- Setup
- What should I use as base for ldap?
- If I want to use a second domain, does this change the above question?
- Is it Ok to change data via a LDAP client?
- Whats the best way to define aliases? is there a ox way or is done only by the mta?
- Where can I find a list of all options I can use for adduser_ox and changeuserattr_ox?
- How can I change the password of an user?
- sqwebmail doesn't work on the same vhost on which ox webmail runs
- I want to connect to the ldap server with my ldap client, but id doesn't work
- My external mailserver requires a full loginname with user+domain part
- Client
- Groupware : filespool trash
Setup
What should I use as base for ldap?
For the test system i used: dc=ox,dc=example,dc=at. But I can't say why its good or bad. Would be dc=example,dc=at or dc=example alone be better?
Short answer
Totally up to you, the choice of base for your LDAP tree is completely independent of OX and whatever makes the most sense for your organization.
Longer answer
both are fine technically and according to RFC 2247.
do you think it's possible some other DSA might be installed in the future that might collide with this one?
if it's likely that the DSA you're using for OX will be the only (or rather the authoritative) one (in your oraganization) I would use just "dc=hitt,dc=at" (you'll probably have an ou=OxObjects container in there anyway unless you change things yourself).
If I want to use a second domain, does this change the above question?
where do I need to define that domain, only in adduser_ox and in the mta settings?
Answer
since (at least with OpenLDAP) there can be only one basedn per database: no. while you could have several databases in your DSA I don't expect OX to handle this.
Is it Ok to change data via a LDAP client?
I took a look at luma as ldap client. Is it save to change stuff in the ldap or is that bad because the data is also stored somewhere else? Which data is save to change only in ldap
Answer
this depends on what you're changing. there's data that's stored in both (the RDBMS and the DSA) and there's data that's only stored in the DSA, so use this approach with caution.
FIXME: Exact list which is save to change.
Whats the best way to define aliases? is there a ox way or is done only by the mta?
Answer
one could have a look at the way the OX admin interface does this.You'd want to do this at the mta level in an aliases file or lookup table. Some mta's can pull this info from LDAP, but you may be fine with a flat file like /etc/aliases
see pages 136ff in this sample chapter from the O'Reilly LDAP System Administration book (which I don't really recommend, btw) for a start: http://www.oreilly.com/catalog/ldapsa/chapter/ch07.pdf
Where can I find a list of all options I can use for adduser_ox and changeuserattr_ox?
both. adduser_ox is somewhat ok documented but changeuserattr_ox is not.
# changeuserattr_ox -h
Usage: /usr/sbin/changeuserattr_ox [Options]
Options:
--username=NAME The Username - eg. john
--attrib=NAME The Attribute - eg. givenName
--value=VALUE The new Value of the Attribute - eg.
Miller
--file=FILE If given, custom ldif File is used for
modifying! - eg. /home/f00/bar.ldif
See ldapmodify for Details!
can I only manipulate attributes which are also setable in the adduser_ox or are there some additional?
Answer
last time I checked these shell scripts are just wrappers around the openldap command client tools. there's nothing special to them.
-
regarding the semantic of these values (e.g. maildomain) someone who
actually uses these should give some insight.
FIXME: please add list
How can I change the password of an user?
with the *_ox command line tools? should I use/install resetuserpasswd_ox? is it save to change it with an ldap client like luma?
Answer
don't know about these OX tools but changing passwords with *anything* (ldapmodify, luma, gq, lat, web2ldap, etc.) should be fine as long as the used hashes are supported all components. note that RFC 2256 says:
5.36. userPassword Passwords are stored using an Octet String syntax and are not encrypted.
so there is no standard wrt mandatory-to-implement support for hashed passwords with LDAP, AFAIK.
sqwebmail doesn't work on the same vhost on which ox webmail runs
To be able to change easily the filters in the courier maildrop (e.g. autoresponses) we're using sqwebmail. The problem now is that it can't handle the extra long HTTP_COOKIES which the ox webstuff creates (> 4096 byte, which is the hardcoded limit of the sqwebmail).
Answer
I've now written a small script which removes that cookies.
1 2 3 4 5 6 7 8 9 10 11 12 | #!/usr/bin/python
# Written by Robert Penz <robert.penz@hitt.at> under the GPL
import os
print "Content-type: text/html\n\n"
output = ""
for cookieRaw in os.environ.get("HTTP_COOKIE", "").split(";"):
cookie = cookieRaw.strip()
if not cookie.startswith("open-xchange"):
output += cookie + "; "
os.environ["HTTP_COOKIE"] = output[:-2]
os.execl("/usr/lib/cgi-bin/sqwebmail","sqwebmail") |
I want to connect to the ldap server with my ldap client, but id doesn't work
Answer
Make sure you're using a valid username like: cn=admin,dc=example,dc=org and not only admin.
My external mailserver requires a full loginname with user+domain part
Answer
Actually you have two ways to accomplish this.Using full loginnames in OX
You can use fullloginnames in OX, so they mach the mailserver logins.$OXINSTALL/sbin/adduser_ox --username=myuser@mydomain.com --passwd=secret --name=Nombre --sname=Apel --maildomain=mydomain.com
After that, mail attributed is setted to 'myuser@mydomain.com@mydomain.com', so to fix that:
$OXINSTALL/sbin/changeuserattr_ox --username=myuser@mydomain.com --attrib=mail --value=myuser@mydomain.com
