Koozali.org formerly Contribs.org

Modifications LDAP

Modifications LDAP
« on: November 08, 2018, 11:07:24 AM »
Hi,
My ldap on buzz.kerplouz.com (SME SERVER port 389)
My applications : moodle.kerplouz.com or mahara.kerplouz.com (shared hosting)
My emails platform : Office365

I use LDAP to authentify my students and teachers on Mahara and Moodle. That works fine.

But thoses platforms received the email from ldap sme (@buzz.kerplouz.com) but we don't use it.
We use adress from office365 (prenom.nom@kerplouz.com) but because Office365 can't use LDAP SME (i believe), i have to import csv files from SME

Is there a way to import thoses adresses in LDAP SME to have them later on different platforms ?
Do i have to modify something in LDAP SME to create automatically the adresses i will use with office365

I'm a little bit lost ...

Thanks for your help.

Offline Daniel B.

  • *
  • 1,681
    • Firewall Services, la sécurité des réseaux
Re: Modifications LDAP
« Reply #1 on: November 08, 2018, 11:24:36 AM »
Yes, you can add other emails addresses in LDAP for addressboook purpose. Here's a event script I use to do this http://gitweb.firewall-services.com/?p=ipasserelle-base;a=blob;f=root/etc/e-smith/events/actions/update-ldap-pseudonyms;h=a760a26e09c74f6afb6e38130d70962bff4f0d6c;hb=HEAD

The script will check every pseudonyms pointing on the user, and add them in to the mail attr (multi-valued attribute).

In this script I also store additional emails addresses in the account db for each user (AltMail1 to AltMail4). And I also read a prop PreferredMail (this email will be the first mail attr in LDAP so applications will usually pick this one).
C'est la fin du monde !!! :lol:

Re: Modifications LDAP
« Reply #2 on: November 08, 2018, 11:47:43 AM »
Hey, it looks very good !
How i can use it ?
Is there a way to add it with lazy admin tools for example ?
The idea is to have this email directly written when i create a user.

Maybe SME SERVER is able to generate himself this kind of adress ? (changiny my domain or something else ?) so that i can use it to import from office365 ?

Offline Daniel B.

  • *
  • 1,681
    • Firewall Services, la sécurité des réseaux
Re: Modifications LDAP
« Reply #3 on: November 08, 2018, 11:50:04 AM »
You'll have to adapt it to your need. My usage was simple: I created a panel in the server-manager to manually set alternative email addresses. You'll need to tweek the event script so it can lookup the email in a CSV, or a DB.
C'est la fin du monde !!! :lol:

Offline mmccarn

  • *
  • 2,316
Re: Modifications LDAP
« Reply #4 on: November 08, 2018, 01:32:53 PM »
You might get something acceptable without customizing your LDAP using 'EmailForward' and 'ForwardAddress' for each user on your SME, or by configuring each user in Office365 to download mail from the SME server.

Re: Modifications LDAP
« Reply #5 on: November 08, 2018, 01:42:53 PM »
Why not using ForwardAddress, but i can't see its entry in LDAP (phpldapamin) to call it with an application.
So instead of calling "mail", i could like to call "forwardadress", is that right ?

Offline Daniel B.

  • *
  • 1,681
    • Firewall Services, la sécurité des réseaux
Re: Modifications LDAP
« Reply #6 on: November 08, 2018, 01:45:35 PM »
Nop, forward email is not stored in LDAP
C'est la fin du monde !!! :lol:

Re: Modifications LDAP
« Reply #7 on: November 08, 2018, 01:46:41 PM »
ok, that's not a solution for now....  :sad:

Re: Modifications LDAP
« Reply #8 on: November 10, 2018, 02:18:43 PM »
other question to use Ldap authentification.

with the mahara platform (shared hosting), i've a problem to create group with users from SME

Mahara log : [DBG] 34 (auth/ldap/lib.php:1473) will not autocreate an empty Mahara group

It works with users but not with groups. (empty group ?)

My config on Mahara :

« Last Edit: November 10, 2018, 02:20:59 PM by john56 »

Offline Daniel B.

  • *
  • 1,681
    • Firewall Services, la sécurité des réseaux
Re: Modifications LDAP
« Reply #9 on: November 10, 2018, 05:32:40 PM »
In the second screenshot: "L'attribut des membres est-il un DN" (Is member's attribute a DN) should be set to no as SME uses rfc2307 schema (it should be set to yes only for rfc2307bis or AD-like schemas)
C'est la fin du monde !!! :lol:

Offline Daniel B.

  • *
  • 1,681
    • Firewall Services, la sécurité des réseaux
Re: Modifications LDAP
« Reply #10 on: November 10, 2018, 05:33:24 PM »
You should also disable nested groups as it's not supported with rfc2307 schema
C'est la fin du monde !!! :lol:

Re: Modifications LDAP
« Reply #11 on: November 10, 2018, 05:38:57 PM »
Hi Daniel,
if i disable those two settings, i've an error in Mahara's logs:
[WAR] 39 (lib/group.php:419) Undefined variable: USER

Offline Daniel B.

  • *
  • 1,681
    • Firewall Services, la sécurité des réseaux
Re: Modifications LDAP
« Reply #12 on: November 10, 2018, 05:42:01 PM »
Then, it's probably a bug in Mahara. Those settings should be disabled to be compatible with SME's LDAP schema. Especially the "Member's attribute is a DN". With this enabled, there's no way group membership will work, because mahara would search full user's DN in memberUid attribute, while it's just plain user uid.
C'est la fin du monde !!! :lol:

Re: Modifications LDAP
« Reply #13 on: November 10, 2018, 05:44:53 PM »
Thanks Daniel. I have posted it in mahara's forum before. Wait ans see..

PS : for Moodle, it works fine to create groups with members.
« Last Edit: November 10, 2018, 05:47:27 PM by john56 »