[Kolab-devel] Kolab user management

Bernhard Reiter bernhard at intevation.de
Thu Mar 24 10:38:00 CET 2005


Hi Cajus,

On Wednesday 23 March 2005 15:09, Cajus Pollmeier wrote:
> Am Mittwoch, 23. März 2005 14:33 schrieb Martin Konold:
> > Am Mittwoch, 23. März 2005 11:47 schrieb Cajus Pollmeier:

> > > looking at the kolabDeleteflag, it seems to request a complete delete
> > > of the DN which contains it - if I'm interpreting the perl code
> > > correctly. Technically this is a problem for tools like LAM or GOsa,
> > > because they might want to remove the Kolab aspects of an account,
> > > only.
> >
> > Yes, this is indeed an issue. But how often is the plain removal of the
> > Kolab aspect only a requirement?

> this is more a functional issue. In this case I can only speak for GOsa
> functionality, where several parts like i.e. Proxy, Posix, Samba, Mail,
> etc. are handled as such an account aspect. They can be added and removed
> without the need of removing the complete entry.

I am not deep into the LDAP issues involved,
but I expect that we could in principle change kolabd to configure the action taken
when a deleteflag is set and only remove some parts or nothing.
Then other management components could take care
of the rest.
In fact, I think we should add a wish to the tracker
what needs to be configured.

> > The LDAP admin tool has not to take care of anything like these. This is
> > the job of the kolabd which does not care you made the appropriate
> > settings in the LDAP repository.
>
> That was not the question. Lets say it this way: I'm not going to use
> kolabd for account removal, as long as the point from above is not working
> as expected. Ergo I've to care about these things myself:
>
> What would kolabd do besides removing of mailboxes, alias cleanups and the
> removal of the specified DN from LDAP?

I do not think it does more.
Note that postfix will deliver email based on the ldap information,
so you might check the filter in there that it is precise enough
when you keep parts of the ldap objects with a mail attribute.


> > We want to easily find the base dn for kolab in a potentially big LDAP
> > tree.
>
> The question was if "kolabOrganizationalUnit" and "kolabNamedObject" are
> used somewhere in the code. I've read your schema definitions carefully,
> but I'd like to avoid reading the complete sourcecode.

I don't know, maybe a grep should prove the point.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2145 bytes
Desc: signature
URL: <http://lists.kolab.org/pipermail/devel/attachments/20050324/aa4efdd2/attachment.p7s>


More information about the devel mailing list