Kolab 16 Parent/Child Domain

Aaron Horn aaronhorn at gmail.com
Tue Sep 13 00:23:30 CEST 2016 

Hello,

I am setting up a locally-hosted Kolab installation for a student media
group.

I have stock Kolab 16 running on CentOS 7 installed per the docs.

I am trying to achieve a situation where the following happens:

   - Some users have a firstname.surname at parent-organisation.co.uk
   - Other users have a firstname.surname at child-organisation.co.uk
   - All users can share calendars and global address book
   - Users belonging to Child Organisation do not have a
   firstname.surname at parent-organisation.co.uk email address
   - (For bonus points) Users belonging to Parent Organisation can
   *optionally* have a firstname.surname at child-organisation.co.uk alias

I think what I am trying to achieve is depicted in this diagram:
https://docs.kolab.org/_images/graphviz-a2b03bbac78617530e0982c132965d70f0387d09.png
at
https://docs.kolab.org/deployment-guide/index.html#organizations-with-multiple-domain-namespaces

Unfortunately the above website doesn't really explain how this is
achieved, it goes on to explain a multi-domain setup (where parent and
child organisations would be regarded as completely separate).

I don't believe I wish to create a alias domain as this implies all users
must have a mail variable (primary_mail) of
firstname.surname at parent-organisation.co.uk which isn't desirable.

Thus far I have tried a few things including this  "To enable users to
share groupware data while their primary recipient email addresses make
them end up in different authorization realms, you should set the
result_attribute setting in *kolab.conf(5)* to the name of an attribute
that does not contain a realm identifier (i.e. something without an ‘@’ in
it), such as the uid attribute, which by default does not include a domain
name space. This would create the following mailboxes (if the surname is
used for the uid attribute)"

(I.e. I changed result_attribute to uid)

I then created the two domains leaving an LDAP configuration like this:

[root at www ~]# ldapsearch -x -h localhost -D "cn=Directory Manager" -w
PASSWORD -b "cn=kolab,cn=config"
# extended LDIF
#
# LDAPv3
# base <cn=kolab,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# kolab, config
dn: cn=kolab,cn=config
objectClass: top
objectClass: extensibleobject
cn: kolab

# demon-media.co.uk, kolab, config
dn: associateddomain=parent-organisation.co.uk,cn=kolab,cn=config
objectClass: top
objectClass: domainrelatedobject
objectClass: inetdomain
associatedDomain: parent-organisation.co.uk
associatedDomain: www.parent-organisation.co.uk
associatedDomain: localhost
associatedDomain: localhost.localdomain

# demonfm.co.uk, kolab, config
dn: associateddomain=child-organisation.co.uk,cn=kolab,cn=config
associatedDomain: child-organisation.co.uk
inetDomainStatus: active
objectClass: top
objectClass: domainrelatedobject
objectClass: inetdomain

# search result
search: 2
result: 0 Success

# numResponses: 4
# numEntries: 3

I can log in with accounts I create under parent-organisation.co.uk but not
those created under child-organisation.co.uk.  I also get no mailboxes
created, only the uids themselves (below example, on created on each
domain):
[root at www ~]# kolab list-mailboxes
user/aaron.smith
user/dave.adams

In short, does anyone have a guide or some pointers about how this is
achieved.  LDAP really really isn't my strong point and I get confused by
sentences such as "You may also consider setting virtdomains to off in
*imapd.conf(5)*, although this implies only the null realm is ever going to
be used." (I have no idea what a null realm is).

Any help much appreciated!

-- 
Regards,
Aaron Horn,
aaronhorn at gmail.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20160912/92e35a3b/attachment.html>

More information about the users mailing list