extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-08 00:54:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

changes thanks to Aleksander Adamowski of the developers list

Browse Source
This commit is contained in:
Ralf Becker 2006-07-01 21:37:09 +00:00
parent 27da7f6edb
commit 6b005761e4
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
phpgwapi/doc/ldap/README
View File

@ -6,7 +6,8 @@ eGroupWare needs no more special LDAP schemas since version 1.3.007:
- valid Groups have a posixGroup object class and store there members in the memberuid attribute.
If you want to use group-addressbooks in LDAP, the ACL requires that groups get expanded by the LDAP server.
To do so, we need to use groupOfNames together with posixGroup (groupOfNames stores the dn, posixGroup only the uid).
To do so, we need to use groupOfNames together with posixGroup (groupOfNames stores the dn in the member
attribute, posixGroup only the uid in the memberUid attribute).
If your LDAP uses the original nis.schema, posixGroup is a structural object and can NOT be used together!
Newer SuSE distributions use a rfc2307bis schema, which can be used on other distributions too
(instead of the nis.schema, NOT together). The schema is in the same directory as this README.
@ -15,6 +16,7 @@ To change to the rfc2307bis.schema (not needed with newer SuSE distros!):
----------------------------------
- create an ldif from your ldap: slapcat > my.ldif
- add objectclass groupOfNames to every group (only the groups!)
- change every occurence of "structuralObjectClass: posixGroup" to "structuralObjectClass: groupOfNames"
- edit your slapd.conf:
+ remove the include of the nis.schema
+ include the rfc2307bis.schema in this dir
@ -26,4 +28,15 @@ To change to the rfc2307bis.schema (not needed with newer SuSE distros!):
eGroupWare detects if it can use groupOfNames together with posixGroup and fills the member attribute,
if you edit the group or changes the members.
To create a dedicated LDAP account for eGroupWare, you can use the following sample LDIF:
cn=eGroupWare,dc=domain,dc=com
cn: eGroupWare
objectClass: person
sn: eGroupWare
userPassword: SOME_LONG_RANDOM_PASSWORD
To give eGroupWare permission to manage the groups, you can use the following ACL:
access to dn.subtree="ou=groups,dc=domain,dc=com"
by dn="cn=eGroupWare,dc=domain,dc=com" write
Ralf

1
phpgwapi/doc/ldap/rfc2307bis.schema
View File

@ -79,6 +79,7 @@ attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
EQUALITY caseExactIA5Match
SUBSTRINGS caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'