OBM est une plateforme collaborative et de messagerie pour entreprises ou groupes de travail comprenant plusieurs milliers d'utilisateurs. OBM inclut un groupware, un serveur de messagerie, un CRM, un annuaire LDAP, un domaine Windows, un dispositif de synchronisation pour smartphone et PDA…
OBM est livré avec un composant LL::NG apportant les fonctionnalités suivantes :
Pour activer le composant d'authentification LL::NG, aller dans /etc/obm/obm_conf.inc
:
$auth_kind = 'LemonLDAP'; $lemonldap_config = Array( "auto_update" => true, "auto_update_force_user" => true, "auto_update_force_group" => false, "url_logout" => "https://OBMURL/logout", "server_ip_address" => "localhost", "server_ip_check" => false, "debug_level" => "NONE", // "debug_header_name" => "HTTP_OBM_UID", // "group_header_name" => "HTTP_OBM_GROUPS", "headers_map" => Array( //"userobm_gid" => "HTTP_OBM_GID", //"userobm_domain_id" => , "userobm_login" => "HTTP_OBM_UID", "userobm_password" => "HTTP_OBM_USERPASSWORD", //"userobm_password_type" => , "userobm_perms" => "HTTP_OBM_PERMS", //"userobm_kind" => , "userobm_lastname" => "HTTP_OBM_SN", "userobm_firstname" => "HTTP_OBM_GIVENNAME", // "userobm_title" => "HTTP_OBM_TITLE", "userobm_email" => "HTTP_OBM_MAIL", "userobm_datebegin" => "HTTP_OBM_DATEBEGIN", //"userobm_account_dateexp" => , //"userobm_delegation_target" => , //"userobm_delegation" => , "userobm_description" => "HTTP_OBM_DESCRIPTION", //"userobm_archive" => , //"userobm_hidden" => , //"userobm_status" => , //"userobm_local" => , //"userobm_photo_id" => , "userobm_phone" => "HTTP_OBM_TELEPHONENUMBER", //"userobom_phone2" => , //"userobm_mobile" => , "userobm_fax" => "HTTP_OBM_FACSIMILETELEPHONENUMBER", //"userobm_fax2" => , "userobm_company" => "HTTP_OBM_O", //"userobm_direction" => , "userobm_service" => "HTTP_OBM_OU", "userobm_address1" => "HTTP_OBM_POSTALADDRESS", //"userobm_address2" => , //"userobm_address3" => , "userobm_zipcode" => "HTTP_OBM_POSTALCODE", "userobm_town" => "HTTP_OBM_L", "userobm_zipcode" => "HTTP_OBM_POSTALCODE", "userobm_town" => "HTTP_OBM_L", //"userobm_expresspostal" => , //"userobm_host_id" => , //"userobm_web_perms" => , //"userobm_web_list" => , //"userobm_web_all" => , //"userobm_mail_perms" => , //"userobm_mail_ext_perms" => , //"userobm_mail_server_id" => , //"userobm_mail_server_hostname" => , "userobm_mail_quota" => "HTTP_OBM_MAILQUOTA", //"userobm_nomade_perms" => , //"userobm_nomade_enable" => , //"userobm_nomade_local_copy" => , //"userobm_email_nomade" => , //"userobm_vacation_enable" => , //"userobm_vacation_datebegin" => , //"userobm_vacation_dateend" => , //"userobm_vacation_message" => , //"userobm_samba_perms" => , //"userobm_samba_home" => , //"userobm_samba_home_drive" => , //"userobm_samba_logon_script" => , // ---- Unused values ? ---- "userobm_ext_id" => "HTTP_OBM_SERIALNUMBER", //"userobm_system" => , //"userobm_nomade_datebegin" => , //"userobm_nomade_dateend" => , //"userobm_location" => , //"userobm_education" => , ), );
Paramètres:
Éditer également la configuration d'OBM pour activer le « handler » LL::NG :
<VirtualHost *:80> ServerName obm.example.com # Protection SSO PerlHeaderParserHandler Lemonldap::NG::Handler DocumentRoot /usr/share/obm/php ... </VirtualHost>
server { listen 80; server_name obm.example.com; root /usr/share/obm/php; # Requête interne d'authentification location = /lmauth { internal; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; # Ignorer les données postées fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Conserver le nom d'hôte original fastcgi_param HOST $http_host; # Conserver la requête originale (le serveur LLNG va recevoir /llauth) fastcgi_param X_ORIGINAL_URI $request_uri; } # Requêtes clients location ~ \.php$ { auth_request /lmauth; auth_request_set $lmremote_user $upstream_http_lm_remote_user; auth_request_set $lmlocation $upstream_http_location; error_page 401 $lmlocation; try_files $uri $uri/ =404; ... include /etc/lemonldap-ng/nginx-lua-headers.conf; } location / { try_files $uri $uri/ =404; } }
Il faut collecter tous les attributs nécessaires pour créer un compte OBM :
Pour ajouter ces attributs, aller dans le manager, Variables
» Variables exportées
.
Il est également possible de créer ces macros pour gérer le compte administrateur OBM (Variables
» Macros
):
champ | valeur |
---|---|
uidR | ($uid =~ /^admin0/i)[0] ? "admin0\@global.virt" : $uid |
mailR | ($uid =~ /^admin0/i)[0] ? "" : ($mail =~ /^([^@]+)/)[0] . "\@example.com" |
Créer l'hôte virtuel OBM (par exemple obm.example.com) dans la configuration LL::NG : Hôtes virtuels
» Nouvel hôte virtuel
.
Éditer ensuite les règles et en-têtes.
Definir au moins :
champ | valeur |
---|---|
^/logout | logout_sso |
^/obm-sync | unprotect |
^/minig | unprotect |
^/Microsoft-Server-ActiveSync | unprotect |
^/caldav | unprotect |
default | accept (ou la valeur désirée) |
Definir les en-têtes utilisés pour les correspondances OBM, par exemple :
champ | valeur |
---|---|
OBM_GIVENNAME | $givenName |
OBM_GROUPS | $groups |
OBM_UID | $uidR |
OBM_MAIL | $mailR |
OBM_USERPASSWORD | $_password |
Ne pas oblier d'ajouter OBM dans le menu des applications.