323 lines
18 KiB
HTML
323 lines
18 KiB
HTML
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
|
|
lang="en" dir="ltr">
|
|
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<title></title>
|
|
<!-- metadata -->
|
|
<meta name="generator" content="Offline" />
|
|
<meta name="version" content="Offline 0.1" />
|
|
<!-- style sheet links -->
|
|
<link rel="stylesheet" media="all" type="text/css" href="../../../../css/all.css" />
|
|
<link rel="stylesheet" media="screen" type="text/css" href="../../../../css/screen.css" />
|
|
<link rel="stylesheet" media="print" type="text/css" href="../../../../css/print.css" />
|
|
|
|
</head>
|
|
<body>
|
|
<div class="dokuwiki export">
|
|
|
|
|
|
<h1 class="sectionedit1" id="obm">OBM</h1>
|
|
<div class="level1">
|
|
|
|
<p>
|
|
<a href="/_detail/applications/obm_logo.png?id=documentation%3A1.9%3Aapplications%3Aobm" class="media" title="applications:obm_logo.png"><img src="../../../../media/applications/obm_logo.png" class="mediacenter" alt="" /></a>
|
|
</p>
|
|
|
|
</div>
|
|
<!-- EDIT1 SECTION "OBM" [1-54] -->
|
|
<h2 class="sectionedit2" id="presentation">Presentation</h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
<a href="http://obm.org" class="urlextern" title="http://obm.org" rel="nofollow">OBM</a> is enterprise-class messaging and collaboration platform for workgroup or enterprises with many thousands users. OBM includes Groupware, messaging server, CRM, LDAP, Windows Domain, smartphone and PDA synchronization…
|
|
</p>
|
|
|
|
<p>
|
|
OBM is shipped with a <abbr title="LemonLDAP::NG">LL::NG</abbr> plugin with these features:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> <abbr title="Single Sign On">SSO</abbr> on OBM web interface</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Logout</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> User provisioning (account auto creation at first connection)</div>
|
|
</li>
|
|
</ul>
|
|
|
|
</div>
|
|
<!-- EDIT2 SECTION "Presentation" [55-488] -->
|
|
<h2 class="sectionedit3" id="configuration">Configuration</h2>
|
|
<div class="level2">
|
|
|
|
</div>
|
|
<!-- EDIT3 SECTION "Configuration" [489-515] -->
|
|
<h3 class="sectionedit4" id="obm1">OBM</h3>
|
|
<div class="level3">
|
|
|
|
<p>
|
|
To enable <abbr title="LemonLDAP::NG">LL::NG</abbr> authentication plugin, go in <code>/etc/obm/obm_conf.inc</code>:
|
|
</p>
|
|
<pre class="code file php"><span class="re0">$auth_kind</span> <span class="sy0">=</span> <span class="st_h">'LemonLDAP'</span><span class="sy0">;</span>
|
|
|
|
<span class="re0">$lemonldap_config</span> <span class="sy0">=</span> <a href="http://www.php.net/array"><span class="kw3">Array</span></a><span class="br0">(</span>
|
|
<span class="st0">"auto_update"</span> <span class="sy0">=></span> <span class="kw4">true</span><span class="sy0">,</span>
|
|
<span class="st0">"auto_update_force_user"</span> <span class="sy0">=></span> <span class="kw4">true</span><span class="sy0">,</span>
|
|
<span class="st0">"auto_update_force_group"</span> <span class="sy0">=></span> <span class="kw4">false</span><span class="sy0">,</span>
|
|
<span class="st0">"url_logout"</span> <span class="sy0">=></span> <span class="st0">"https://OBMURL/logout"</span><span class="sy0">,</span>
|
|
<span class="st0">"server_ip_address"</span> <span class="sy0">=></span> <span class="st0">"localhost"</span><span class="sy0">,</span>
|
|
<span class="st0">"server_ip_check"</span> <span class="sy0">=></span> <span class="kw4">false</span><span class="sy0">,</span>
|
|
<span class="st0">"debug_level"</span> <span class="sy0">=></span> <span class="st0">"NONE"</span><span class="sy0">,</span>
|
|
<span class="co1">// "debug_header_name" => "HTTP_OBM_UID",</span>
|
|
<span class="co1">// "group_header_name" => "HTTP_OBM_GROUPS",</span>
|
|
<span class="st0">"headers_map"</span> <span class="sy0">=></span> <a href="http://www.php.net/array"><span class="kw3">Array</span></a><span class="br0">(</span>
|
|
<span class="co1">//"userobm_gid" => "HTTP_OBM_GID",</span>
|
|
<span class="co1">//"userobm_domain_id" => ,</span>
|
|
<span class="st0">"userobm_login"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_UID"</span><span class="sy0">,</span>
|
|
<span class="st0">"userobm_password"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_USERPASSWORD"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobm_password_type" => ,</span>
|
|
<span class="st0">"userobm_perms"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_PERMS"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobm_kind" => ,</span>
|
|
<span class="st0">"userobm_lastname"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_SN"</span><span class="sy0">,</span>
|
|
<span class="st0">"userobm_firstname"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_GIVENNAME"</span><span class="sy0">,</span>
|
|
<span class="co1">// "userobm_title" => "HTTP_OBM_TITLE",</span>
|
|
<span class="st0">"userobm_email"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_MAIL"</span><span class="sy0">,</span>
|
|
<span class="st0">"userobm_datebegin"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_DATEBEGIN"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobm_account_dateexp" => ,</span>
|
|
<span class="co1">//"userobm_delegation_target" => ,</span>
|
|
<span class="co1">//"userobm_delegation" => ,</span>
|
|
<span class="st0">"userobm_description"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_DESCRIPTION"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobm_archive" => ,</span>
|
|
<span class="co1">//"userobm_hidden" => ,</span>
|
|
<span class="co1">//"userobm_status" => ,</span>
|
|
<span class="co1">//"userobm_local" => ,</span>
|
|
<span class="co1">//"userobm_photo_id" => ,</span>
|
|
<span class="st0">"userobm_phone"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_TELEPHONENUMBER"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobom_phone2" => ,</span>
|
|
<span class="co1">//"userobm_mobile" => ,</span>
|
|
<span class="st0">"userobm_fax"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_FACSIMILETELEPHONENUMBER"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobm_fax2" => ,</span>
|
|
<span class="st0">"userobm_company"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_O"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobm_direction" => ,</span>
|
|
<span class="st0">"userobm_service"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_OU"</span><span class="sy0">,</span>
|
|
<span class="st0">"userobm_address1"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_POSTALADDRESS"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobm_address2" => ,</span>
|
|
<span class="co1">//"userobm_address3" => ,</span>
|
|
<span class="st0">"userobm_zipcode"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_POSTALCODE"</span><span class="sy0">,</span>
|
|
<span class="st0">"userobm_town"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_L"</span><span class="sy0">,</span>
|
|
<span class="st0">"userobm_zipcode"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_POSTALCODE"</span><span class="sy0">,</span>
|
|
<span class="st0">"userobm_town"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_L"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobm_expresspostal" => ,</span>
|
|
<span class="co1">//"userobm_host_id" => ,</span>
|
|
<span class="co1">//"userobm_web_perms" => ,</span>
|
|
<span class="co1">//"userobm_web_list" => ,</span>
|
|
<span class="co1">//"userobm_web_all" => ,</span>
|
|
<span class="co1">//"userobm_mail_perms" => ,</span>
|
|
<span class="co1">//"userobm_mail_ext_perms" => ,</span>
|
|
<span class="co1">//"userobm_mail_server_id" => ,</span>
|
|
<span class="co1">//"userobm_mail_server_hostname" => ,</span>
|
|
<span class="st0">"userobm_mail_quota"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_MAILQUOTA"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobm_nomade_perms" => ,</span>
|
|
<span class="co1">//"userobm_nomade_enable" => ,</span>
|
|
<span class="co1">//"userobm_nomade_local_copy" => ,</span>
|
|
<span class="co1">//"userobm_email_nomade" => ,</span>
|
|
<span class="co1">//"userobm_vacation_enable" => ,</span>
|
|
<span class="co1">//"userobm_vacation_datebegin" => ,</span>
|
|
<span class="co1">//"userobm_vacation_dateend" => ,</span>
|
|
<span class="co1">//"userobm_vacation_message" => ,</span>
|
|
<span class="co1">//"userobm_samba_perms" => ,</span>
|
|
<span class="co1">//"userobm_samba_home" => ,</span>
|
|
<span class="co1">//"userobm_samba_home_drive" => ,</span>
|
|
<span class="co1">//"userobm_samba_logon_script" => ,</span>
|
|
<span class="co1">// ---- Unused values ? ----</span>
|
|
<span class="st0">"userobm_ext_id"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_SERIALNUMBER"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobm_system" => ,</span>
|
|
<span class="co1">//"userobm_nomade_datebegin" => ,</span>
|
|
<span class="co1">//"userobm_nomade_dateend" => ,</span>
|
|
<span class="co1">//"userobm_location" => ,</span>
|
|
<span class="co1">//"userobm_education" => ,</span>
|
|
<span class="br0">)</span><span class="sy0">,</span>
|
|
<span class="br0">)</span><span class="sy0">;</span></pre>
|
|
|
|
<p>
|
|
Parameters:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> <strong>url_logout</strong>: <abbr title="Uniform Resource Locator">URL</abbr> used by OBM to logout, will be caught by <abbr title="LemonLDAP::NG">LL::NG</abbr></div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <strong>headers_map</strong>: map OBM internal field to <abbr title="LemonLDAP::NG">LL::NG</abbr> header</div>
|
|
</li>
|
|
</ul>
|
|
|
|
<p>
|
|
Edit also OBM Apache configuration to enable <abbr title="LemonLDAP::NG">LL::NG</abbr> Handler:
|
|
</p>
|
|
<pre class="code file apache"><<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>>
|
|
<span class="kw1">ServerName</span> obm.example.com
|
|
|
|
<span class="co1"># SSO protection</span>
|
|
PerlHeaderParserHandler Lemonldap::NG::Handler
|
|
|
|
<span class="kw1">DocumentRoot</span> /usr/share/obm/php
|
|
|
|
...
|
|
|
|
</<span class="kw3">VirtualHost</span>></pre>
|
|
|
|
<p>
|
|
<p><div class="noteimportant">OBM Apache configuration must be loaded <strong>after</strong> <abbr title="LemonLDAP::NG">LL::NG</abbr> <a href="../../../documentation/1.9/configlocation.html#apache" class="wikilink1" title="documentation:1.9:configlocation">Apache configuration</a>.
|
|
</div></p>
|
|
</p>
|
|
|
|
</div>
|
|
<!-- EDIT4 SECTION "OBM" [516-6179] -->
|
|
<h3 class="sectionedit5" id="llng">LL::NG</h3>
|
|
<div class="level3">
|
|
|
|
</div>
|
|
|
|
<h4 id="attributes_and_macros">Attributes and macros</h4>
|
|
<div class="level4">
|
|
|
|
<p>
|
|
You will need to collect all attributes needed to create a user in OBM, this includes:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> First name</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Last name</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Login</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Mail</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> …</div>
|
|
</li>
|
|
</ul>
|
|
|
|
<p>
|
|
To add these attributes, go in Manager, <code>Variables</code> » <code>Exported Variables</code>.
|
|
</p>
|
|
|
|
<p>
|
|
<p><div class="noteimportant">If you plan to forward user's password to OBM, then you have to <a href="../../../documentation/1.9/passwordstore.html" class="wikilink1" title="documentation:1.9:passwordstore">keep the password in session</a>.
|
|
</div></p>
|
|
</p>
|
|
|
|
<p>
|
|
You may also create these macros to manage OBM administrator account (<code>Variables</code> » <code>Macros</code>):
|
|
</p>
|
|
<div class="table sectionedit6"><table class="inline">
|
|
<thead>
|
|
<tr class="row0 roweven">
|
|
<th class="col0">field </th><th class="col1">value </th>
|
|
</tr>
|
|
</thead>
|
|
<tr class="row1 rowodd">
|
|
<td class="col0"> uidR </td><td class="col1 leftalign"> ($uid =~ /^admin0/i)[0] ? "admin0\@global.virt" : $uid </td>
|
|
</tr>
|
|
<tr class="row2 roweven">
|
|
<td class="col0 leftalign"> mailR </td><td class="col1 leftalign"> ($uid =~ /^admin0/i)[0] ? "" : ($mail =~ /^([^@]+)/)[0] . "\@example.com" </td>
|
|
</tr>
|
|
</table></div>
|
|
<!-- EDIT6 TABLE [6693-6872] -->
|
|
</div>
|
|
|
|
<h4 id="virtual_host">Virtual host</h4>
|
|
<div class="level4">
|
|
|
|
<p>
|
|
Create OBM virtual host (for example obm.example.com) in <abbr title="LemonLDAP::NG">LL::NG</abbr> configuration: <code>Virtual Hosts</code> » <code>New virtual host</code>.
|
|
</p>
|
|
|
|
<p>
|
|
Then edit rules and headers.
|
|
</p>
|
|
|
|
</div>
|
|
|
|
<h5 id="rules">Rules</h5>
|
|
<div class="level5">
|
|
|
|
<p>
|
|
Define at least:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> <strong>Default rule</strong>: who can access to the application</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <strong>Logout rule</strong>: catch OBM logout</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <strong>Exceptions</strong>: allow anonymous access for specific URLs (connectors, etc.)</div>
|
|
</li>
|
|
</ul>
|
|
<div class="table sectionedit7"><table class="inline">
|
|
<thead>
|
|
<tr class="row0 roweven">
|
|
<th class="col0">field </th><th class="col1">value </th>
|
|
</tr>
|
|
</thead>
|
|
<tr class="row1 rowodd">
|
|
<td class="col0">^/logout</td><td class="col1">logout_sso</td>
|
|
</tr>
|
|
<tr class="row2 roweven">
|
|
<td class="col0">^/obm-sync</td><td class="col1">unprotect</td>
|
|
</tr>
|
|
<tr class="row3 rowodd">
|
|
<td class="col0">^/minig</td><td class="col1">unprotect</td>
|
|
</tr>
|
|
<tr class="row4 roweven">
|
|
<td class="col0">^/Microsoft-Server-ActiveSync</td><td class="col1">unprotect</td>
|
|
</tr>
|
|
<tr class="row5 rowodd">
|
|
<td class="col0">^/caldav</td><td class="col1">unprotect</td>
|
|
</tr>
|
|
<tr class="row6 roweven">
|
|
<td class="col0">default</td><td class="col1">accept (or whatever you want)</td>
|
|
</tr>
|
|
</table></div>
|
|
<!-- EDIT7 TABLE [7254-7477] -->
|
|
</div>
|
|
|
|
<h5 id="headers">Headers</h5>
|
|
<div class="level5">
|
|
|
|
<p>
|
|
Define headers used in OBM mapping, for example:
|
|
</p>
|
|
<div class="table sectionedit8"><table class="inline">
|
|
<thead>
|
|
<tr class="row0 roweven">
|
|
<th class="col0">field </th><th class="col1">valeur </th>
|
|
</tr>
|
|
</thead>
|
|
<tr class="row1 rowodd">
|
|
<td class="col0">OBM_GIVENNAME</td><td class="col1">$givenName</td>
|
|
</tr>
|
|
<tr class="row2 roweven">
|
|
<td class="col0">OBM_GROUPS</td><td class="col1">$groups</td>
|
|
</tr>
|
|
<tr class="row3 rowodd">
|
|
<td class="col0">OBM_UID</td><td class="col1">$uidR</td>
|
|
</tr>
|
|
<tr class="row4 roweven">
|
|
<td class="col0">OBM_MAIL</td><td class="col1">$mailR</td>
|
|
</tr>
|
|
<tr class="row5 rowodd">
|
|
<td class="col0">OBM_USERPASSWORD</td><td class="col1">$_password</td>
|
|
</tr>
|
|
</table></div>
|
|
<!-- EDIT8 TABLE [7543-7671] -->
|
|
</div>
|
|
|
|
<h4 id="other">Other</h4>
|
|
<div class="level4">
|
|
|
|
<p>
|
|
Do not forget to add OBM in <a href="../../../documentation/1.9/portalmenu.html#categories_and_applications" class="wikilink1" title="documentation:1.9:portalmenu">applications menu</a>.
|
|
</p>
|
|
|
|
</div>
|
|
</div><!-- closes <div class="dokuwiki export">--> |