Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenLDAP compatibility #15

Open
netthier opened this issue Jan 19, 2021 · 6 comments
Open

OpenLDAP compatibility #15

netthier opened this issue Jan 19, 2021 · 6 comments

Comments

@netthier
Copy link

netthier commented Jan 19, 2021
edited
Loading

This tool does not seem to support OpenLDAP, since syncer.py relies on the userPrincipalName attribute being present.
This attribute is only available in Microsoft AD, and attempting to use this tool with OpenLDAP results in the following error:

ldap-mailcow    | 19.01.21 16:04:20 Config file conf/dovecot/ldap/passdb.conf unchanged
ldap-mailcow    | 19.01.21 16:04:20 Config file conf/dovecot/extra.conf unchanged
ldap-mailcow    | 19.01.21 16:04:20 Config file conf/sogo/plist_ldap unchanged
ldap-mailcow    | Traceback (most recent call last):
ldap-mailcow    |   File "syncer.py", line 181, in <module>
ldap-mailcow    |     main()
ldap-mailcow    |   File "syncer.py", line 31, in main
ldap-mailcow    |     sync()
ldap-mailcow    |   File "syncer.py", line 52, in sync
ldap-mailcow    |     for (email, ldap_name, ldap_active) in ldap_results:
ldap-mailcow    |   File "syncer.py", line 46, in <lambda>
ldap-mailcow    |     x[1]['userPrincipalName'][0].decode(),
ldap-mailcow    | KeyError: 'userPrincipalName'

To make this compatible with the OpenLDAP "inetOrgPerson", a possible solution would be to make the attributes synced user-configurable.
For example:

LDAP-MAILCOW_LDAP_USER_ATTR=mail # userPrincipalName by default
@Programmierus Programmierus mentioned this issue Jan 21, 2021
Open
@nicaiseeric
Copy link

OpenLDAP compatilibility will make this project widely usable.

@twstagg
Copy link

twstagg commented Dec 25, 2021

@netthier @nicaiseeric you should be able to just manually change the attribute from 'userPrincipalName' to whatever you want. I changed mine to "mail". Then, as long as all users returned in the search of Base DN possess the attribute, the code will work.

@AnBo83
Copy link

AnBo83 commented Jan 9, 2022

@twstagg Where can I change the code? the container does not start so that I cannot access the Docker volume ...

@mario-spitze
Copy link

@AnBo83 I could not start the Container to. Did you build the container from git? In Dockerfile i changed to a different version:

FROM python:alpine3.14

That's a new issue?

To the OpenLDAP topic:
I simply changed userPrincipalName to mail but we run into other trouble now. OpenLDAP do not have the userAccountControl attribute and no standardized other solution. @twstagg How did you solve this?

@schmittvictor
Copy link

someone found a solution for the userAccountControl ?

@l4b4r4b4b4
Copy link

l4b4r4b4b4 commented Feb 7, 2023
edited
Loading

someone found a solution for the userAccountControl ?

EDIT:
Got the Dovecot site to work with OpenLDAP and LDAP Account Manager. Will do some documentation in Readme and publish everything to this dedicated repo before diving into SoGO and making sure everything works as it should. But looking promising so far...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@twstagg @mario-spitze @nicaiseeric @l4b4r4b4b4 @schmittvictor @AnBo83 @netthier