search

Programmierus / ldap-mailcow

LDAP account synchronization and authentication for mailcow-dockerized
96 stars 37 forks source link

OpenLDAP compatibility #15

Open netthier opened 3 years ago

netthier commented 3 years ago

This tool does not seem to support OpenLDAP, since syncer.py relies on the userPrincipalName attribute being present. This attribute is only available in Microsoft AD, and attempting to use this tool with OpenLDAP results in the following error:

ldap-mailcow    | 19.01.21 16:04:20 Config file conf/dovecot/ldap/passdb.conf unchanged
ldap-mailcow    | 19.01.21 16:04:20 Config file conf/dovecot/extra.conf unchanged
ldap-mailcow    | 19.01.21 16:04:20 Config file conf/sogo/plist_ldap unchanged
ldap-mailcow    | Traceback (most recent call last):
ldap-mailcow    |   File "syncer.py", line 181, in <module>
ldap-mailcow    |     main()
ldap-mailcow    |   File "syncer.py", line 31, in main
ldap-mailcow    |     sync()
ldap-mailcow    |   File "syncer.py", line 52, in sync
ldap-mailcow    |     for (email, ldap_name, ldap_active) in ldap_results:
ldap-mailcow    |   File "syncer.py", line 46, in <lambda>
ldap-mailcow    |     x[1]['userPrincipalName'][0].decode(),
ldap-mailcow    | KeyError: 'userPrincipalName'

To make this compatible with the OpenLDAP "inetOrgPerson", a possible solution would be to make the attributes synced user-configurable. For example:

LDAP-MAILCOW_LDAP_USER_ATTR=mail # userPrincipalName by default
nicaiseeric commented 2 years ago

OpenLDAP compatilibility will make this project widely usable.

twstagg commented 2 years ago

@netthier @nicaiseeric you should be able to just manually change the attribute from 'userPrincipalName' to whatever you want. I changed mine to "mail". Then, as long as all users returned in the search of Base DN possess the attribute, the code will work.

AnBo83 commented 2 years ago

@twstagg Where can I change the code? the container does not start so that I cannot access the Docker volume ...

mario-spitze commented 2 years ago

@AnBo83 I could not start the Container to. Did you build the container from git? In Dockerfile i changed to a different version:

FROM python:alpine3.14

That's a new issue?

To the OpenLDAP topic: I simply changed userPrincipalName to mail but we run into other trouble now. OpenLDAP do not have the userAccountControl attribute and no standardized other solution. @twstagg How did you solve this?

schmittvictor commented 2 years ago

someone found a solution for the userAccountControl ?

l4b4r4b4b4 commented 1 year ago

someone found a solution for the userAccountControl ?

EDIT: Got the Dovecot site to work with OpenLDAP and LDAP Account Manager. Will do some documentation in Readme and publish everything to this dedicated repo before diving into SoGO and making sure everything works as it should. But looking promising so far...