cn,initials,mail,title,ou,l,birthday,description,street,postalcode,st,c,oxtimezone,homephone,mobile,pager,facsimiletelephonenumber,telephonenumber,labeleduri,jpegphoto,loginDestination,sn,givenname,;r,s,c;[all]#self#" >> $TMPDIF
echo "uid: $USERNAME" >> $TMPDIF
#echo "userPassword: {CRYPT}$CRYPTPASS" >> $TMPDIF
echo "userPassword: $CRYPTPASS" >> $TMPDIF
echo "shadowMin: $SHADOW_MIN" >> $TMPDIF
echo "shadowMax: $SHADOW_MAX" >> $TMPDIF
echo "shadowWarning: $SHADOW_WARN" >> $TMPDIF
echo "shadowExpire: $SHADOW_EXPIRE" >> $TMPDIF
echo "description: $USERNAME" >> $TMPDIF
echo "cn: $NAME $SNAME" >> $TMPDIF
echo "uidNumber: $CURRENT_UID" >> $TMPDIF
echo "gidNumber: $STD_GID" >> $TMPDIF
echo "homeDirectory: $HOME_DIR$USERNAME/" >> $TMPDIF
echo "loginShell: $USR_SHELL" >> $TMPDIF
echo "sn: $SNAME" >> $TMPDIF
echo "givenName: $NAME" >> $TMPDIF
echo "mail: $USERNAME@$MAILDOMAIN" >> $TMPDIF
echo "mailDomain: $MAILDOMAIN" >> $TMPDIF
#for ALIAS in $ALIASE; do
# echo "alias: $ALIAS" >> $TMPDIF
#done
echo "o: $ORGA" >> $TMPDIF
echo "preferredLanguage: $PREF_LANG" >> $TMPDIF
echo "userCountry: Tuxworld" >> $TMPDIF
echo "mailEnabled: $MAIL_ENAB" >> $TMPDIF
echo "lnetMailAccess: $INET_MAIL" >> $TMPDIF
echo "OXAppointmentDays: $OX_APP_DAYS" >> $TMPDIF
echo "OXGroupID: $STD_GID" >> $TMPDIF
echo "OXTaskDays: $OX_TASK_DAYS" >> $TMPDIF
echo "OXTimeZone: $OX_TZ" >> $TMPDIF
LDAP_INSERT=`$LDAPADD_BIN -h $LDAPHOST -x -D $BINDDN -f $TMPDIF -w $BINDPW 2>&1 | $GREP_BIN ldap_add | $AWK_BIN -F'(' {'print $2'} | $AWK_BIN -F')' {'print $1'}`
rm $TMPDIF
echo "dn: ou=addr,uid=$USERNAME,$USER_BASEDN" > $TMPDIF
echo "ou: addr" >> $TMPDIF
echo "objectClass: top" >> $TMPDIF
echo "objectClass: organizationalUnit" >> $TMPDIF
LDAP_INSERT_ADR=`$LDAPADD_BIN -h $LDAPHOST -x -D $BINDDN -f $TMPDIF -w $BINDPW 2>&1 | $GREP_BIN ldap_add | $AWK_BIN -F'(' {'print $2'} | $AWK_BIN -F')' {'print $1'}`
rm $TMPDIF
if [ "$WRITE_GLOBAL_ADDR" = "TRUE" ]
then
echo "dn: $GLOBAL_ADDRESSBOOK_ADMINSDN" > $TMPDIF
echo "changetype: modify" >> $TMPDIF
echo "add: member" >> $TMPDIF
echo "member: uid=$USERNAME,$USER_BASEDN" >> $TMPDIF
LDAP_INSERT_ADDRESSADMIN=`$LDAPMODIFY_BIN -h $LDAPHOST -x -D $BINDDN -f $TMPDIF -w $BINDPW 2>&1 | $GREP_BIN ldap_modify | $AWK_BIN -F'(' {'print $2'} | $AWK_BIN -F')' {'print $1'}`
rm $TMPDIF
fi
esc=`echo -en "\033"`
warn="${esc}[1;31m"
done="${esc}[1;32m"
info="${esc}[1;33m"
case "$LDAP_INSERT" in
"")
echo "${done}LDAP Success"
SQL_INSERT=`/usr/pkg/OX/openexchange/sbin/addusersql_ox --username=$USERNAME --lang=$PREF_LANG`
if [ "$SQL_INSERT" = "INSERT" ]
then
echo "${done}SQL Success"
else
echo "${warn}SQL Error"
echo "${warn}Deleting User from LDAP"
LDAP_DELETE=`$LDAPDELETE_BIN -h $LDAPHOST -x -D $BINDDN -w $BINDPW "ou=addr,uid=$USERNAME,$USER_BASEDN"`
LDAP_DELETE=`$LDAPDELETE_BIN -h $LDAPHOST -x -D $BINDDN -w $BINDPW "uid=$USERNAME,$USER_BASEDN"`
exit 0
fi
;;
21)
echo "${warn}invalid per syntax"
;;
34)
echo "${warn}invalid DN"
;;
68)
echo "${info}entry Already exists!"
;;
*)
echo "${warn}Undefined ERROR - LDAP CODE $LDAP_INSERT"
echo "${warn}See LDAP Log for Details!"
esac
echo -en "${esc}[m\017"
echo -n ""
--------------020906070603040708050209--