Kolab + FreeIPA

Matt . yamakasi.014 at gmail.com
Sun Nov 9 20:59:47 CET 2014


Hi Carlos,

OK, I figured out in the IRC channgel that we need the 99kolab.ldif in
 /etc/dirsrv/slapd-$instance/schema/99kolab.ldif but the rest is still
very vague to me.

What kind of service do we need to add to the
kolabhost.local.domain at LOCAL.DOMAIN in IPA ? and what rights does the
cyrus-admin needs.

If you remember something, it's welcome!

Cheers,

Matt

2014-11-09 19:23 GMT+01:00 Matt . <yamakasi.014 at gmail.com>:
> Hi Carlos,
>
> Do you have any information about the  kolab-service and the
> cyrus-admin account ? What kind of rights does the cyrus admin need to
> have ?
>
> I have imported the Schema with commenting out dn=schema in the
> kolab3.ldif, you needed to do this also ?
>
> Was it btw needed to setupt the full ldap on the kolab server and than
> change the ldap stuff in the kolab.conf or was an install
> --without-ldap working ?
>
> I hope you can help me out.
>
> Thanks again!
>
> Cheers,
>
> Matt
>
> 2014-11-09 1:24 GMT+01:00 Matt . <yamakasi.014 at gmail.com>:
>> I'm still testing this without any luck.
>>
>> I'm doing a setup-kolab --without-ldap
>>
>> When I check the kolab.conf I see what to change but I'm not 100% sure
>> as this differs from other LDAP configs as it seems, it requires the
>> Directory Manager instead of the admin from FreeIPA.
>>
>> Also adding the schema is not what I can find out so far.
>>
>> Any howto's are welcome!
>>
>> Is the integration for ldap questions from Boddie already in the
>> Ubuntu Packages ?
>>
>> Thanks,
>>
>> Matt
>>
>> 2014-11-09 0:10 GMT+01:00 Matt . <yamakasi.014 at gmail.com>:
>>> Great to hear!
>>>
>>> That is quite some users indeed. I'm thinking about starting locally
>>> as I need Kolab at the moment and seperate later on.
>>>
>>> Can you keep me updated about your progress ?
>>>
>>> Would be great!
>>>
>>> Matt
>>>
>>> 2014-11-09 0:09 GMT+01:00 Carlos Raúl Laguna <carlosla1987 at gmail.com>:
>>>> In my test lab yes, i am also about to deploy kolab for 6000 and also and
>>>> separate all the server but still on research. Regards
>>>>
>>>> 2014-11-08 18:04 GMT-05:00 Matt . <yamakasi.014 at gmail.com>:
>>>>
>>>>> Hi,
>>>>>
>>>>> Same thing here, we rely on IPA so it's needed.
>>>>>
>>>>> I also was investigating to seperate all services but this is not
>>>>> documented well enough.
>>>>>
>>>>> Your users just worked out of the box ?
>>>>>
>>>>> Thanks!
>>>>>
>>>>> Matt
>>>>>
>>>>> 2014-11-09 0:01 GMT+01:00 Carlos Raúl Laguna <carlosla1987 at gmail.com>:
>>>>> > Hi,
>>>>> > In my case i needed, to many users, hard to keep tracking .
>>>>> >
>>>>> > 2014-11-08 17:10 GMT-05:00 Matt . <yamakasi.014 at gmail.com>:
>>>>> >
>>>>> >> Hi,
>>>>> >>
>>>>> >> Mhh it would be needed actually or it doesn't make sense to use your
>>>>> >> existing ipa.
>>>>> >>
>>>>> >> 2014-11-08 23:00 GMT+01:00 Carlos Raúl Laguna <carlosla1987 at gmail.com>:
>>>>> >> > Existing user in IPA server? only if meet kolab user.lastname policy
>>>>> >> > but
>>>>> >> > not
>>>>> >> > 100% sure . Regards
>>>>> >> >
>>>>> >> > 2014-11-08 16:53 GMT-05:00 Matt . <yamakasi.014 at gmail.com>:
>>>>> >> >
>>>>> >> >> HI,
>>>>> >> >>
>>>>> >> >> OK great to know... existing users will be usable in Kolab directly
>>>>> >> >> ?
>>>>> >> >> no remapping needed ?
>>>>> >> >>
>>>>> >> >> Cheers,
>>>>> >> >>
>>>>> >> >> Matt
>>>>> >> >>
>>>>> >> >> 2014-11-08 22:50 GMT+01:00 Carlos Raúl Laguna
>>>>> >> >> <carlosla1987 at gmail.com>:
>>>>> >> >> > Hi, try both, however ended doing manually. Regards
>>>>> >> >> >
>>>>> >> >> > Carlos
>>>>> >> >> >
>>>>> >> >> > 2014-11-08 16:44 GMT-05:00 Matt . <yamakasi.014 at gmail.com>:
>>>>> >> >> >
>>>>> >> >> >> Hi Carlos,
>>>>> >> >> >>
>>>>> >> >> >> Thanks for your information!
>>>>> >> >> >>
>>>>> >> >> >> What did you do with the settings ? Did you changed the install
>>>>> >> >> >> script
>>>>> >> >> >>  or did all manual ?
>>>>> >> >> >>
>>>>> >> >> >> If I see something I will let you know.
>>>>> >> >> >>
>>>>> >> >> >> Cheers,
>>>>> >> >> >>
>>>>> >> >> >> Matt
>>>>> >> >> >>
>>>>> >> >> >> 2014-11-08 22:38 GMT+01:00 Carlos Raúl Laguna
>>>>> >> >> >> <carlosla1987 at gmail.com>:
>>>>> >> >> >> > Actually i setup both boxes aside and them make the changes.
>>>>> >> >> >> > about
>>>>> >> >> >> > your
>>>>> >> >> >> > second question i can't help you i am not in the office right
>>>>> >> >> >> > now
>>>>> >> >> >> > but
>>>>> >> >> >> > if
>>>>> >> >> >> > i
>>>>> >> >> >> > recall correctly the schema is added just like the 389-DS and
>>>>> >> >> >> > the
>>>>> >> >> >> > object
>>>>> >> >> >> > your can search in IPA Server > Configuration > add
>>>>> >> >> >> > objectclass.
>>>>> >> >> >> > Regards
>>>>> >> >> >> >
>>>>> >> >> >> > If you find other mean to do it i would like to hear about.
>>>>> >> >> >> >
>>>>> >> >> >> > 2014-11-08 16:09 GMT-05:00 Matt . <yamakasi.014 at gmail.com>:
>>>>> >> >> >> >
>>>>> >> >> >> >> Hi,
>>>>> >> >> >> >>
>>>>> >> >> >> >> OK, I have seen something about changing the setup script so
>>>>> >> >> >> >> it
>>>>> >> >> >> >> will
>>>>> >> >> >> >> set the ipa server already instead of localhost ?
>>>>> >> >> >> >>
>>>>> >> >> >> >> Do you have some directions to add the schema and object ?
>>>>> >> >> >> >>
>>>>> >> >> >> >> Thanks
>>>>> >> >> >> >>
>>>>> >> >> >> >> Matt
>>>>> >> >> >> >>
>>>>> >> >> >> >> 2014-11-08 22:04 GMT+01:00 Carlos Raúl Laguna
>>>>> >> >> >> >> <carlosla1987 at gmail.com>:
>>>>> >> >> >> >> > Hi, you need to add kolab schema to FreeIPA and add the
>>>>> >> >> >> >> > kolab
>>>>> >> >> >> >> > object
>>>>> >> >> >> >> > trought
>>>>> >> >> >> >> > FreeIPA-GUI to start, after that you will need to point all
>>>>> >> >> >> >> > kolab
>>>>> >> >> >> >> > element to
>>>>> >> >> >> >> > freeipa that include and modify the search queries to
>>>>> >> >> >> >> > FreeIPA,
>>>>> >> >> >> >> > also
>>>>> >> >> >> >> > you
>>>>> >> >> >> >> > will
>>>>> >> >> >> >> > need to recreate part of of Kolab LDAP tree in FreeIPA, i
>>>>> >> >> >> >> > only
>>>>> >> >> >> >> > used
>>>>> >> >> >> >> > this
>>>>> >> >> >> >> > in
>>>>> >> >> >> >> > a test environment, but in a few week will do it again for
>>>>> >> >> >> >> > production
>>>>> >> >> >> >> > one
>>>>> >> >> >> >> > domain only. Regards
>>>>> >> >> >> >
>>>>> >> >> >> >
>>>>> >> >> >
>>>>> >> >> >
>>>>> >> >
>>>>> >> >
>>>>> >
>>>>> >
>>>>
>>>>


More information about the users mailing list