Re: [Evolution] LDAP Authentication by E-Mail Address

[Tony Earnshaw <tonni billy demon nl>]

tir, 2003-01-28 kl. 19:51 skrev Thomas J. Baker:
> I have a working LDAP server which can be queried by Evolution when
> authenticating with a DN. Assuming this is an ACL problem, what other
> ACLs would I need to allow authenticating by email address?

Here's an ldif blank for Evo, for my cat Frigg av Borgund:

dn: cn=Frigg,ou=people,ou=groups,dc=hosts,dc=com
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: evolutionPerson
objectClass: posixAccount
objectClass: shadowAccount
sn: av Borgund
cn: Frigg
homePhone: +31 172 123 456
homePostalAddress:: TXVnZ2VubGFhbiAzCjI0NDEgQ(base64 etc)
initials: F.a.B.
mail: frigg host com
uidNumber: 508
gidNumber: 1001
structuralObjectClass: evolutionPerson
userPassword:: e2NyeXB0fXVhWnZ5Mjg0dy9CMnc=
homeDirectory: /u/home/frigg
loginShell: /bin/ksh
gecos: Katten Frigget
uid: frigg

Do you know enough to make your ACLs out of that?

evolutionperson.schema is included with Evo 1.2.x and you'll find it in
/usr/share/doc/evolution. BUT. It will only work as it is with Openldap
2.0.x, not 2.1.x - for which it will have to be modified. The other
schemas you need, including inetorgperson.schema, are in your schema
directory (wherever that is on your system).

Begin with (the very first) ACL:

access to dn="dc=hosts,dc=com"
        attr=userPasswd
        by anonymous auth
        by dn="cn=Admin,dc=hosts,dc=com" write

Without doing that, Admin won't be authenticated.

> In trying to debug what's going on, it seems evolution is searching
> objectClass and entry but I'm not familiar enough with LDAP to know
> what's going on. 

Why not subscribe to the opeldap list? www.openldap.org

Best,

Tony

-- 

Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:         tonni billy demon nl
www:            http://www.billy.demon.nl