Author Topic: LDAP & Active Directory  (Read 15846 times)

Offline fsjjeff

  • Newbie
  • *
  • Posts: 5
LDAP & Active Directory
« on: May 25, 2007, 06:06:30 PM »
OK, perhaps this is so self-evident that it doesn't require documentation and I'm just dense not to have figured it out, but I'm having a heck of a time trying to get the LDAP address book feature working against our Active Directory server.

I've seen several other posts here with similar questions, but no answers, so I'm REALLY hoping that this project can must some kind of documentation / response, as I don't think I'm the only one struggling with this.

Just as a bit of background, I'm using this same LDAP address book with both Outlook, Thunderbird and Apple Mail with no problems, but for the life of me can't get it working with RoundCubeMail.

I've gone into the main.inc.php file and edited the LDAP portion to below:

$rcmail_config['ldap_public']['SD60'] = array('hosts' => array('server.address.com'),
   'port'     => 389,
   'base_dn'    => 'dc=***,dc=***,dc=bc,dc=ca',
   'search_fields' => array('Email' => 'mail', 'Name' => 'cn'),
   'name_field'  => 'cn',
   'mail_field'  => 'mail',
   'scope'     => 'sub',
   'fuzzy_search' => 1);

Now if I try to do an LDAP search it *looks* like it's doing something, but after chugging away for a time, roundcube just bumps me back to the login screen.

I've also tried installing a couple of the patches I've found to allow binding to the LDAP, but again haven't had any luck with those either, although that may be me not putting the bind dn properly.

Huge thanks and gratitude to anyone who can point me in the right direction with this.

Cheers

Jeff

Offline rtomanek

  • Newbie
  • *
  • Posts: 8
Re: LDAP & Active Directory
« Reply #1 on: May 26, 2007, 06:48:05 AM »
Hi Jeff,

 while I do not know the exact answer to your question:

 (1) Check the server logs -- I am only familiar with OpenLDAP but I presume AD should also generate some kind of logs. By checking them, you can at least see whether RoundCube does a proper login, the query itself and the number of results (depending on the server loglevel, of course). I spent a few hours debugging the OpenLDAP<->RoundCube connection and the server logs proved to be the most useful piece of information for me (or sufficient at least, though I still have some problems, so I may need to augment the PHP code to spit out some debug info).

 (2) I do not see any login info in the config you sent, so you are using an anonymous service? If not, add the login parameters to the config file. Obvious, I know...

 (3) I'd stick with the latest official revision of RoundCube, it has some latest LDAP patches applied. I believe most of the (older) patches on the forum will be inapplicable in this case.

 (4) You may also wish to try configuring RoundCube for another LDAP/ AD server.

 As you see, no solid info here, sorry. Check the server logs, though, so you can isolate the problem. I had similar problems, RoundCube looked as if it was doing something, but returning no results. Only after checking the logs and correcting some obvious mistakes of mine were I able to at least retrieve search results from the server.

Regards,
Robert

Offline fsjjeff

  • Newbie
  • *
  • Posts: 5
Re: LDAP & Active Directory
« Reply #2 on: May 28, 2007, 11:04:27 PM »
Hey Robert,

Thanks for the ideas, did some looking but still had problems getting it to work. Did get it to work by installing the latest nightly from the SVN, and I like the product better to boot, although there are some graphical glitches with Apple's Safari browser when dealing with both the preview pane and the HTML compose window (which doesn't seem to work at all). Overall I think I'm going to go with the SVN version and see how it fares.

Thanks for the thoughts though.

Jeff

Offline RemX

  • Newbie
  • *
  • Posts: 3
Re: LDAP & Active Directory
« Reply #3 on: June 04, 2007, 11:17:06 AM »
Hello,
after a classic LDAP configuration in main.inc.php (you need also to fill 'bind_dn' and 'bind_pass' ) it wouldn't connect! No matter any change!
except 'port'     => 3268,
In fact Micro$ doesn't use a fully LDAP compliant implementation on port 389, use this one instead.

Hope it help!

Remi.

Offline aevangelista

  • Jr. Member
  • **
  • Posts: 12
Re: LDAP & Active Directory
« Reply #4 on: June 04, 2007, 01:29:24 PM »
Mine seems to be grayed out with the SVN. Know anything about that? Could you explain more about the ports? I have been trying to get this thing to connect for months now and have still yet to make it work.

Thanks,
Austin

Offline scott2020

  • Newbie
  • *
  • Posts: 4
Re: LDAP & Active Directory
« Reply #5 on: June 04, 2007, 01:40:42 PM »
Most likely you will have to specify a bind dn username and password for the domain. Most AD domains won't allow anonymous query of the directory. I am booting up my server now and I'll paste in how I have mine configured and seems to work OK.

Scott

Offline scott2020

  • Newbie
  • *
  • Posts: 4
Re: LDAP & Active Directory
« Reply #6 on: June 04, 2007, 01:55:57 PM »
Here is what I did and it seems to work. The mail fields that get queried might be different depending on if you started fresh with a 2003 domain, or migrated from NT to 2003 AD. I did a migration from NT to 2003 AD.


$rcmail_config['ldap_public']['LOGH'] = array(
 'name'     => 'LOGH',
 'hosts'     => array('ip of domain controller'),
 'port'     => 389,
 'base_dn'    => 'cn=Users,dc=domain,dc=local',
 'bind_dn'    => 'domain\administrator',
 'bind_pass'   => 'password',
 'encoding'   => 'utf8',
 'search_fields' => array('Email', 'Name'),
 'name_field'  => 'cn',  // this field represents the contact's name
 'email_field'  => 'mail', // this field represents the contact's e-mail
 'scope'     => 'sub',  // search mode: sub|base|list
 'filter'    => '',   // will be &'d with search field ex: (status=act)
 'fuzzy_search' => true);  // server allows wildcard search


Offline aevangelista

  • Jr. Member
  • **
  • Posts: 12
Re: LDAP & Active Directory
« Reply #7 on: June 04, 2007, 03:09:01 PM »
what RC release do you have installed? because you seem to have different options from the RC1 release and even the current SVN

Offline scott2020

  • Newbie
  • *
  • Posts: 4
Re: LDAP & Active Directory
« Reply #8 on: June 04, 2007, 03:55:22 PM »
I have the latest RC1 release installed. I also used the same settings for the previous beta version and they seemed to work. I have not tried anything from SVN.

Scott

Offline scott2020

  • Newbie
  • *
  • Posts: 4
Re: LDAP & Active Directory
« Reply #9 on: June 04, 2007, 05:03:50 PM »
I should also mention that some of those I added myself and were not options listed in the sample config file. I added bind_dn, bind_pass, encoding, I think that is it.

Scott

Offline RemX

  • Newbie
  • *
  • Posts: 3
Re: LDAP & Active Directory
« Reply #10 on: June 05, 2007, 05:15:29 AM »
Hi,
Port 389 is used to browse Active directory, port 3268 is used to browe the global catalog.

Here is my LDAP conf and it works quite well


 $rcmail_config['ldap_public']['myGroup'] = array(
  'name'     => 'myGroup',
  'hosts'     => array('host'),
  'port'     => 3268,
  'base_dn'    => 'DC=myDomain,DC=fr',
  'bind_dn'    => 'CN=user,DC=myDomain,DC=fr',
  'bind_pass'   => 'password',
  'search_fields' => array('userPrincipalName', 'cn'), // fields to search in
  'name_field'  => 'cn',  // this field represents the contact's name
  'firstname_field' => 'givenName', // this field represents the contact's first name
  'surname_field' => 'sn',  // this field represents the contact's last name
  'email_field'  => 'userPrincipalName', // this field represents the contact's e-mail
  'scope'     => 'sub',  // search mode: sub|base|list
  'filter'    => '(userPrincipalName=*)',   // will be &'d with search field ex: (status=act)
  'fuzzy_search' => TRUE);  // server allows wildcard search

I use the 'userPrincipalName' field for email, because my mail field is not registered in my AD. The filter used is to get rid of all system objecs queries.
The same config with port 389 doesnt work.




Offline aevangelista

  • Jr. Member
  • **
  • Posts: 12
Re: LDAP & Active Directory
« Reply #11 on: June 05, 2007, 11:35:17 AM »
 :D :D :D :D

AWESOME!

now if i could get it to default to show the whole list by default instead of having to search for individual people each time you go to the page.

Thanks a ton guys!

Offline RemX

  • Newbie
  • *
  • Posts: 3
Re: LDAP & Active Directory
« Reply #12 on: June 07, 2007, 09:41:06 AM »
 :D
Hey you know what? I'm having the same wish. The must would be to have auto-completion of the mail while filling the "to" field, like with personnal adress book.

an idea?