2016-10-15 19:57:04 +02:00
<!DOCTYPE html>
< html lang = "en" dir = "ltr" >
< head >
< meta charset = "utf-8" / >
< title > documentation:2.0:applications:obm< / title >
< meta name = "generator" content = "DokuWiki" / >
< meta name = "robots" content = "index,follow" / >
< meta name = "keywords" content = "documentation,2.0,applications,obm" / >
< link rel = "search" type = "application/opensearchdescription+xml" href = "../lib/exe/opensearch.html" title = "LemonLDAP::NG" / >
< link rel = "start" href = "obm.html" / >
< link rel = "contents" href = "obm.html" title = "Sitemap" / >
< link rel = "stylesheet" type = "text/css" href = "../lib/exe/css.php.t.bootstrap3.css" / >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< link rel = "stylesheet" type = "text/css" href = "/javascript/bootstrap/css/bootstrap.min.css" / >
//elsif:useexternallibs
< link rel = "stylesheet" type = "text/css" href = "https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" > < / script >
//elsif:cssminified
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.min.css" / >
//else -->
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.css" / >
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< script type = "text/javascript" > / * < ! [ C D A T A [ * / v a r N S = ' d o c u m e n t a t i o n : 2 . 0 : a p p l i c a t i o n s ' ; v a r J S I N F O = { " i d " : " d o c u m e n t a t i o n : 2 . 0 : a p p l i c a t i o n s : o b m " , " n a m e s p a c e " : " d o c u m e n t a t i o n : 2 . 0 : a p p l i c a t i o n s " } ;
/*!]]>*/< / script >
< script type = "text/javascript" charset = "utf-8" src = "../lib/exe/js.php.t.bootstrap3.js" > < / script >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery/jquery.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/jquery-2.2.0.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.js" > < / script >
<!-- //endif -->
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery-ui/jquery-ui.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/ui/1.10.4/jquery-ui.min.js" > < / script >
//elsif:jsminified
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.min.js" > < / script >
2017-02-07 17:35:26 +01:00
//else -->
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.js" > < / script >
2017-02-07 17:35:26 +01:00
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< / head >
< body >
< div class = "dokuwiki export container" >
<!-- TOC START -->
< div id = "dw__toc" >
< h3 class = "toggle" > Table of Contents< / h3 >
< div >
< ul class = "toc" >
< li class = "level1" > < div class = "li" > < a href = "#presentation" > Presentation< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#configuration" > Configuration< / a > < / div >
< ul class = "toc" >
< li class = "level2" > < div class = "li" > < a href = "#obm1" > OBM< / a > < / div > < / li >
< li class = "level2" > < div class = "li" > < a href = "#llng" > LL::NG< / a > < / div >
< ul class = "toc" >
< li class = "level3" > < div class = "li" > < a href = "#attributes_and_macros" > Attributes and macros< / a > < / div > < / li >
< li class = "level3" > < div class = "li" > < a href = "#virtual_host" > Virtual host< / a > < / div > < / li >
< li class = "level3" > < div class = "li" > < a href = "#other" > Other< / a > < / div > < / li >
< / ul > < / li >
< / ul > < / li >
< / ul >
< / div >
< / div >
<!-- TOC END -->
< h1 class = "sectionedit1" id = "obm" > OBM< / h1 >
< div class = "level1" >
< p >
< a href = "obm_logo.png_documentation_2.0_applications_obm.html" class = "media" title = "applications:obm_logo.png" > < img src = "obm_logo.png" class = "mediacenter" alt = "" / > < / a >
< / p >
< / div >
<!-- EDIT1 SECTION "OBM" [1 - 54] -->
< h2 class = "sectionedit2" id = "presentation" > Presentation< / h2 >
< div class = "level2" >
< p >
< a href = "http://obm.org" class = "urlextern" title = "http://obm.org" rel = "nofollow" > OBM< / a > is enterprise-class messaging and collaboration platform for workgroup or enterprises with many thousands users. OBM includes Groupware, messaging server, CRM, LDAP, Windows Domain, smartphone and PDA synchronization…
< / p >
< p >
OBM is shipped with a < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > plugin with these features:
< / p >
< ul >
< li class = "level1" > < div class = "li" > < abbr title = "Single Sign On" > SSO< / abbr > on OBM web interface< / div >
< / li >
< li class = "level1" > < div class = "li" > Logout< / div >
< / li >
< li class = "level1" > < div class = "li" > User provisioning (account auto creation at first connection)< / div >
< / li >
< / ul >
< / div >
<!-- EDIT2 SECTION "Presentation" [55 - 488] -->
< h2 class = "sectionedit3" id = "configuration" > Configuration< / h2 >
< div class = "level2" >
< / div >
<!-- EDIT3 SECTION "Configuration" [489 - 515] -->
< h3 class = "sectionedit4" id = "obm1" > OBM< / h3 >
< div class = "level3" >
< p >
To enable < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > authentication plugin, go in < code > /etc/obm/obm_conf.inc< / code > :
< / p >
< pre class = "code file php" > < span class = "re0" > $auth_kind< / span > < span class = "sy0" > =< / span > < span class = "st_h" > 'LemonLDAP'< / span > < span class = "sy0" > ;< / span >
< span class = "re0" > $lemonldap_config< / span > < span class = "sy0" > =< / span > < a href = "http://www.php.net/array" > < span class = "kw3" > Array< / span > < / a > < span class = "br0" > ( < / span >
< span class = "st0" > " auto_update" < / span > < span class = "sy0" > => < / span > < span class = "kw4" > true< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > " auto_update_force_user" < / span > < span class = "sy0" > => < / span > < span class = "kw4" > true< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > " auto_update_force_group" < / span > < span class = "sy0" > => < / span > < span class = "kw4" > false< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > " url_logout" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " https://OBMURL/logout" < / span > < span class = "sy0" > ,< / span >
< span class = "st0" > " server_ip_address" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " localhost" < / span > < span class = "sy0" > ,< / span >
< span class = "st0" > " server_ip_check" < / span > < span class = "sy0" > => < / span > < span class = "kw4" > false< / span > < span class = "sy0" > ,< / span >
< span class = "st0" > " debug_level" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " NONE" < / span > < span class = "sy0" > ,< / span >
< span class = "co1" > // " debug_header_name" => " HTTP_OBM_UID" ,< / span >
< span class = "co1" > // " group_header_name" => " HTTP_OBM_GROUPS" ,< / span >
< span class = "st0" > " headers_map" < / span > < span class = "sy0" > => < / span > < a href = "http://www.php.net/array" > < span class = "kw3" > Array< / span > < / a > < span class = "br0" > ( < / span >
< span class = "co1" > //" userobm_gid" => " HTTP_OBM_GID" ,< / span >
< span class = "co1" > //" userobm_domain_id" => ,< / span >
< span class = "st0" > " userobm_login" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " HTTP_OBM_UID" < / span > < span class = "sy0" > ,< / span >
< span class = "st0" > " userobm_password" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " HTTP_OBM_USERPASSWORD" < / span > < span class = "sy0" > ,< / span >
< span class = "co1" > //" userobm_password_type" => ,< / span >
< span class = "st0" > " userobm_perms" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " HTTP_OBM_PERMS" < / span > < span class = "sy0" > ,< / span >
< span class = "co1" > //" userobm_kind" => ,< / span >
< span class = "st0" > " userobm_lastname" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " HTTP_OBM_SN" < / span > < span class = "sy0" > ,< / span >
< span class = "st0" > " userobm_firstname" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " HTTP_OBM_GIVENNAME" < / span > < span class = "sy0" > ,< / span >
< span class = "co1" > // " userobm_title" => " HTTP_OBM_TITLE" ,< / span >
< span class = "st0" > " userobm_email" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " HTTP_OBM_MAIL" < / span > < span class = "sy0" > ,< / span >
< span class = "st0" > " userobm_datebegin" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " HTTP_OBM_DATEBEGIN" < / span > < span class = "sy0" > ,< / span >
< span class = "co1" > //" userobm_account_dateexp" => ,< / span >
< span class = "co1" > //" userobm_delegation_target" => ,< / span >
< span class = "co1" > //" userobm_delegation" => ,< / span >
< span class = "st0" > " userobm_description" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " HTTP_OBM_DESCRIPTION" < / span > < span class = "sy0" > ,< / span >
< span class = "co1" > //" userobm_archive" => ,< / span >
< span class = "co1" > //" userobm_hidden" => ,< / span >
< span class = "co1" > //" userobm_status" => ,< / span >
< span class = "co1" > //" userobm_local" => ,< / span >
< span class = "co1" > //" userobm_photo_id" => ,< / span >
< span class = "st0" > " userobm_phone" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " HTTP_OBM_TELEPHONENUMBER" < / span > < span class = "sy0" > ,< / span >
< span class = "co1" > //" userobom_phone2" => ,< / span >
< span class = "co1" > //" userobm_mobile" => ,< / span >
< span class = "st0" > " userobm_fax" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " HTTP_OBM_FACSIMILETELEPHONENUMBER" < / span > < span class = "sy0" > ,< / span >
< span class = "co1" > //" userobm_fax2" => ,< / span >
< span class = "st0" > " userobm_company" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " HTTP_OBM_O" < / span > < span class = "sy0" > ,< / span >
< span class = "co1" > //" userobm_direction" => ,< / span >
< span class = "st0" > " userobm_service" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " HTTP_OBM_OU" < / span > < span class = "sy0" > ,< / span >
< span class = "st0" > " userobm_address1" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " HTTP_OBM_POSTALADDRESS" < / span > < span class = "sy0" > ,< / span >
< span class = "co1" > //" userobm_address2" => ,< / span >
< span class = "co1" > //" userobm_address3" => ,< / span >
< span class = "st0" > " userobm_zipcode" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " HTTP_OBM_POSTALCODE" < / span > < span class = "sy0" > ,< / span >
< span class = "st0" > " userobm_town" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " HTTP_OBM_L" < / span > < span class = "sy0" > ,< / span >
< span class = "st0" > " userobm_zipcode" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " HTTP_OBM_POSTALCODE" < / span > < span class = "sy0" > ,< / span >
< span class = "st0" > " userobm_town" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " HTTP_OBM_L" < / span > < span class = "sy0" > ,< / span >
< span class = "co1" > //" userobm_expresspostal" => ,< / span >
< span class = "co1" > //" userobm_host_id" => ,< / span >
< span class = "co1" > //" userobm_web_perms" => ,< / span >
< span class = "co1" > //" userobm_web_list" => ,< / span >
< span class = "co1" > //" userobm_web_all" => ,< / span >
< span class = "co1" > //" userobm_mail_perms" => ,< / span >
< span class = "co1" > //" userobm_mail_ext_perms" => ,< / span >
< span class = "co1" > //" userobm_mail_server_id" => ,< / span >
< span class = "co1" > //" userobm_mail_server_hostname" => ,< / span >
< span class = "st0" > " userobm_mail_quota" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " HTTP_OBM_MAILQUOTA" < / span > < span class = "sy0" > ,< / span >
< span class = "co1" > //" userobm_nomade_perms" => ,< / span >
< span class = "co1" > //" userobm_nomade_enable" => ,< / span >
< span class = "co1" > //" userobm_nomade_local_copy" => ,< / span >
< span class = "co1" > //" userobm_email_nomade" => ,< / span >
< span class = "co1" > //" userobm_vacation_enable" => ,< / span >
< span class = "co1" > //" userobm_vacation_datebegin" => ,< / span >
< span class = "co1" > //" userobm_vacation_dateend" => ,< / span >
< span class = "co1" > //" userobm_vacation_message" => ,< / span >
< span class = "co1" > //" userobm_samba_perms" => ,< / span >
< span class = "co1" > //" userobm_samba_home" => ,< / span >
< span class = "co1" > //" userobm_samba_home_drive" => ,< / span >
< span class = "co1" > //" userobm_samba_logon_script" => ,< / span >
< span class = "co1" > // ---- Unused values ? ----< / span >
< span class = "st0" > " userobm_ext_id" < / span > < span class = "sy0" > => < / span > < span class = "st0" > " HTTP_OBM_SERIALNUMBER" < / span > < span class = "sy0" > ,< / span >
< span class = "co1" > //" userobm_system" => ,< / span >
< span class = "co1" > //" userobm_nomade_datebegin" => ,< / span >
< span class = "co1" > //" userobm_nomade_dateend" => ,< / span >
< span class = "co1" > //" userobm_location" => ,< / span >
< span class = "co1" > //" userobm_education" => ,< / span >
< span class = "br0" > ) < / span > < span class = "sy0" > ,< / span >
< span class = "br0" > ) < / span > < span class = "sy0" > ;< / span > < / pre >
< p >
Parameters:
< / p >
< ul >
< li class = "level1" > < div class = "li" > < strong > url_logout< / strong > : < abbr title = "Uniform Resource Locator" > URL< / abbr > used by OBM to logout, will be caught by < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > < / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > headers_map< / strong > : map OBM internal field to < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > header< / div >
< / li >
< / ul >
< p >
Edit also OBM configuration to enable < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > Handler:
< / p >
< ul >
< li class = "level1" > < div class = "li" > For Apache:< / div >
< / li >
< / ul >
< pre class = "code file apache" > < < span class = "kw3" > VirtualHost< / span > *:< span class = "nu0" > 80< / span > >
< span class = "kw1" > ServerName< / span > obm.example.com
< span class = "co1" > # SSO protection< / span >
PerlHeaderParserHandler Lemonldap::NG::Handler
< span class = "kw1" > DocumentRoot< / span > /usr/share/obm/php
...
< /< span class = "kw3" > VirtualHost< / span > > < / pre >
< ul >
< li class = "level1" > < div class = "li" > For Nginx:< / div >
< / li >
< / ul >
< pre class = "code file nginx" > server {
listen 80;
server_name obm.example.com;
root /usr/share/obm/php;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH " " ;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
# Client requests
location ~ \.php$ {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
...
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}< / pre >
< / div >
<!-- EDIT4 SECTION "OBM" [516 - 7008] -->
< h3 class = "sectionedit5" id = "llng" > LL::NG< / h3 >
< div class = "level3" >
< / div >
< h4 id = "attributes_and_macros" > Attributes and macros< / h4 >
< div class = "level4" >
< p >
You will need to collect all attributes needed to create a user in OBM, this includes:
< / p >
< ul >
< li class = "level1" > < div class = "li" > First name< / div >
< / li >
< li class = "level1" > < div class = "li" > Last name< / div >
< / li >
< li class = "level1" > < div class = "li" > Login< / div >
< / li >
< li class = "level1" > < div class = "li" > Mail< / div >
< / li >
2019-02-12 17:32:02 +01:00
< li class = "level1" > < div class = "li" > ...< / div >
2016-10-15 19:57:04 +02:00
< / li >
< / ul >
< p >
To add these attributes, go in Manager, < code > Variables< / code > » < code > Exported Variables< / code > .
< / p >
< div class = "noteimportant" > If you plan to forward user' s password to OBM, then you have to < a href = "../passwordstore.html" class = "wikilink1" title = "documentation:2.0:passwordstore" > keep the password in session< / a > .
< / div >
< p >
You may also create these macros to manage OBM administrator account (< code > Variables< / code > » < code > Macros< / code > ):
< / p >
< div class = "table sectionedit6" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0" > field < / th > < th class = "col1" > value < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0" > uidR < / td > < td class = "col1 leftalign" > ($uid =~ /^admin0/i)[0] ? " admin0\@global.virt" : $uid < / td >
< / tr >
< tr class = "row2 roweven" >
< td class = "col0 leftalign" > mailR < / td > < td class = "col1 leftalign" > ($uid =~ /^admin0/i)[0] ? " " : ($mail =~ /^([^@]+)/)[0] . " \@example.com" < / td >
< / tr >
< / table > < / div >
<!-- EDIT6 TABLE [7522 - 7701] -->
< / div >
< h4 id = "virtual_host" > Virtual host< / h4 >
< div class = "level4" >
< p >
Create OBM virtual host (for example obm.example.com) in < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > configuration: < code > Virtual Hosts< / code > » < code > New virtual host< / code > .
< / p >
< p >
Then edit rules and headers.
< / p >
< / div >
< h5 id = "rules" > Rules< / h5 >
< div class = "level5" >
< p >
Define at least:
< / p >
< ul >
< li class = "level1" > < div class = "li" > < strong > Default rule< / strong > : who can access to the application< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Logout rule< / strong > : catch OBM logout< / div >
< / li >
< li class = "level1" > < div class = "li" > < strong > Exceptions< / strong > : allow anonymous access for specific URLs (connectors, etc.)< / div >
< / li >
< / ul >
< div class = "table sectionedit7" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0" > field < / th > < th class = "col1" > value < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0" > ^/logout< / td > < td class = "col1" > logout_sso< / td >
< / tr >
< tr class = "row2 roweven" >
< td class = "col0" > ^/obm-sync< / td > < td class = "col1" > unprotect< / td >
< / tr >
< tr class = "row3 rowodd" >
< td class = "col0" > ^/minig< / td > < td class = "col1" > unprotect< / td >
< / tr >
< tr class = "row4 roweven" >
< td class = "col0" > ^/Microsoft-Server-ActiveSync< / td > < td class = "col1" > unprotect< / td >
< / tr >
< tr class = "row5 rowodd" >
< td class = "col0" > ^/caldav< / td > < td class = "col1" > unprotect< / td >
< / tr >
< tr class = "row6 roweven" >
< td class = "col0" > default< / td > < td class = "col1" > accept (or whatever you want)< / td >
< / tr >
< / table > < / div >
<!-- EDIT7 TABLE [8083 - 8306] -->
< / div >
< h5 id = "headers" > Headers< / h5 >
< div class = "level5" >
< p >
Define headers used in OBM mapping, for example:
< / p >
< div class = "table sectionedit8" > < table class = "inline table table-bordered table-striped" >
< thead >
< tr class = "row0 roweven" >
< th class = "col0" > field < / th > < th class = "col1" > valeur < / th >
< / tr >
< / thead >
< tr class = "row1 rowodd" >
< td class = "col0" > OBM_GIVENNAME< / td > < td class = "col1" > $givenName< / td >
< / tr >
< tr class = "row2 roweven" >
< td class = "col0" > OBM_GROUPS< / td > < td class = "col1" > $groups< / td >
< / tr >
< tr class = "row3 rowodd" >
< td class = "col0" > OBM_UID< / td > < td class = "col1" > $uidR< / td >
< / tr >
< tr class = "row4 roweven" >
< td class = "col0" > OBM_MAIL< / td > < td class = "col1" > $mailR< / td >
< / tr >
< tr class = "row5 rowodd" >
< td class = "col0" > OBM_USERPASSWORD< / td > < td class = "col1" > $_password< / td >
< / tr >
< / table > < / div >
<!-- EDIT8 TABLE [8372 - 8500] -->
< / div >
< h4 id = "other" > Other< / h4 >
< div class = "level4" >
< p >
Do not forget to add OBM in < a href = "../portalmenu.html#categories_and_applications" class = "wikilink1" title = "documentation:2.0:portalmenu" > applications menu< / a > .
< / p >
< / div >
<!-- EDIT5 SECTION "LL::NG" [7009 - ] --> < / div >
< / body >
< / html >