LDAP configurations for Active Directory Users

[aevangelista]

Could someone please shed some light on the proper configuration settings needed to view Active Directory Users as an address book. I have tried the following settings and cannot seem to get the Address Book to populate.

Code: [Select]

$rcmail_config['ldap_public'][AddressBookName'] = array('hosts'     => array('LDAPhostname'),
                          'port'     => 389,
                          'base_dn'    => 'cn=users,dc=example,dc=com',
                          'search_fields' => array('Email' => 'mail', 'Name' => 'cn'),
                          'name_field'  => 'cn',
                          'mail_field'  => 'mail',
                          'scope'     => 'sub',
                          'fuzzy_search' => 1);

obviously this is just an example and my real code settings include my hostname and domain settings.

[aevangelista]

I take that as a no ?

[aevangelista]

sigh, I mean really..... No One?

[aevangelista]

should i ask the question a different way?

I need to get Roundcube to communicate with my Active Directory LDAP service on a Windows2003 server to authenticate with SPA. Does anyone out there know how the settings should look?

Thanks,
Austin

[aevangelista]

Im starting to feel like noone likes me.... Or am i asking the completely obscene or impossible ?

[microUgly]

These forums seem pretty quite - mostly populated by people asking questions but none of these people stick around to give answers.

I haven't done what you are wanting. But I have had some experiance with LDAP queries in PHP.

First thing - is there any errors in the log files that might reveal an issue?

Secondly, are you sure you are providing all the correct details? The example values are only examples. It maybe you don't have a field called "mail" or it might be called something else. You will need to confirm the field names with your Administrator.

Thirdly, is this an AD server or LDAP server you are trying to connect to. Most AD servers won't allow an anonymous connection. I don't know if RC allows you to specify a user to connect as.

Lastly, it may help if you determine what you can and cannot do with your server first by writing a simple PHP script to connect and query it to find out what fields are in it (if you're not an administrator who can find these details out otherwise).

[betatesteur751]

Hi !

I'm using RoundCube with TinyMCE editor

http://stadtherr.bounceme.net/files/roundcubemail_tinymce_v0.1beta2.tar.gz

The LDAP directory search does not work, my windows 2003 server allow anonymous connection ...

See Below my configuration

Code: [Select]

$rcmail_config['ldap_public']['My_Sample'] = array('hosts'     => array('root.xxx.fr'),
                          'port'     => 389,
                          'base_dn'    => 'cn=Users,dc=root,dc=xxx,dc=fr',
                          'search_fields' => array('Email' => 'mail', 'Name' => 'cn'),
                          'name_field'  => 'cn',
                          'mail_field'  => 'mail',
                          'scope'     => 'sub',
                          'fuzzy_search' => 1);
I'm not sure to have the right value : $rcmail_config['ldap_public']['My_Sample'] ?

My_Sample is a free value, or it must be fixed in Active Directory ?

another strange behavior, the search button is disable if language setting is set to French, when i switch to English the button become available

Any idea ?

[aevangelista]

First, i don't know how where the errors are logged if they are logging.

Secondly, I am pretty confident that i am providing the correct SearchBase information because the same string works for my Outlook Clients on all of the computers on my network when i set them to use the LDAP server as an address book. But as far as the "mail" field name goes, This is what i have gathered about Active Directory Defaults.

Code: [Select]

Microsoft Active Directory Defaults
If the LDAP server is a Microsoft Active Directory then the following defaults are used.

Config name Default value
ldap.schema.user-name-field
 sAMAccountName
 
ldap.schema.user-full-name-field
 displayName
 
ldap.schema.user-email-field
 mail
 
ldap.schema.user-name-search
 (&(sAMAccountName={0})(objectCategory=person)(objectClass=user)(sAMAccountType=805306368))
 
ldap.schema.group-name-field
 sAMAccountName
 
ldap.schema.group-member-field
 member
 
ldap.schema.group-search
 (&(member={0})(objectCategory=group))
 
ldap.schema.posix-groups
 N
 

Thirdly and lastly, I am the Network Administrator and i do have access to and permission to change this the way it needs to be changed to make it work. But yes this is an Active Directory Server. What is the impact of opening up an LDAP server to allow anonymous connections?