kolab3 migrate ldap to external server

Manel Gimeno Zaragozá magiza83 at hotmail.com
Thu Jun 13 16:54:32 CEST 2013 

Hello,

I have a kolab3 server with hosted domains and I'm trying to create an external LDAP server. My intention is to migrate the default ldap server from kolab3 to an external server which already have some information of my environment and merge both server in one in order to just manage one ldap server.

Could someone please provide me some guidance about how to do it?

I've try to import kolab schema, also objects and attributes (ldif files from one to another). But I'm having troubles with the kolab-service user. In the new LDAP it looks like it has no permission to search in all domains.

# cat kolab-services-aci.ldif
dn: cn=kolab,cn=config
aci: (targetattr = "*") (version 3.0;acl "Kolab Services";allow (read,compare,
 search)(userdn = "ldap:///uid=kolab-service,ou=Special Users,dc=kolab,dc=ddol
 ,dc=es");)
aci: (targetattr = "*") (version 3.0;acl "Hosted Kolab Services";allow (read,c
 ompare,search)(userdn = "ldap:///uid=hosted-kolab-service,ou= Special Users,d
 c=kolab,dc=ddol,dc=es");)

# kolab.ddol.es, kolab, config
dn: associateddomain=kolab.ddol.es,cn=kolab,cn=config
aci: (targetattr = "*") (version 3.0;acl "Read Access for kolab.ddol.es Users"
 ;allow (read,compare,search)(userdn = "ldap:///dc=kolab,dc=ddol,dc=es??sub?(o
 bjectclass=*)");)
aci: (targetattr = "*") (version 3.0;acl "Hosted Kolab Services";deny (read,se
 arch)(userdn = "ldap:///uid=hosted-kolab-service,ou=Special Users,dc=kolab,dc
 =ddol,dc=es");)

but when I try to import the information I'm getting:

#  ldapmodify -a -h localhost -p 1389 -D "cn=orcladmin" -w asddol00 -v -c -f kolab-services-aci.ldif
ldap_initialize( ldap://localhost:1389 )
add aci:
        (targetattr = "*") (version 3.0;acl "Kolab Services";allow (read,compare,search)(userdn = "ldap:///uid=kolab-service,ou=Special Users,dc=kolab,dc=ddol,dc=es");)
adding new entry "cn=kolab,cn=config"
ldap_add: Object class violation (65)
        additional info: missing required attribute "objectclass"

On the other hand, I've modify roundcubemail to search in the new ldap, also kolab_wap in kolab.conf.

In fact, I'm able to login with "ldap admin" (I've also change it to mach the admin, and now it is not anymor Directory Manager) 
I can create users in the new LDAP from kolab-webadmin, but not new domains. I'm not able to login in roundcubemail either, it can not find the users because it uses de kolab-service user.

Any help?

Manel
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20130613/8d061413/attachment.html>

More information about the users mailing list