Multi-domain webadmin / WAP with Kolab 3.3 on CentOS 7

Cornelius Hald hald at icandy.de
Thu Oct 16 23:18:24 CEST 2014 

So I found another couple of hours and after looking at the source code
of kolab-webadmin it got interesting...

Earlier I've created an admin user in primarydomain.com and in
secondarydomain.com. And I've always tried to log into kolab-webadmin
using an LDAP user name like that:

User: uid=myuser,ou=People,dc=secondarydomain,dc=com
Pass: XXX

Now from looking at the sources I've figured out I should actually use:

User: myuser at secondarydomain.com
Pass: XXX

And voila: If I do it like that, the Admin-Interface is actually
associated with the secondary domain.

Why oh why couldn't I find that information earlier? I thought if I have
to enter the user name of the "Directory Manager" in LDAP notation, I
have to enter all user names in LDAP notation. Well, turns out I was
wrong :(

Still, what worries me is this: If I log into kolab-webadmin using a
kolab-admin account of secondarydomain.com using LDAP notation I'm able
to see the user accounts of primarydomain.com.

That doesn't really look like 'separated domains' to me. Anyone able to
comment?

Cheers,
Conny




On Fri, 2014-10-03 at 22:42 +0200, Cornelius Hald wrote:
> Hello again :)
> 
> My setup with two separate domains is now mostly working. That is
> sending and receiving mail and log in to roundcube.
> 
> Now I want to have a separate domain admin for each domain. So I've
> added the role 'kolab-admin' to a user of each domain. Both users are
> able to log in to the webadmin, but only the user of the primary domain
> is working as expected.
> 
> If I log in the admin user of the secondary domain, I get a situation,
> where the user is authenticated against the secondary domain, but WAP
> shows the contents of the primary domain. E.g. I can see the users of
> the primary domain, but I cannot change them. Also the title bar in WAP
> shows the name of the primary domain instead of the secondary.
> 
> Now, if I look at the output of /var/log/dirsrv/slapd-kolab/access I can
> see that the queries are done against the primary domain. So at least it
> is consistent. But I absolutely have no idea, where WAP gets the
> information which domain it should query for which user.
> 
> Basically this search query is wrong. It should read
> 'secondarydomain.com'
> 
> SRCH base="cn=kolab,cn=config" scope=2
> filter="(&(&(associatedDomain=*))(associatedDomain=primarydomain.com))"
> attrs="* aci"
> 
> Is there a config file for WAP? Should that info be in LDAP? If yes,
> where? Or does this depend on imapd.conf or maybe kolabd.conf?
> 
> Pointers and hints would be great!
> 
> Thanks!
> Conny
> 
> 
>

More information about the users mailing list