Roundcube Community Forum

 

Trying to get Roundcube Identity via AD connection

Started by Stuckbert, October 16, 2020, 08:14:57 AM

Previous topic - Next topic

Stuckbert

Hi Roundcube Community,
i am currently trying to solve a very specific issue (am quiet unsure if this is the right forum for those support requests, but worth a try ;) ):
We are currently facing a transition from ldap to Active Directory. Therefore the authentication of roundcube is done directly throught our imap server with ldap connection with UID as username, but we try to bind all other direct connections already to our AD node, where the old UID is the sAMAccountName attribute and the authentication/identification rund mainly throught the CN.

So what's currently working in our Setup is:
* Authentication throught IMAP with LDAP Connection
* Sending and receiving mails
* Addressbook with AD connection

What we wan't to archieve and does not work yet:
* Trying to get emailadress/domain/full name from AD and automatically create the user identitiy with those information

For that goal, i already tried playing around with the new_user_identity and virtuser_file plugin, but am currently a bit lost in the progress.

My configuration for new_user_identity plugin looks as following:
Quote$config['new_user_identity_addressbook'] = 'Addressbook';
$config['new_user_identity_match'] = 'sAMAccountName';
$config['new_user_identity_onlogin'] = 'true';


This leads to ... nothing - no log messages, nothing happens during first login, no identity is created.

Regarding the virtuser_file usage, i tried to implement an ldap/ad request directly within the plugin, but didn't get that working yet. So i assume it would more irritate to post the code here, but can do that of course, if it helps...

So my question is: Did anybody else already try to get the identity creation with AD informations? Are there any plugins existing for that which i did not find yet? Can anybody help me with that connection?

Thanks in advance,
Best,
Stuckbert

andreashaerter

#1
I know this thread is quite old, but for web searchers hitting this: I think this is not possible with the current version of the plugin.

I tried the same as you and was also not successful. I therefore had a quick look at the source code at


as far as it seems the fieldname where the data is read from the directory is hardcoded. So even if sAMAccountName is used to search the user because of the config option, there is no config to set a field mapping for reading the data you want from found Active Directory users (like: get the name from X, get Y from Z).

Or did I miss the part where the fieldmap array from $config['ldap_public'][ .. ] gets used?

andreashaerter

Hey Stuckbert,

as I posted before, I had the same need for such a plugin and tried the same as you without success. Therefore we developed a new plugin which should do what you need, see https://www.roundcubeforum.net/index.php/topic,30846.0.html.

TL;DR: