Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » How to connect Kerio to OpenLDAP (slapd Linux) (Have Kerio connect get users from OpenLDAP (Linux))
  •  
robertflavia

Messages: 100
Karma: -5
Send a private message to this user
I need to setup OpenLDAP (slapd) users with the kerio-connect server.

I have read

[url= http://kb.kerio.com/product/kerio-connect/server-configurati on/ldap-and-directory-services/mapping-users-groups-from-ope nldap-or-generic-ldap-server-294.html]

Is the above knowledge base link, the correct method to get Kerio working with OpenLDAP?
Is there not an easier approach?

The above knowledge base article is long, and difficult to follow.

Kind regards

Robert

[Updated on: Mon, 19 May 2014 17:06]

  •  
robertflavia

Messages: 100
Karma: -5
Send a private message to this user
Any feedback ?

[Updated on: Tue, 20 May 2014 11:29]

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
robertflavia wrote on Tue, 20 May 2014 11:29
Any feedback ?


Yes, the article is long and you need to follow all the instructions to be able to use OpenLDAP as a directory service for Kerio Connect.
  •  
robertflavia

Messages: 100
Karma: -5
Send a private message to this user
Hello Pavel,

please can you confirm that this LDAP user is a valid Kerio user?

# keriotestuser, flavia.local
dn: cn=keriotestuser,dc=flavia,dc=local
uid: keriotestuser
sn: User
cn: keriotestuser
objectClass: person
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: top
objectClass: kerio-Mail-User
loginShell: /bin/bash
homeDirectory: /home/keriotestuser
uidNumber: 1001
gidNumber: 1000
kerio-Mail-Active: 1
groupMemberShip: Group1
userPassword:: e1NTSEF9RTRGZTNmaDNzQkIxNXRWMFEzV041RGRLdngyZjU4RDc=

Is this group valid?

# Group1, flavia.local
dn: cn=Group1,dc=flavia,dc=local
cn: Group1
objectClass: top
objectClass: groupOfNames
objectClass: kerio-Mail-Group
member: cn=keriotestuser,dc=flavia,dc=local
kerio-Mail-Active: 1

This is the LDAP entry from mailserver.cfg.
<list name="Ldap">
<listitem>
<variable name="Domain">linsvr29.flavia.local</variable>
<variable name="ServerName">10.0.4.17</variable>
<variable name="ServerPort">389</variable>
<variable name="BindDn">cn=admin,dc=flavia,dc=local</variable>
<variable name="BindPassword">D3S:1da0877bcca67f8ff4760293bd3b4b44</variable >
<variable name="MapFile">openldap.map</variable>
<variable name="Filter"></variable>
<variable name="UserBaseDn">dc=flavia,dc=local</variable>
<variable name="GroupBaseDn">dc=flavia,dc=local</variable>
<variable name="Description"></variable>
<variable name="Enabled">1</variable>
<variable name="PrimaryRefreshInt">30</variable>
<variable name="LdapNetworkTimeout">10</variable>
<variable name="SecureConnection">0</variable>
<variable name="ConnectionLimit">32</variable>
<variable name="PagedResultSize">250</variable>
<variable name="UseSasl">0</variable>
</listitem>

Please can you also verify the openldap.map file which I have attached.

Kind regards

Robert


  • Attachment: openldap.map
    (Size: 2.96KB, Downloaded 138 times)
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
It seems to be valid (provided that your LDAP schema has been extended with apple-generatedguid attribute.
You can verify it yourself - if everything is correct you will see that user and group in Kerio Connect administration.
  •  
robertflavia

Messages: 100
Karma: -5
Send a private message to this user
Hi Pavel,

when I test the LDAP connection in the admin website -> configuration -> domains -> directory services -> test connection
1. in the log of my LDAP server I can see the kerio test connection

This tells me that the Kerio server is talking to my LDAP server.

However when I go to admin website -> accounts -> users -> add from directory service
1. in the kerio log I can see
[20/May/2014 16:47:52][19108] {admin} JSON-API: User admin; Function Users.getNotActivated was called.
[20/May/2014 16:47:52][19108] {admin} JSON-API: User admin; Function Users.getNotActivated was finished in 0.00 seconds.
2. in the LDAP log nothing happens

The same thing happens when I try to add a group into Kerio from the directory service.

It seems the Kerio service is not even attempting to connect to the LDAP server.

Can you provide any tips / hints / ideas on how to trouble shoot this further ?

Kind regards

Robert
  •  
robertflavia

Messages: 100
Karma: -5
Send a private message to this user
Hi Pavel,

thanks for replying.

What is

"apple-generatedguid"

From my openldap.map I removed

<variable>
<name>Guid</name>
<value><apple-guid/></value>
</variable>

1. Do I need this Guid in the map file?
2. In LDAP what is this GUID ? How is it generated ?

Kind regards

Robert
  •  
robertflavia

Messages: 100
Karma: -5
Send a private message to this user
Thanks Pavel.

I'll added apple_generateduid attribute.

The article also mentions a file called gal_openldap.map

1. Is that file required and
2. What changes are required for gal_openldap.map ?

Regards

Robert
  •  
jan.skorepa

Messages: 2
Karma: 1
Send a private message to this user
Hi,
please look here - forums.kerio.com/m/72180/ .. that post helped me a lot!

Regards
  •  
robertflavia

Messages: 100
Karma: -5
Send a private message to this user
Thank you Jan for your help.
  •  
robertflavia

Messages: 100
Karma: -5
Send a private message to this user
Hello Pavel,

OpenLDAP users and groups are still not appearing in Kerio Connect. Although I have followed the advice and steps on the forum and in the knowledge base.

Please could you verify files that I have attached / pasted.

In the ldap I have disabled all olcAccess rules.

This is the test user in LDAP
Are all the attributes correct?
=============================
version: 1

dn: cn=keriotestuser,dc=flavia,dc=local
objectClass: kerio-Mail-User
objectClass: top
objectClass: posixAccount
objectClass: organizationalPerson
objectClass: person
cn: keriotestuser
gidNumber: 1000
homeDirectory: /home/keriotestuser
sn: User
uid: keriotestuser
uidNumber: 1001
apple-generateduid: 7c17e30b-9a5d-4f2e-a11b-c8995a2aa99b
groupMemberShip: Group1
kerio-Mail-Active: 1
loginShell: /bin/bash
userPassword:: e1NTSEF9RTRGZTNmaDNzQkIxNXRWMFEzV041RGRLdngyZjU4RDc=
============================================================

This is the LDAP Group
Are all the object classes and attributes correct?
============================================================
version: 1

dn: cn=Group1,dc=flavia,dc=local
objectClass: kerio-Mail-Group
objectClass: groupOfNames
objectClass: top
cn: Group1
member: cn=keriotestuser,dc=flavia,dc=local
apple-generateduid: a6b5c5d5-7121-4092-9f77-87fefdfebaf4
kerio-Mail-Active: 1
============================================================



openldap.map (at bottom of the message)
1. Is Auth_type correct?
2. Is Groups / groupMemberShip correct?
3. Is Guid / apple-generateduid correct ?
4. Is LdapDN / dn correct? The dn is empty is this correct?

gal_openldap.map (at bottom of message)
1. Is this file required?
2. is the filter correct?

mailserver.cfg (attached)
1. In the <list name="Ldap"> what does the variable Filter do? Can it be left empty?

kerio-mailserver.ldif (generated by running slaptest) (at bottom of message)
kerio-mailserver.schema (at bottom of message)
1. Is groupMemberShip correct?
2. Is apple-generateduid correct?

cn={4}kerio.ldif (generated after running ldapadd on kerio-mailserver.ldif) (at bottom of message)

LDAP Server details:
-OS: Linux 3.11.0-15-generic #23-Ubuntu SMP Mon Dec 9 18:16:27 UTC 2013 i686 i686 i686 GNU/Linux
-OpenLDAP: 2.4.31 slapd (Ubuntu) (Oct 8 2013 20:51:43)
buildd<_at_> akateko:/build/buildd/openldap-2.4.31/debian/build/servers/s lapd

Email Server details:
-OS: Debian GNU/Linux 7.4, x86_64
-Kerio Connect 8.2.4 (2550)

Kind regards

Robert

============================================================ =====
openldap.map
<mapfile>
<map table="User">
<filter>objectclass=kerio-Mail-User</filter>
<active-attribute>kerio-Mail-Active</active-attribute>
<variable>
<name>Name</name>
<value><attribute>uid</attribute></value>
</variable>
<variable>
<name>Account_enabled</name>
<value><attribute>kerio-Mail-AccountEnabled</attribute></value >
</variable>
<variable>
<name>Auth_type</name>
<value>5</value>
</variable>
<variable>
<name>PIN</name>
<value><attribute>kerio-User-AuthPIN</attribute></value>
</variable>
<variable>
<name>Rights</name>
<value><attribute>kerio-Mail-AdminRights</attribute></value >
</variable>
<variable>
<name>Authorization</name>
<value><attribute>kerio-Mail-Authorization</attribute></value >
</variable>
<variable>
<name>Groups</name>
<value><attribute>groupMemberShip</attribute></value>
</variable>
<variable>
<name>MailAddress</name>
<value><attribute>kerio-Mail-Address</attribute></value>
</variable>
<variable>
<name>ForwardMode</name>
<value><attribute>kerio-Mail-ForwardMode</attribute></value >
</variable>
<variable>
<name>ForwardAddress</name>
<value><attribute>kerio-Mail-ForwardAddress</attribute></value >
</variable>
<variable>
<name>HomeServer</name>
<value><attribute>kerio-Mail-HomeServer</attribute></value >
</variable>
<variable>
<name>Qstorage</name>
<value><attribute>kerio-Mail-QuotaStorage</attribute></value >
</variable>
<variable>
<name>Qmessage</name>
<value><attribute>kerio-Mail-QuotaMessage</attribute></value >
</variable>
<variable>
<name>MaxOutgoingMessageSize</name>
<value><attribute>kerio-Mail-MaxOutgoingMessageSize</attribute ></value>
</variable>
<variable>
<name>ReplyToAddress</name>
<value><attribute>kerio-Mail-WebReplyToAddress</attribute ></value>
</variable>
<variable>
<name>Fullname</name>
<value><attribute>cn</attribute></value>
</variable>
<variable>
<name>Description</name>
<value><attribute>description</attribute></value>
</variable>

<variable>
<name>Guid</name>
<value><attribute type="string">apple-generateduid</attribute></value>
</variable>

<variable>
<name>LdapDN</name>
<value><dn /></value>
</variable>


</map>

<map table="Group">
<filter>objectclass=kerio-Mail-Group</filter>
<active-attribute>kerio-Mail-Active</active-attribute>
<variable>
<name>Name</name>
<value><attribute>cn</attribute></value>
</variable>
<variable>
<name>MailAddress</name>
<value><attribute>kerio-Mail-Address</attribute></value>
</variable>
<variable>
<name>Rights</name>
<value><attribute>kerio-Mail-AdminRights</attribute></value >
</variable>
<variable>
<name>Authorization</name>
<value><attribute>kerio-Mail-Authorization</attribute></value >
</variable>
<variable>
<name>Description</name>
<value><attribute>description</attribute></value>
</variable>
<variable>
<name>Guid</name>
<value><attribute type="string">apple-generateduid</attribute></value>
</variable>
</map>
</mapfile>

============================================================ =====

============================================================ =====
gal_openldap.map

<mapfile>
<map table="User">
<filter> &amp;(objectclass=kerio-Mail-User)(kerio-Mail-Active=*)( !(kerio-Mail-Authorization=kms.global.address.list.disabled) ) </filter>
<variable>
<name>Name</name>
<value><attribute>uid</attribute></value>
</variable>
<variable>
<name>Account_enabled</name>
<value><attribute>kerio-Mail-AccountEnabled</attribute></value >
</variable>
<variable>
<name>Fullname</name>
<value><attribute>cn</attribute></value>
</variable>
<variable>
<name>Title</name>
<value><attribute>title</attribute></value>
</variable>
<variable>
<name>TitleBefore</name>
<value><attribute>personalTitle</attribute></value>
</variable>
<variable>
<name>TitleAfter</name>
<value><attribute>generationQualifier</attribute></value >
</variable>
<variable>
<name>GivenName</name>
<value><attribute>givenName</attribute></value>
</variable>
<variable>
<name>MiddleName</name>
<value><attribute></attribute></value>
</variable>
<variable>
<name>Surname</name>
<value><attribute>sn</attribute></value>
</variable>
<variable>
<name>Company</name>
<value><attribute>o</attribute></value>
</variable>
<variable>
<name>Department</name>
<value><attribute>ou</attribute></value>
</variable>
<variable>
<name>HomeAddress</name>
<value><attribute>homePostalAddress</attribute></value>
</variable>
<variable>
<name>BA_pobox</name>
<value><attribute>postOfficeBox</attribute></value>
</variable>
<variable>
<name>BA_room</name>
<value><attribute>roomNumber</attribute></value>
</variable>
<variable>
<name>BA_street</name>
<value><attribute>street</attribute></value>
</variable>
<variable>
<name>BA_city</name>
<value><attribute>l</attribute></value>
</variable>
<variable>
<name>BA_zip</name>
<value><attribute>postalCode</attribute></value>
</variable>
<variable>
<name>BA_state</name>
<value><attribute>st</attribute></value>
</variable>
<variable>
<name>BA_country</name>
<value><attribute>c</attribute></value>
</variable>
<variable>
<name>PN_business</name>
<value><attribute>telephoneNumber</attribute></value>
</variable>
<variable>
<name>PN_home</name>
<value><attribute>homePhone</attribute></value>
</variable>
<variable>
<name>PN_mobile</name>
<value><attribute>mobile</attribute></value>
</variable>
<variable>
<name>PN_isdn</name>
<value><attribute>internationalISDNNumber</attribute></value >
</variable>
<variable>
<name>PN_fax</name>
<value><attribute>facsimileTelephoneNumber</attribute></value >
</variable>
<variable>
<name>PN_pager</name>
<value><attribute>pager</attribute></value>
</variable>
<variable>
<name>PN_telex</name>
<value><attribute>telexNumber</attribute></value>
</variable>
<variable>
<name>PN_ip</name>
<value><attribute>ipPhone</attribute></value>
</variable>
<variable>
<name>PN_other</name>
<value><attribute>otherTelephone</attribute></value>
</variable>
<variable>
<name>PN_otherfax</name>
<value><attribute>otherFacsimileTelephoneNumber</attribute ></value>
</variable>
<variable>
<name>Email</name>
<value><attribute>kerio-Mail-Address</attribute><attribute >mail</attribute></value>
</variable>

<variable>
<name>Image</name>
<value><attribute>jpegPhoto</attribute></value>
</variable>



<variable>
<name>UrlWork</name>
<value><attribute>labeledURI</attribute></value>
</variable>
<variable>
<name>UrlOther</name>
<value><attribute>apple-webloguri</attribute></value>
</variable>
<variable>
<name>IM_msn</name>
<value><attribute>apple-imhandle ~ MSN:([^\s]+)</attribute></value>
</variable>
<variable>
<name>IM_icq</name>
<value><attribute>apple-imhandle ~ ICQ:([^\s]+)</attribute></value>
</variable>
<variable>
<name>IM_aim</name>
<value><attribute>apple-imhandle ~ AIM:([^\s]+)</attribute></value>
</variable>
<variable>
<name>IM_yahoo</name>
<value><attribute>apple-imhandle ~ Yahoo:([^\s]+)</attribute></value>
</variable>
<variable>
<name>IM_jabber</name>
<value><attribute>apple-imhandle ~ JABBER:([^\s]+)</attribute></value>
</variable>
<variable>
<name>Description</name>
<value><attribute>description</attribute></value>
</variable>
</map>
<map table="Group">
<filter> &amp;(objectclass=kerio-Mail-Group)(kerio-Mail-Address=* )(!(kerio-Mail-Authorization=kms.global.address.list.disable d)) </filter>
<active-attribute>kerio-Mail-Active</active-attribute>
<variable>
<name>GroupName</name>
<value><attribute>cn</attribute></value>
</variable>
<variable>
<name>Account_enabled</name>
<value><attribute>1</attribute></value>
</variable>
<variable>
<name>Email</name>
<value><attribute>kerio-Mail-Address</attribute></value>
</variable>
<variable>
<name>Description</name>
<value><attribute>description</attribute></value>
</variable>
</map>
</mapfile>

===================================================

=======================================================
kerio-mailserver.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 e8c9384b
dn: cn=kerio,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: kerio
olcAttributeTypes: {0}( 1.3.6.1.4.1.10311.1.2.2.1 NAME 'kerio-Mail-Active' EQU
ALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {1}( 1.3.6.1.4.1.10311.1.2.2.2 NAME 'kerio-Mail-AccountEnab
led' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
)
olcAttributeTypes: {2}( 1.3.6.1.4.1.10311.1.0.2.1 NAME 'kerio-User-AuthPIN' EQ
UALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.4.1.10311.1.2.2.5 NAME 'kerio-Mail-AdminRights
' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
)
olcAttributeTypes: {4}( 1.3.6.1.4.1.10311.1.2.2.6 NAME 'kerio-Mail-Address' EQ
UALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {5}( 1.3.6.1.4.1.10311.1.2.2.7 NAME 'kerio-Mail-ForwardMode
' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {6}( 1.3.6.1.4.1.10311.1.2.2.8 NAME 'kerio-Mail-ForwardAddr
ess' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {7}( 1.3.6.1.4.1.10311.1.2.2.9 NAME 'kerio-Mail-QuotaStorag
e' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
)
olcAttributeTypes: {8}( 1.3.6.1.4.1.10311.1.2.2.10 NAME 'kerio-Mail-QuotaMessa
ge' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALU
E )
olcAttributeTypes: {9}( 1.3.6.1.4.1.10311.1.2.2.24 NAME 'kerio-Mail-Authorizat
ion' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {10}( 1.3.6.1.4.1.10311.1.2.2.25 NAME 'kerio-Mail-HomeServe
r' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
)
olcAttributeTypes: {11}( 1.3.6.1.4.1.10311.1.2.2.26 NAME 'kerio-Mail-MaxOutgoi
ngMessageSize' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
olcAttributeTypes: {12}( 1.3.6.1.4.1.10311.1.2.2.22 NAME 'kerio-Mail-WebReplyT
oAddress' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL
E-VALUE )
olcAttributeTypes: {13}( 1.3.6.1.4.1.10311.1.2.2.27 NAME 'kerio-Mail-Preferred
-Address' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL
E-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.4.1.10311.1.2.2.28 NAME 'groupMemberShip' EQU
ALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {15}( 1.3.6.1.4.1.10311.1.2.2.29 NAME 'apple-generateduid'
DESC 'generated unique ID' EQUALITY caseExactMatch SUBSTR caseExactSubstrings
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.4.1.10311.2.2.2.1 NAME 'kerio-Mail-User' SUP to
p AUXILIARY MAY ( kerio-Mail-Active $ kerio-Mail-AccountEnabled $ kerio-User-
AuthPIN $ kerio-Mail-AdminRights $ kerio-Mail-Authorization $ kerio-Mail-Addr
ess $ kerio-Mail-ForwardMode $ kerio-Mail-ForwardAddress $ kerio-Mail-QuotaSt
orage $ kerio-Mail-QuotaMessage $ kerio-Mail-HomeServer $ kerio-Mail-MaxOutgo
ingMessageSize $ kerio-Mail-WebReplyToAddress $ groupMemberShip $ apple-generateduid $ kerio-Mail-Preferred-Address ) )
olcObjectClasses: {1}( 1.3.6.1.4.1.10311.2.2.2.2 NAME 'kerio-Mail-Group' SUP t
op AUXILIARY MAY ( kerio-Mail-Active $ kerio-Mail-AdminRights $ kerio-Mail-Au
thorization $ apple-generateduid $ kerio-Mail-Address ) )

=======================================================

=======================================================
kerio-mailserver.schema
#
# kerio-User attributes and class
#

attributetype ( 1.3.6.1.4.1.10311.1.2.2.1
NAME 'kerio-Mail-Active'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.10311.1.2.2.2
NAME 'kerio-Mail-AccountEnabled'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.10311.1.0.2.1
NAME 'kerio-User-AuthPIN'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.10311.1.2.2.5
NAME 'kerio-Mail-AdminRights'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.10311.1.2.2.6
NAME 'kerio-Mail-Address'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

attributetype ( 1.3.6.1.4.1.10311.1.2.2.7
NAME 'kerio-Mail-ForwardMode'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.10311.1.2.2.8
NAME 'kerio-Mail-ForwardAddress'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

attributetype ( 1.3.6.1.4.1.10311.1.2.2.9
NAME 'kerio-Mail-QuotaStorage'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.10311.1.2.2.10
NAME 'kerio-Mail-QuotaMessage'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.10311.1.2.2.24
NAME 'kerio-Mail-Authorization'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

attributetype ( 1.3.6.1.4.1.10311.1.2.2.25
NAME 'kerio-Mail-HomeServer'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.10311.1.2.2.26
NAME 'kerio-Mail-MaxOutgoingMessageSize'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.10311.1.2.2.22
NAME 'kerio-Mail-WebReplyToAddress'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.10311.1.2.2.27
NAME 'kerio-Mail-Preferred-Address'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.10311.1.2.2.28 NAME 'groupMemberShip'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.10311.1.2.2.29
NAME ( 'apple-generateduid' )
DESC 'generated unique ID'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

objectclass ( 1.3.6.1.4.1.10311.2.2.2.1
NAME 'kerio-Mail-User'
AUXILIARY
SUP top
MAY (
kerio-Mail-Active $
kerio-Mail-AccountEnabled $
kerio-User-AuthPIN $
kerio-Mail-AdminRights $
kerio-Mail-Authorization $
kerio-Mail-Address $
kerio-Mail-ForwardMode $
kerio-Mail-ForwardAddress $
kerio-Mail-QuotaStorage $
kerio-Mail-QuotaMessage $
kerio-Mail-HomeServer $
kerio-Mail-MaxOutgoingMessageSize $
kerio-Mail-WebReplyToAddress $
groupMemberShip $
apple-generateduid $
kerio-Mail-Preferred-Address ) )

objectclass ( 1.3.6.1.4.1.10311.2.2.2.2
NAME 'kerio-Mail-Group'
AUXILIARY
SUP top
MAY (
kerio-Mail-Active $
kerio-Mail-AdminRights $
kerio-Mail-Authorization $
apple-generateduid $
kerio-Mail-Address ) )

=======================================================

================================================
cn={4}kerio.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 84e834c7
dn: cn={4}kerio
objectClass: olcSchemaConfig
cn: {4}kerio
olcAttributeTypes: {0}( 1.3.6.1.4.1.10311.1.2.2.1 NAME 'kerio-Mail-Active' EQU
ALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {1}( 1.3.6.1.4.1.10311.1.2.2.2 NAME 'kerio-Mail-AccountEnab
led' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
)
olcAttributeTypes: {2}( 1.3.6.1.4.1.10311.1.0.2.1 NAME 'kerio-User-AuthPIN' EQ
UALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.4.1.10311.1.2.2.5 NAME 'kerio-Mail-AdminRights
' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
)
olcAttributeTypes: {4}( 1.3.6.1.4.1.10311.1.2.2.6 NAME 'kerio-Mail-Address' EQ
UALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {5}( 1.3.6.1.4.1.10311.1.2.2.7 NAME 'kerio-Mail-ForwardMode
' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {6}( 1.3.6.1.4.1.10311.1.2.2.8 NAME 'kerio-Mail-ForwardAddr
ess' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {7}( 1.3.6.1.4.1.10311.1.2.2.9 NAME 'kerio-Mail-QuotaStorag
e' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
)
olcAttributeTypes: {8}( 1.3.6.1.4.1.10311.1.2.2.10 NAME 'kerio-Mail-QuotaMessa
ge' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALU
E )
olcAttributeTypes: {9}( 1.3.6.1.4.1.10311.1.2.2.24 NAME 'kerio-Mail-Authorizat
ion' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {10}( 1.3.6.1.4.1.10311.1.2.2.25 NAME 'kerio-Mail-HomeServe
r' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
)
olcAttributeTypes: {11}( 1.3.6.1.4.1.10311.1.2.2.26 NAME 'kerio-Mail-MaxOutgoi
ngMessageSize' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
olcAttributeTypes: {12}( 1.3.6.1.4.1.10311.1.2.2.22 NAME 'kerio-Mail-WebReplyT
oAddress' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL
E-VALUE )
olcAttributeTypes: {13}( 1.3.6.1.4.1.10311.1.2.2.27 NAME 'kerio-Mail-Preferred
-Address' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL
E-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.4.1.10311.1.2.2.28 NAME 'groupMemberShip' EQU
ALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {15}( 1.3.6.1.4.1.10311.1.2.2.29 NAME 'apple-generateduid'
DESC 'generated unique ID' EQUALITY caseExactMatch SUBSTR caseExactSubstrings
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.4.1.10311.2.2.2.1 NAME 'kerio-Mail-User' SUP to
p AUXILIARY MAY ( kerio-Mail-Active $ kerio-Mail-AccountEnabled $ kerio-User-
AuthPIN $ kerio-Mail-AdminRights $ kerio-Mail-Authorization $ kerio-Mail-Addr
ess $ kerio-Mail-ForwardMode $ kerio-Mail-ForwardAddress $ kerio-Mail-QuotaSt
orage $ kerio-Mail-QuotaMessage $ kerio-Mail-HomeServer $ kerio-Mail-MaxOutgo
ingMessageSize $ kerio-Mail-WebReplyToAddress $ groupMemberShip $ apple-gener
ateduid $ kerio-Mail-Preferred-Address ) )
olcObjectClasses: {1}( 1.3.6.1.4.1.10311.2.2.2.2 NAME 'kerio-Mail-Group' SUP t
op AUXILIARY MAY ( kerio-Mail-Active $ kerio-Mail-AdminRights $ kerio-Mail-Au
thorization $ apple-generateduid $ kerio-Mail-Address ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 4d5c04ba-7616-1033-95f3-55880fae5256
creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
createTimestamp: 20140522160304Z
entryCSN: 20140522160304.647760Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20140522160304Z

================================================

[Updated on: Fri, 23 May 2014 10:51]

  •  
robertflavia

Messages: 100
Karma: -5
Send a private message to this user
Thanks Pavel,

I can now see LDAP users and groups in Kerio Smile . Not sure what the problem was. Typo?

There are 2 more issues. When double clicking on LDAP groups or users I cannot edit the users in the Kerio Admin Website. The message is "the item doesn't exist". Please see attached screenshot.

1. Is this correct behaviour?
2. Or do I need add more Kerio attributes to LDAP?

Kind regards

Robert

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
It seems to be related to the empty apple-generateduid attributes in user and group objects. You will need to fill this attribute for all objects with unique identifiers (eg. 2463e8ba-6bd0-4c7d-822e-cd246b5b995c): http://www.guidgenerator.com/online-guid-generator.aspx
rroemhild

Messages: 3
Karma: 2
Send a private message to this user
Pavel Dobry (Kerio) wrote on Fri, 23 May 2014 17:10
It seems to be related to the empty apple-generateduid attributes in user and group objects. You will need to fill this attribute for all objects with unique identifiers (eg. 2463e8ba-6bd0-4c7d-822e-cd246b5b995c):...


I use the entryUUID attribute for unique user and group identifiers with OpenLDAP.

<variable>
  <name>Guid</name>
  <value><attribute type="string">entryUUID</attribute></value>
</variable>


Kind regards
Previous Topic: How to rename a user account
Next Topic: Activesync issues with syncing time period
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Aug 19 03:37:40 CEST 2017

Total time taken to generate the page: 0.00506 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.