[Kolab-devel] Kolab + OpenLDAP

Jeroen van Meeuwen (Kolab Systems) vanmeeuwen at kolabsys.com
Tue Jan 22 13:03:45 CET 2013 

On 2013-01-22 06:31, Diane Trout wrote:
> Hi,
> 
> I made an attempt to run Kolab using OpenLDAP.
> 
> The kolab.ldif that you're shipping isn't quite compatible with how 
> openldap
> likes their schema files. (I can provide the altered kolab2.ldif if 
> you'd like)
> 

I'm assuming you're speaking about the .schema vs. the standard .ldif 
files format. Have you looked at the files we actually provide at 
http://git.kolab.org/kolab-schema/tree/?

> What resources do you need to have access to in cn=config?
> 

The kolab-service account that is used to bind services such as postfix 
and others - and that should therefore have transparent read access to 
search / read / look through all entries in a tree - should have read 
access to cn=config if;

- That is where we best store enabled domain name spaces for Kolab,
- That is where VLV/SSS configuration can be detected.

> I disovered that kolab wanted a domanRelatedObject and I didn't want 
> to figure
> out how to create a cn=kolab,cn=config tree. so I attached it to the 
> root
> object for my ldap tree.
> 

These are actually settings (see 
http://git.kolab.org/pykolab/tree/conf/kolab.conf#n95), though I reckon 
the web administration panel refers to 'domainrelatedobject' in some 
places.

> Also it crashes if you set unique_attribute to entryUUID as pykolab is
> assuming all attribute names are lower cased.
> 

Supply the configuration value in all lower-case, please.

> With all those changes from 0.5.11 packages:
> 
> kolabd -l debug -d 9 runs without sleeping
> kolab-webadmin can login but only shows the "About" button.

Do you have mozldap utilities "ldapsearch" installed, and if so, in 
what location do they reside?

> roundcubemail seems to work fine (browsed mail, created a contact, 
> viewed
> calendar).
> 

It'd be lovely if we also had your notes on initially installing 
OpenLDAP, and creating the default tree / setting the appropriate ACLs, 
noted that in 389 DS, we can change these aspects in real-time, whereas 
I recall OpenLDAP may still require us to put some files on the 
filesystem and reload/restart the service.

Kind regards,

Jeroen van Meeuwen

-- 
Systems Architect, Kolab Systems AG

e: vanmeeuwen at kolabsys.com
m: +44 74 2516 3817
w: http://www.kolabsys.com

pgp: 9342 BF08

More information about the devel mailing list