From WPKG | Open Source Software Deployment and Distribution
Jump to: navigation, search

Discussion about Samba and Kolab user management using LAM.

Please press 'alt-+', or click on + link at the top of this page (next to edit) to add a comment.

ACL in openldap

Nice article, however you don't speak about ACL in openldap. This part was the tricky one for me, as you have to mix samba and kolab access to ldap.

If you compare slapd.conf from Samba and Kolab, you'll be able to write a mixed slapd.conf to allow samba and kolab access, but as your users aren't stored in the same place as original kolab installation, you'll have access problem.

In Kolab, your users are stored in the root of the ldap :


In Samba, your users are stored in branch Users or People of your ldap :

 or, cn=test,ou=People,dc=example,dc=com

With Kolab, Postfix needs to have nobody access to 3 attributes of your users: mail, alias AND kolabDeleteflag. If your access list is wrong, postfix can't deliver mails to your users.

Either you let the user nobody access your branch Users (security risk?), either you allow nobody to read kolabDeleteflag.

I added this ACL to my slapd.conf to allow Postfix to read kolabDeleteflag attribute :

 access to attr=kolabDeleteflag
     by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
     by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
     by * read stop

With correct ACL in my ldap, everything is working like a dream...

Thanks for great work.

Problems with rootdn

I had problems being able to log into the Kolab webadmin (to administer the services, distribution lists, etc.) and also getting the Kolab accounts actually created if I used anything but the default rootdn that Kolab used (cn=manager,cn=internal,dc=...)

I just updated my Samba PDC to use the Kolab default rootdn and all was good.

On another note, on subsequent installs, I would unfortunately get a "Could log in to database; invalid credentials" error. I have not found a solution to that as yet, and it only pops up on some installs :-(

All in all,however, great work!

-Alan Murrell

Some Problem which i face during implementing this one

I am using Debian Etch when i log into https://localhost/lam/templates/login.php It shows some errors like : 1.A required PHP extension is missing!


2.A required PHP extension is missing!


so if i trying to install php-mhash it will install php-4 and install it on my server while the following article use embedded php from the kolab install so my question is how should i add phpmhash to that php used by kolab itself and getting rid of this error

Ok now if i log into the LAM using manager and create user, group,samba domain all these said that attribute created successfully but i can't see it in my passwd,shadow and even not a single home directory is created . if i run the lamdaemon test it will show the following error:

Lamdaemon test localhost ( Lamdaemon server and path Ok Using as lamdaemon remote server. Unix account Ok Using manager to connect to remote server. SSH2 module Error Please install the SSH2 module for PHP and activate it in your php.ini! Lamdaemon test finished.

Aren't you connecting to a non-Kolab webserver (i.e., Apache which was installed on that machine *before* Kolab?). Kolab provides its own Apache.

No i am using kolab webserver as i think whole document is based on that as we see LAM and PHPLDAPADMIN is untar in the /kolab/var/kolab/www thats mean we have to use APACHE provided by the kolab itself