LDAP sync for Team Mailboxes

chibenwa commented 2 days ago

Why?

Automate Team mailboxes management through LDAP.

Be able to synchronise a list of groups from the LDAP as Twake Mail mailboxes.

Those groups could then be defined from a set of rules defined and replicated by a LinID bot.

This approach is very flexible and hopefully not specific to James / mails. We only need a LSC connector

LDAP data

I want to synchronise ou=groups,dc=james,dc=org in the following LDIF:

dn: ou=groups, dc=james,dc=org
ou: groups
objectClass: organizationalUnit

dn: cn=sales,ou=groups, dc=james,dc=org
objectclass: top
objectclass: groupofnames
member: uid=usera,ou=people,dc=james,dc=org
member: uid=userb,ou=people,dc=james,dc=org
cn: mygroup
ou: groups

dn: cn=hiring,ou=groups, dc=james,dc=org
objectclass: top
objectclass: groupofnames
member: uid=userc,ou=people,dc=james,dc=org
member: uid=userb,ou=people,dc=james,dc=org
cn: mygroup
ou: groups

Resulting in the following team mailboxes:

sales@james.org with users usera@james.org and userb@james.org
hiring@james.org with users userb@james.org and userc@james.org

Please note that:

We can use the CN in order to build the local part of a group.
User mails needs to be recovered from their DN and not inferred by their uid

How?

Add a script for LSC twake mail in order to do this.

chibenwa commented 2 days ago

@guimard is it possible to attach a mail property into the groupofnames ? Or we just use the cn for building the team mailbox name?

guimard commented 2 days ago

@guimard is it possible to attach a mail property into the groupofnames ? Or we just use the cn for building the team mailbox name?

Not directly, we need a schemas change

chibenwa commented 2 days ago

Ok then we can likely configure the domain name on LSC, and rely on the cn to build the mail address.

guimard commented 1 day ago

Ok then we can likely configure the domain name on LSC, and rely on the cn to build the mail address.

Not exactly: we need to distinguish groups with mail and groups without. Maybe more, group mailbox can be :

a "team mailbox" : shared messages
a mailing list : a copy of mail for each member

A standard LDAP group has the following attributes :

cn
member (multi-valued)
optional:
- businessCategory
- seeAlso
- owner
- ou (multi-valued)
- o
- description

@chibenwa, @jcabannes, @shepilov: maybe we can use the "businessCategory" here to defined the "role" of the group. For example if:

it contains "tmailbox" => team mailbox
it contains "mlist" => mailing list
it contains "drive" => shared drive

chibenwa commented 1 day ago

@chibenwa, @jcabannes, @shepilov: maybe we can use the "businessCategory" here to defined the "role" of the group.

I am not against but I thought the LDAP base would serve this purpose.

dn: ou=tmailbox, dc=james,dc=org
dn: ou=mlist, dc=james,dc=org

dn: cn=sales,ou=tmailbox, dc=james,dc=org
dn: cn=hiring,ou=tmailbox, dc=james,dc=org

dn: cn=paris,ou=mlist, dc=james,dc=org

I think it could be simpler.

(Can businessCategory be multi-valued?)

guimard commented 1 day ago

@chibenwa, @jcabannes, @shepilov: maybe we can use the "businessCategory" here to defined the "role" of the group.

I am not against but I thought the LDAP base would serve this purpose.
dn: ou=tmailbox, dc=james,dc=org
dn: ou=mlist, dc=james,dc=org

dn: cn=sales,ou=tmailbox, dc=james,dc=org
dn: cn=hiring,ou=tmailbox, dc=james,dc=org

dn: cn=paris,ou=mlist, dc=james,dc=org
I think it could be simpler.

(Can businessCategory be multi-valued?)

But then it exclude having both mail and drive, no ?

chibenwa commented 1 day ago

Can businessCategory be multi-valued?

guimard commented 1 day ago

Can businessCategory be multi-valued?

Yes but I prefer a space-concatened string

chibenwa commented 1 day ago

Ok then I fully agree to use businessCategory

linagora / tmail-backend