Aaron Horn
2016-09-12 22:23:30 UTC
Hello,
I am setting up a locally-hosted Kolab installation for a student media
group.
I have stock Kolab 16 running on CentOS 7 installed per the docs.
I am trying to achieve a situation where the following happens:
- Some users have a ***@parent-organisation.co.uk
- Other users have a ***@child-organisation.co.uk
- All users can share calendars and global address book
- Users belonging to Child Organisation do not have a
***@parent-organisation.co.uk email address
- (For bonus points) Users belonging to Parent Organisation can
*optionally* have a ***@child-organisation.co.uk alias
I think what I am trying to achieve is depicted in this diagram:
Loading Image...
at
https://docs.kolab.org/deployment-guide/index.html#organizations-with-multiple-domain-namespaces
Unfortunately the above website doesn't really explain how this is
achieved, it goes on to explain a multi-domain setup (where parent and
child organisations would be regarded as completely separate).
I don't believe I wish to create a alias domain as this implies all users
must have a mail variable (primary_mail) of
***@parent-organisation.co.uk which isn't desirable.
Thus far I have tried a few things including this "To enable users to
share groupware data while their primary recipient email addresses make
them end up in different authorization realms, you should set the
result_attribute setting in *kolab.conf(5)* to the name of an attribute
that does not contain a realm identifier (i.e. something without an â@â in
it), such as the uid attribute, which by default does not include a domain
name space. This would create the following mailboxes (if the surname is
used for the uid attribute)"
(I.e. I changed result_attribute to uid)
I then created the two domains leaving an LDAP configuration like this:
[***@www ~]# ldapsearch -x -h localhost -D "cn=Directory Manager" -w
PASSWORD -b "cn=kolab,cn=config"
# extended LDIF
#
# LDAPv3
# base <cn=kolab,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# kolab, config
dn: cn=kolab,cn=config
objectClass: top
objectClass: extensibleobject
cn: kolab
# demon-media.co.uk, kolab, config
dn: associateddomain=parent-organisation.co.uk,cn=kolab,cn=config
objectClass: top
objectClass: domainrelatedobject
objectClass: inetdomain
associatedDomain: parent-organisation.co.uk
associatedDomain: www.parent-organisation.co.uk
associatedDomain: localhost
associatedDomain: localhost.localdomain
# demonfm.co.uk, kolab, config
dn: associateddomain=child-organisation.co.uk,cn=kolab,cn=config
associatedDomain: child-organisation.co.uk
inetDomainStatus: active
objectClass: top
objectClass: domainrelatedobject
objectClass: inetdomain
# search result
search: 2
result: 0 Success
# numResponses: 4
# numEntries: 3
I can log in with accounts I create under parent-organisation.co.uk but not
those created under child-organisation.co.uk. I also get no mailboxes
created, only the uids themselves (below example, on created on each
domain):
[***@www ~]# kolab list-mailboxes
user/aaron.smith
user/dave.adams
In short, does anyone have a guide or some pointers about how this is
achieved. LDAP really really isn't my strong point and I get confused by
sentences such as "You may also consider setting virtdomains to off in
*imapd.conf(5)*, although this implies only the null realm is ever going to
be used." (I have no idea what a null realm is).
Any help much appreciated!
I am setting up a locally-hosted Kolab installation for a student media
group.
I have stock Kolab 16 running on CentOS 7 installed per the docs.
I am trying to achieve a situation where the following happens:
- Some users have a ***@parent-organisation.co.uk
- Other users have a ***@child-organisation.co.uk
- All users can share calendars and global address book
- Users belonging to Child Organisation do not have a
***@parent-organisation.co.uk email address
- (For bonus points) Users belonging to Parent Organisation can
*optionally* have a ***@child-organisation.co.uk alias
I think what I am trying to achieve is depicted in this diagram:
Loading Image...
at
https://docs.kolab.org/deployment-guide/index.html#organizations-with-multiple-domain-namespaces
Unfortunately the above website doesn't really explain how this is
achieved, it goes on to explain a multi-domain setup (where parent and
child organisations would be regarded as completely separate).
I don't believe I wish to create a alias domain as this implies all users
must have a mail variable (primary_mail) of
***@parent-organisation.co.uk which isn't desirable.
Thus far I have tried a few things including this "To enable users to
share groupware data while their primary recipient email addresses make
them end up in different authorization realms, you should set the
result_attribute setting in *kolab.conf(5)* to the name of an attribute
that does not contain a realm identifier (i.e. something without an â@â in
it), such as the uid attribute, which by default does not include a domain
name space. This would create the following mailboxes (if the surname is
used for the uid attribute)"
(I.e. I changed result_attribute to uid)
I then created the two domains leaving an LDAP configuration like this:
[***@www ~]# ldapsearch -x -h localhost -D "cn=Directory Manager" -w
PASSWORD -b "cn=kolab,cn=config"
# extended LDIF
#
# LDAPv3
# base <cn=kolab,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# kolab, config
dn: cn=kolab,cn=config
objectClass: top
objectClass: extensibleobject
cn: kolab
# demon-media.co.uk, kolab, config
dn: associateddomain=parent-organisation.co.uk,cn=kolab,cn=config
objectClass: top
objectClass: domainrelatedobject
objectClass: inetdomain
associatedDomain: parent-organisation.co.uk
associatedDomain: www.parent-organisation.co.uk
associatedDomain: localhost
associatedDomain: localhost.localdomain
# demonfm.co.uk, kolab, config
dn: associateddomain=child-organisation.co.uk,cn=kolab,cn=config
associatedDomain: child-organisation.co.uk
inetDomainStatus: active
objectClass: top
objectClass: domainrelatedobject
objectClass: inetdomain
# search result
search: 2
result: 0 Success
# numResponses: 4
# numEntries: 3
I can log in with accounts I create under parent-organisation.co.uk but not
those created under child-organisation.co.uk. I also get no mailboxes
created, only the uids themselves (below example, on created on each
domain):
[***@www ~]# kolab list-mailboxes
user/aaron.smith
user/dave.adams
In short, does anyone have a guide or some pointers about how this is
achieved. LDAP really really isn't my strong point and I get confused by
sentences such as "You may also consider setting virtdomains to off in
*imapd.conf(5)*, although this implies only the null realm is ever going to
be used." (I have no idea what a null realm is).
Any help much appreciated!
--
Regards,
Aaron Horn,
***@gmail.com.
Regards,
Aaron Horn,
***@gmail.com.