From ISPMan

varalch monelze

This page is currently under development by

PedroAlgarvio

This information maybe incomplete or wrong so please use this information at your own risk. Thank you.

Feel free to make suggestions or edit this page.

[edit] Initial Thoughts

Thinking on adding a centralized address book for your ISPMan installation(s) domain(s)/user(s)?

s0undt3ch has found you the solution ;)

First of all I'd like to thank Andreas John for providing me with the needed bootstrap to achieve this, and also, all of the folks on #ldap who helped a lot with my noobiness regarding ldap ACL's according to research papers.

This is by no means, of course, the only way to do this, and probably not the best one since there's not even a standard way to do it, not even a standard ldap schema besides inetOrgPerson probably, which lacks lot's of fields for what you're probably used to with Thunderbird, (M$) 0utlook, Evolution, etc, etc, etc.

[edit] The Hard Way

[edit] LDAP Tree Changes / Additions

You're probably very used to the ISPMan tree by now, and with the suggestion of trappist on our wonderful IRC channel, this implementation is the less intrusive possible on your current ldap tree.

The initial PAB's(Personal Address Books) ldif is:

dn: ou=pabs,o=ispman
objectClass: top
objectClass: organizationalUnit
ou: pabs

Of course, change o=ispman to whatever ldapBaseDN you adopted when you installed ISPMan, then import that into your tree.

Now, for every domain, you'll have to also add to ldap:

dn: ou=domain.tld,ou=pabs,o=ispman
objectClass: top
objectClass: organizationalUnit
ou: domain.tld

And for every new user:

dn: ou=user_domain_tld,ou=domain.tld,ou=pabs,o=ispman
objectClass: top
objectClass: organizationalUnit
ou: user_domain_tld

Now you might ask:
Since ISPMan CVS now supports the user@domain.tld login's why not use that for the user's PAB DN?
The quick and only answer is, because it eases a lot the needed ACL's to include in slapd.conf which I now tell you what they are, heh, what it is ;).
Add to your slapd.conf:

access to dn.regex="^(.+,)?ou=([^,]+),ou=([^,]+),ou=pabs,o=ispman$"
    by dn.exact,expand="uid=$2,ou=users,ispmanDomain=$3,o=ispman" write
    by * none

The above means that we expect 2 matching groups, plus an optional 3rd, which actually comes first. The last 2 groups are needed to build the dn which will have write access to the PAB. Everyone else, does not even get a change to read it. The optional first group is to match every entry we add to our PAB and to allow us to add, edit and delete those entries.
If you need to better understand this, man slapd.access ;).

One last thing regarding the above ACL which you must add to your slapd.conf, the order of the ACL's MATTERS.
If only I had thought about that it would have saved me a couple of hours arround the subject.

[edit] TO NOT FORGET

--- Driver.php.old      2007-03-31 22:35:50.000000000 +0100
+++ Driver.php  2007-03-31 22:26:21.000000000 +0100
@@ -142,6 +142,9 @@
                 $fields[$this->map[$key]] = $val;
             }
         }
+        if (empty($fields['cn'])) {
+            $fields['cn'] = $fields['givenName'] . ' ' . $fields['sn'];
+        }
         return $fields;
     }

[edit] The Easy Way

[edit] ISPman Patching

Patch to ISPMan(CVS HEAD) to naturally create/delete domain/user PAB(s).

Index: install-data/examples/openldap/slapd.ldapv3.conf.tmpl
===================================================================
RCS file: /cvsroot/ispman/ispman/install-data/examples/openldap/slapd.ldapv3.conf.tmpl,v
retrieving revision 1.3
diff -r1.3 slapd.ldapv3.conf.tmpl
72a73,76
> # PAB ACL's
> access to dn.regex="^(.+,)?ou=([^,]+),ou=([^,]+),ou=pabs,%%ldapBaseDN%%$"
>     by dn.exact,expand="uid=$2,ou=users,ispmanDomain=$3,%%ldapBaseDN%%" write
>     by * none
Index: install-data/ldifs/base.ldif
===================================================================
RCS file: /cvsroot/ispman/ispman/install-data/ldifs/base.ldif,v
retrieving revision 1.7
diff -r1.7 base.ldif
33a34,39
> # PAB Stuff
> dn: ou=pabs,%%ldapBaseDN%%
> objectClass: top
> objectClass: organizationalUnit
> ou: pabs
>
Index: install-data/templates/domain.common.ldif.template
===================================================================
RCS file: /cvsroot/ispman/ispman/install-data/templates/domain.common.ldif.template,v
retrieving revision 1.9
diff -r1.9 domain.common.ldif.template
41c41,45
<
---
> # PAB Stuff
> dn: ou=<perl>$domain</perl>, ou=pabs,  <perl>$ispman->getConf("ldapBaseDN")</perl>
> objectClass: top
> objectClass: organizationalUnit
> ou: <perl>$domain</perl>
Index: install-data/templates/users.ldif.template
===================================================================
RCS file: /cvsroot/ispman/ispman/install-data/templates/users.ldif.template,v
retrieving revision 1.16
diff -r1.16 users.ldif.template
72c72,76
<
---
> # PAB Stuff
> dn: ou=<perl>$r->param("uid")</perl>, ou=<perl>$r->param("ispmanDomain")</perl>, ou=pabs, <perl>$ispman->getConf("ldapBaseDN")</perl>
> objectClass: top
> objectClass: organizationalUnit
> ou: <perl>$r->param("uid")</perl>
Index: lib/ISPMan/DomainMan.pm
===================================================================
RCS file: /cvsroot/ispman/ispman/lib/ISPMan/DomainMan.pm,v
retrieving revision 1.88
diff -r1.88 DomainMan.pm
468a469,473
>       # Delete Domain PAB's
>       $self->delTree(
>               'ou=' . $domain . ',ou=pabs,' . $self->getConf("ldapBaseDN")
>       );
>
Index: lib/ISPMan/UserMan.pm
===================================================================
RCS file: /cvsroot/ispman/ispman/lib/ISPMan/UserMan.pm,v
retrieving revision 1.65
diff -r1.65 UserMan.pm
305a306,308
>     # Delete User PAB
>     my $pab_dn = 'ou=' . $self->{'user'}{'uid'} . ',ou=' . $self->{'user'}{'ispmanDomain'} . ',ou=pabs,' . $self->getConf("ldapBaseDN");
>     $self->delTree( $pab_dn );