4 commits - conf/kolab.conf pykolab/setup pykolab/utils.py

Jeroen van Meeuwen vanmeeuwen at kolabsys.com
Mon Apr 29 15:48:18 CEST 2013 

 conf/kolab.conf             |    7 +++++++
 pykolab/setup/setup_ldap.py |   32 +++++++++++++++++++++++++++++++-
 pykolab/utils.py            |   25 +++++++++++++++++++++++++
 3 files changed, 63 insertions(+), 1 deletion(-)

New commits:
commit d42a9205b56948ed265ea7a818281a56ba296461
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Mon Apr 29 15:43:57 2013 +0200

    Add a --with-ad option for the LDAP setup

diff --git a/pykolab/setup/setup_ldap.py b/pykolab/setup/setup_ldap.py
index acb4cea..5eb05d5 100644
--- a/pykolab/setup/setup_ldap.py
+++ b/pykolab/setup/setup_ldap.py
@@ -76,6 +76,14 @@ def cli_options():
             help    = _("Setup configuration for OpenLDAP compatibility.")
         )
 
+    ldap_group.add_option(
+            "--with-ad",
+            dest    = "with_ad",
+            action  = "store_true",
+            default = False,
+            help    = _("Setup configuration for Active Directory compatibility.")
+        )
+
 def description():
     return _("Setup LDAP.")
 
@@ -91,7 +99,7 @@ def execute(*args, **kw):
 
     _input = {}
 
-    if conf.with_openldap:
+    if conf.with_openldap and not conf.with_ad:
 
         conf.command_set('ldap', 'unique_attribute', 'entryuuid')
 
@@ -101,6 +109,28 @@ def execute(*args, **kw):
 
         return
 
+    elif conf.with_ad and not conf.with_openldap:
+        conf.command_set('ldap', 'auth_attributes', 'samaccountname')
+        conf.command_set('ldap', 'modifytimestamp_format', '%%Y%%m%%d%%H%%M%%S.0Z')
+        conf.command_set('ldap', 'unique_attribute', 'userprincipalname')
+        
+        # TODO: These attributes need to be checked
+        conf.command_set('ldap', 'mail_attributes', 'mail')
+        conf.command_set('ldap', 'mailserver_attributes', 'mailhost')
+        conf.command_set('ldap', 'quota_attribute', 'mailquota')
+
+        return
+
+    elif conf.with_ad and conf.with_openldap:
+        print >> sys.stderr, utils.multiline_message(
+                _("""
+                        You can not configure Kolab to run against OpenLDAP
+                        and Active Directory simultaneously.
+                    """)
+            )
+
+        sys.exit(1)
+
     # Pre-execution checks
     for path, directories, files in os.walk('/etc/dirsrv/'):
         for direct in directories:


commit ab36c62050a7967131a7cf8e4e1719c6f449a5ca
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Mon Apr 29 15:43:33 2013 +0200

    Add a note on the possible value of this Active Directory unique_attribute

diff --git a/conf/kolab.conf b/conf/kolab.conf
index 840cbd7..0725b19 100644
--- a/conf/kolab.conf
+++ b/conf/kolab.conf
@@ -122,6 +122,8 @@ quota_attribute = mailquota
 ;
 ; For OpenLDAP, use 'entrydn' - the 'entryUUID' can regrettably not be searched
 ; with.
+; 
+; For Active Directory, use 'objectsid'.
 unique_attribute = nsuniqueid
 
 ; Attribute names that hold valid, internal recipient addresses. Note the use


commit eaa8dd5365dc22c21d8a5515712362f5934a296a
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Mon Apr 29 15:30:39 2013 +0200

    Handle objectSid binary blobs to be a unique_attribute attribute name

diff --git a/pykolab/utils.py b/pykolab/utils.py
index 46b257e..b0de166 100644
--- a/pykolab/utils.py
+++ b/pykolab/utils.py
@@ -21,6 +21,7 @@ import getpass
 import grp
 import os
 import pwd
+import struct
 import sys
 
 import pykolab
@@ -300,16 +301,22 @@ def normalize(_object):
             if type(_object[key]) == list:
                 if _object[key] == None:
                     continue
+
                 if len(_object[key]) == 1:
                     result[key.lower()] = ''.join(_object[key])
                 else:
                     result[key.lower()] = _object[key]
+
             else:
                 if _object[key] == None:
                     continue
+
                 # What the heck?
                 result[key.lower()] = _object[key]
 
+        if result.has_key('objectsid') and not result['objectsid'][0] == "S":
+            result['objectsid'] = sid_to_string(result['objectsid'])
+
         if result.has_key('sn'):
             result['surname'] = result['sn'].replace(' ', '')
 
@@ -414,6 +421,24 @@ def pop_empty_from_list(_input_list):
         if not item == '':
             _output_list.append(item)
 
+def sid_to_string(sid):
+    srl = ord(sid[0])
+    number_sub_id = ord(sid[1])
+    iav = struct.unpack('!Q', '\x00\x00' + sid[2:8])[0]
+
+    sub_ids = []
+
+    for i in range(number_sub_id):
+        sub_ids.append(struct.unpack('<I',sid[8+4*i:12+4*i])[0])
+
+    result = 'S-%d-%d-%s' % (
+            srl,
+            iav,
+            '-'.join([str(s) for s in sub_ids]),
+        )
+
+    return result
+
 def standard_root_dn(domain):
     return 'dc=%s' % (',dc='.join(domain.split('.')))
 


commit aa6b4ce6943f6603930ae3dec97c8ffdf9561368
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Mon Apr 29 13:59:44 2013 +0200

    Add the new setting [kolab] sync_interval to the default configuration

diff --git a/conf/kolab.conf b/conf/kolab.conf
index e0f64c3..840cbd7 100644
--- a/conf/kolab.conf
+++ b/conf/kolab.conf
@@ -17,6 +17,11 @@ imap_backend = cyrus-imap
 ; The default locale for this Kolab Groupware installation
 default_locale = en_US
 
+; Synchronization interval - describes the number of seconds to wait in
+; between non-persistent synchronization attempts. Relevant only for
+; deployments that lack persistent search and syncrepl ldap controls.
+sync_interval = 300
+
 [ldap]
 ; The URI to LDAP
 ldap_uri = ldap://localhost:389

More information about the commits mailing list