Kolab + FreeIPA

Mon Nov 10 02:12:10 CET 2014

Hi Carlos

I'm figuring out the kolab.conf with the cn/dn and so on and I get
errors on the bind.

Can you send me your example of what you sued for freeipa ? I think
the devs can use it too as they are working on integration.

Would be great!

Thanks!

Matt

2014-11-09 20:59 GMT+01:00 Matt . <yamakasi.014 at gmail.com>:
> Hi Carlos,
>
> OK, I figured out in the IRC channgel that we need the 99kolab.ldif in
>  /etc/dirsrv/slapd-$instance/schema/99kolab.ldif but the rest is still
> very vague to me.
>
> What kind of service do we need to add to the
> kolabhost.local.domain at LOCAL.DOMAIN in IPA ? and what rights does the
> cyrus-admin needs.
>
> If you remember something, it's welcome!
>
> Cheers,
>
> Matt
>
> 2014-11-09 19:23 GMT+01:00 Matt . <yamakasi.014 at gmail.com>:
>> Hi Carlos,
>>
>> Do you have any information about the  kolab-service and the
>> cyrus-admin account ? What kind of rights does the cyrus admin need to
>> have ?
>>
>> I have imported the Schema with commenting out dn=schema in the
>> kolab3.ldif, you needed to do this also ?
>>
>> Was it btw needed to setupt the full ldap on the kolab server and than
>> change the ldap stuff in the kolab.conf or was an install
>> --without-ldap working ?
>>
>> I hope you can help me out.
>>
>> Thanks again!
>>
>> Cheers,
>>
>> Matt
>>
>> 2014-11-09 1:24 GMT+01:00 Matt . <yamakasi.014 at gmail.com>:
>>> I'm still testing this without any luck.
>>>
>>> I'm doing a setup-kolab --without-ldap
>>>
>>> When I check the kolab.conf I see what to change but I'm not 100% sure
>>> as this differs from other LDAP configs as it seems, it requires the
>>> Directory Manager instead of the admin from FreeIPA.
>>>
>>> Also adding the schema is not what I can find out so far.
>>>
>>> Any howto's are welcome!
>>>
>>> Is the integration for ldap questions from Boddie already in the
>>> Ubuntu Packages ?
>>>
>>> Thanks,
>>>
>>> Matt
>>>
>>> 2014-11-09 0:10 GMT+01:00 Matt . <yamakasi.014 at gmail.com>:
>>>> Great to hear!
>>>>
>>>> That is quite some users indeed. I'm thinking about starting locally
>>>> as I need Kolab at the moment and seperate later on.
>>>>
>>>> Can you keep me updated about your progress ?
>>>>
>>>> Would be great!
>>>>
>>>> Matt
>>>>
>>>> 2014-11-09 0:09 GMT+01:00 Carlos Raúl Laguna <carlosla1987 at gmail.com>:
>>>>> In my test lab yes, i am also about to deploy kolab for 6000 and also and
>>>>> separate all the server but still on research. Regards
>>>>>
>>>>> 2014-11-08 18:04 GMT-05:00 Matt . <yamakasi.014 at gmail.com>:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> Same thing here, we rely on IPA so it's needed.
>>>>>>
>>>>>> I also was investigating to seperate all services but this is not
>>>>>> documented well enough.
>>>>>>
>>>>>> Your users just worked out of the box ?
>>>>>>
>>>>>> Thanks!
>>>>>>
>>>>>> Matt
>>>>>>
>>>>>> 2014-11-09 0:01 GMT+01:00 Carlos Raúl Laguna <carlosla1987 at gmail.com>:
>>>>>> > Hi,
>>>>>> > In my case i needed, to many users, hard to keep tracking .
>>>>>> >
>>>>>> > 2014-11-08 17:10 GMT-05:00 Matt . <yamakasi.014 at gmail.com>:
>>>>>> >
>>>>>> >> Hi,
>>>>>> >>
>>>>>> >> Mhh it would be needed actually or it doesn't make sense to use your
>>>>>> >> existing ipa.
>>>>>> >>
>>>>>> >> 2014-11-08 23:00 GMT+01:00 Carlos Raúl Laguna <carlosla1987 at gmail.com>:
>>>>>> >> > Existing user in IPA server? only if meet kolab user.lastname policy
>>>>>> >> > but
>>>>>> >> > not
>>>>>> >> > 100% sure . Regards
>>>>>> >> >
>>>>>> >> > 2014-11-08 16:53 GMT-05:00 Matt . <yamakasi.014 at gmail.com>:
>>>>>> >> >
>>>>>> >> >> HI,
>>>>>> >> >>
>>>>>> >> >> OK great to know... existing users will be usable in Kolab directly
>>>>>> >> >> ?
>>>>>> >> >> no remapping needed ?
>>>>>> >> >>
>>>>>> >> >> Cheers,
>>>>>> >> >>
>>>>>> >> >> Matt
>>>>>> >> >>
>>>>>> >> >> 2014-11-08 22:50 GMT+01:00 Carlos Raúl Laguna
>>>>>> >> >> <carlosla1987 at gmail.com>:
>>>>>> >> >> > Hi, try both, however ended doing manually. Regards
>>>>>> >> >> >
>>>>>> >> >> > Carlos
>>>>>> >> >> >
>>>>>> >> >> > 2014-11-08 16:44 GMT-05:00 Matt . <yamakasi.014 at gmail.com>:
>>>>>> >> >> >
>>>>>> >> >> >> Hi Carlos,
>>>>>> >> >> >>
>>>>>> >> >> >> Thanks for your information!
>>>>>> >> >> >>
>>>>>> >> >> >> What did you do with the settings ? Did you changed the install
>>>>>> >> >> >> script
>>>>>> >> >> >>  or did all manual ?
>>>>>> >> >> >>
>>>>>> >> >> >> If I see something I will let you know.
>>>>>> >> >> >>
>>>>>> >> >> >> Cheers,
>>>>>> >> >> >>
>>>>>> >> >> >> Matt
>>>>>> >> >> >>
>>>>>> >> >> >> 2014-11-08 22:38 GMT+01:00 Carlos Raúl Laguna
>>>>>> >> >> >> <carlosla1987 at gmail.com>:
>>>>>> >> >> >> > Actually i setup both boxes aside and them make the changes.
>>>>>> >> >> >> > about
>>>>>> >> >> >> > your
>>>>>> >> >> >> > second question i can't help you i am not in the office right
>>>>>> >> >> >> > now
>>>>>> >> >> >> > but
>>>>>> >> >> >> > if
>>>>>> >> >> >> > i
>>>>>> >> >> >> > recall correctly the schema is added just like the 389-DS and
>>>>>> >> >> >> > the
>>>>>> >> >> >> > object
>>>>>> >> >> >> > your can search in IPA Server > Configuration > add
>>>>>> >> >> >> > objectclass.
>>>>>> >> >> >> > Regards
>>>>>> >> >> >> >
>>>>>> >> >> >> > If you find other mean to do it i would like to hear about.
>>>>>> >> >> >> >
>>>>>> >> >> >> > 2014-11-08 16:09 GMT-05:00 Matt . <yamakasi.014 at gmail.com>:
>>>>>> >> >> >> >
>>>>>> >> >> >> >> Hi,
>>>>>> >> >> >> >>
>>>>>> >> >> >> >> OK, I have seen something about changing the setup script so
>>>>>> >> >> >> >> it
>>>>>> >> >> >> >> will
>>>>>> >> >> >> >> set the ipa server already instead of localhost ?
>>>>>> >> >> >> >>
>>>>>> >> >> >> >> Do you have some directions to add the schema and object ?
>>>>>> >> >> >> >>
>>>>>> >> >> >> >> Thanks
>>>>>> >> >> >> >>
>>>>>> >> >> >> >> Matt
>>>>>> >> >> >> >>
>>>>>> >> >> >> >> 2014-11-08 22:04 GMT+01:00 Carlos Raúl Laguna
>>>>>> >> >> >> >> <carlosla1987 at gmail.com>:
>>>>>> >> >> >> >> > Hi, you need to add kolab schema to FreeIPA and add the
>>>>>> >> >> >> >> > kolab
>>>>>> >> >> >> >> > object
>>>>>> >> >> >> >> > trought
>>>>>> >> >> >> >> > FreeIPA-GUI to start, after that you will need to point all
>>>>>> >> >> >> >> > kolab
>>>>>> >> >> >> >> > element to
>>>>>> >> >> >> >> > freeipa that include and modify the search queries to
>>>>>> >> >> >> >> > FreeIPA,
>>>>>> >> >> >> >> > also
>>>>>> >> >> >> >> > you
>>>>>> >> >> >> >> > will
>>>>>> >> >> >> >> > need to recreate part of of Kolab LDAP tree in FreeIPA, i
>>>>>> >> >> >> >> > only
>>>>>> >> >> >> >> > used
>>>>>> >> >> >> >> > this
>>>>>> >> >> >> >> > in
>>>>>> >> >> >> >> > a test environment, but in a few week will do it again for
>>>>>> >> >> >> >> > production
>>>>>> >> >> >> >> > one
>>>>>> >> >> >> >> > domain only. Regards
>>>>>> >> >> >> >
>>>>>> >> >> >> >
>>>>>> >> >> >
>>>>>> >> >> >
>>>>>> >> >
>>>>>> >> >
>>>>>> >
>>>>>> >
>>>>>
>>>>>