404 lines
21 KiB
HTML
404 lines
21 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en" dir="ltr">
|
|
<head>
|
|
<meta charset="utf-8" />
|
|
<title>documentation:2.0:applications:obm</title>
|
|
<meta name="generator" content="DokuWiki"/>
|
|
<meta name="robots" content="index,follow"/>
|
|
<meta name="keywords" content="documentation,2.0,applications,obm"/>
|
|
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
|
<link rel="start" href="obm.html"/>
|
|
<link rel="contents" href="obm.html" title="Sitemap"/>
|
|
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
|
|
<!-- //if:usedebianlibs
|
|
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
|
|
//elsif:useexternallibs
|
|
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
|
|
//elsif:cssminified
|
|
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
|
|
//else -->
|
|
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
|
|
<!-- //endif -->
|
|
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:obm","namespace":"documentation:2.0:applications"};
|
|
/*!]]>*/</script>
|
|
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
|
|
<!-- //if:usedebianlibs
|
|
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
|
|
//elsif:useexternallibs
|
|
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
|
|
//elsif:jsminified
|
|
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
|
|
//else -->
|
|
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
|
|
<!-- //endif -->
|
|
<!-- //if:usedebianlibs
|
|
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
|
|
//elsif:useexternallibs
|
|
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
|
|
//elsif:jsminified
|
|
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
|
|
//else -->
|
|
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
|
|
<!-- //endif -->
|
|
</head>
|
|
<body>
|
|
<div class="dokuwiki export container">
|
|
<!-- TOC START -->
|
|
<div id="dw__toc">
|
|
<h3 class="toggle">Table of Contents</h3>
|
|
<div>
|
|
|
|
<ul class="toc">
|
|
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
|
|
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
|
|
<ul class="toc">
|
|
<li class="level2"><div class="li"><a href="#obm1">OBM</a></div></li>
|
|
<li class="level2"><div class="li"><a href="#llng">LL::NG</a></div>
|
|
<ul class="toc">
|
|
<li class="level3"><div class="li"><a href="#attributes_and_macros">Attributes and macros</a></div></li>
|
|
<li class="level3"><div class="li"><a href="#virtual_host">Virtual host</a></div></li>
|
|
<li class="level3"><div class="li"><a href="#other">Other</a></div></li>
|
|
</ul></li>
|
|
</ul></li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
<!-- TOC END -->
|
|
|
|
<h1 class="sectionedit1" id="obm">OBM</h1>
|
|
<div class="level1">
|
|
|
|
<p>
|
|
<a href="obm_logo.png_documentation_2.0_applications_obm.html" class="media" title="applications:obm_logo.png"><img src="obm_logo.png" class="mediacenter" alt="" /></a>
|
|
</p>
|
|
|
|
</div>
|
|
<!-- EDIT1 SECTION "OBM" [1-54] -->
|
|
<h2 class="sectionedit2" id="presentation">Presentation</h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
<a href="http://obm.org" class="urlextern" title="http://obm.org" rel="nofollow">OBM</a> is enterprise-class messaging and collaboration platform for workgroup or enterprises with many thousands users. OBM includes Groupware, messaging server, CRM, LDAP, Windows Domain, smartphone and PDA synchronization…
|
|
</p>
|
|
|
|
<p>
|
|
OBM is shipped with a <abbr title="LemonLDAP::NG">LL::NG</abbr> plugin with these features:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> <abbr title="Single Sign On">SSO</abbr> on OBM web interface</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Logout</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> User provisioning (account auto creation at first connection)</div>
|
|
</li>
|
|
</ul>
|
|
|
|
</div>
|
|
<!-- EDIT2 SECTION "Presentation" [55-488] -->
|
|
<h2 class="sectionedit3" id="configuration">Configuration</h2>
|
|
<div class="level2">
|
|
|
|
</div>
|
|
<!-- EDIT3 SECTION "Configuration" [489-515] -->
|
|
<h3 class="sectionedit4" id="obm1">OBM</h3>
|
|
<div class="level3">
|
|
|
|
<p>
|
|
To enable <abbr title="LemonLDAP::NG">LL::NG</abbr> authentication plugin, go in <code>/etc/obm/obm_conf.inc</code>:
|
|
</p>
|
|
<pre class="code file php"><span class="re0">$auth_kind</span> <span class="sy0">=</span> <span class="st_h">'LemonLDAP'</span><span class="sy0">;</span>
|
|
|
|
<span class="re0">$lemonldap_config</span> <span class="sy0">=</span> <a href="http://www.php.net/array"><span class="kw3">Array</span></a><span class="br0">(</span>
|
|
<span class="st0">"auto_update"</span> <span class="sy0">=></span> <span class="kw4">true</span><span class="sy0">,</span>
|
|
<span class="st0">"auto_update_force_user"</span> <span class="sy0">=></span> <span class="kw4">true</span><span class="sy0">,</span>
|
|
<span class="st0">"auto_update_force_group"</span> <span class="sy0">=></span> <span class="kw4">false</span><span class="sy0">,</span>
|
|
<span class="st0">"url_logout"</span> <span class="sy0">=></span> <span class="st0">"https://OBMURL/logout"</span><span class="sy0">,</span>
|
|
<span class="st0">"server_ip_address"</span> <span class="sy0">=></span> <span class="st0">"localhost"</span><span class="sy0">,</span>
|
|
<span class="st0">"server_ip_check"</span> <span class="sy0">=></span> <span class="kw4">false</span><span class="sy0">,</span>
|
|
<span class="st0">"debug_level"</span> <span class="sy0">=></span> <span class="st0">"NONE"</span><span class="sy0">,</span>
|
|
<span class="co1">// "debug_header_name" => "HTTP_OBM_UID",</span>
|
|
<span class="co1">// "group_header_name" => "HTTP_OBM_GROUPS",</span>
|
|
<span class="st0">"headers_map"</span> <span class="sy0">=></span> <a href="http://www.php.net/array"><span class="kw3">Array</span></a><span class="br0">(</span>
|
|
<span class="co1">//"userobm_gid" => "HTTP_OBM_GID",</span>
|
|
<span class="co1">//"userobm_domain_id" => ,</span>
|
|
<span class="st0">"userobm_login"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_UID"</span><span class="sy0">,</span>
|
|
<span class="st0">"userobm_password"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_USERPASSWORD"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobm_password_type" => ,</span>
|
|
<span class="st0">"userobm_perms"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_PERMS"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobm_kind" => ,</span>
|
|
<span class="st0">"userobm_lastname"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_SN"</span><span class="sy0">,</span>
|
|
<span class="st0">"userobm_firstname"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_GIVENNAME"</span><span class="sy0">,</span>
|
|
<span class="co1">// "userobm_title" => "HTTP_OBM_TITLE",</span>
|
|
<span class="st0">"userobm_email"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_MAIL"</span><span class="sy0">,</span>
|
|
<span class="st0">"userobm_datebegin"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_DATEBEGIN"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobm_account_dateexp" => ,</span>
|
|
<span class="co1">//"userobm_delegation_target" => ,</span>
|
|
<span class="co1">//"userobm_delegation" => ,</span>
|
|
<span class="st0">"userobm_description"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_DESCRIPTION"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobm_archive" => ,</span>
|
|
<span class="co1">//"userobm_hidden" => ,</span>
|
|
<span class="co1">//"userobm_status" => ,</span>
|
|
<span class="co1">//"userobm_local" => ,</span>
|
|
<span class="co1">//"userobm_photo_id" => ,</span>
|
|
<span class="st0">"userobm_phone"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_TELEPHONENUMBER"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobom_phone2" => ,</span>
|
|
<span class="co1">//"userobm_mobile" => ,</span>
|
|
<span class="st0">"userobm_fax"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_FACSIMILETELEPHONENUMBER"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobm_fax2" => ,</span>
|
|
<span class="st0">"userobm_company"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_O"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobm_direction" => ,</span>
|
|
<span class="st0">"userobm_service"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_OU"</span><span class="sy0">,</span>
|
|
<span class="st0">"userobm_address1"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_POSTALADDRESS"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobm_address2" => ,</span>
|
|
<span class="co1">//"userobm_address3" => ,</span>
|
|
<span class="st0">"userobm_zipcode"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_POSTALCODE"</span><span class="sy0">,</span>
|
|
<span class="st0">"userobm_town"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_L"</span><span class="sy0">,</span>
|
|
<span class="st0">"userobm_zipcode"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_POSTALCODE"</span><span class="sy0">,</span>
|
|
<span class="st0">"userobm_town"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_L"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobm_expresspostal" => ,</span>
|
|
<span class="co1">//"userobm_host_id" => ,</span>
|
|
<span class="co1">//"userobm_web_perms" => ,</span>
|
|
<span class="co1">//"userobm_web_list" => ,</span>
|
|
<span class="co1">//"userobm_web_all" => ,</span>
|
|
<span class="co1">//"userobm_mail_perms" => ,</span>
|
|
<span class="co1">//"userobm_mail_ext_perms" => ,</span>
|
|
<span class="co1">//"userobm_mail_server_id" => ,</span>
|
|
<span class="co1">//"userobm_mail_server_hostname" => ,</span>
|
|
<span class="st0">"userobm_mail_quota"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_MAILQUOTA"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobm_nomade_perms" => ,</span>
|
|
<span class="co1">//"userobm_nomade_enable" => ,</span>
|
|
<span class="co1">//"userobm_nomade_local_copy" => ,</span>
|
|
<span class="co1">//"userobm_email_nomade" => ,</span>
|
|
<span class="co1">//"userobm_vacation_enable" => ,</span>
|
|
<span class="co1">//"userobm_vacation_datebegin" => ,</span>
|
|
<span class="co1">//"userobm_vacation_dateend" => ,</span>
|
|
<span class="co1">//"userobm_vacation_message" => ,</span>
|
|
<span class="co1">//"userobm_samba_perms" => ,</span>
|
|
<span class="co1">//"userobm_samba_home" => ,</span>
|
|
<span class="co1">//"userobm_samba_home_drive" => ,</span>
|
|
<span class="co1">//"userobm_samba_logon_script" => ,</span>
|
|
<span class="co1">// ---- Unused values ? ----</span>
|
|
<span class="st0">"userobm_ext_id"</span> <span class="sy0">=></span> <span class="st0">"HTTP_OBM_SERIALNUMBER"</span><span class="sy0">,</span>
|
|
<span class="co1">//"userobm_system" => ,</span>
|
|
<span class="co1">//"userobm_nomade_datebegin" => ,</span>
|
|
<span class="co1">//"userobm_nomade_dateend" => ,</span>
|
|
<span class="co1">//"userobm_location" => ,</span>
|
|
<span class="co1">//"userobm_education" => ,</span>
|
|
<span class="br0">)</span><span class="sy0">,</span>
|
|
<span class="br0">)</span><span class="sy0">;</span></pre>
|
|
|
|
<p>
|
|
Parameters:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> <strong>url_logout</strong>: <abbr title="Uniform Resource Locator">URL</abbr> used by OBM to logout, will be caught by <abbr title="LemonLDAP::NG">LL::NG</abbr></div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <strong>headers_map</strong>: map OBM internal field to <abbr title="LemonLDAP::NG">LL::NG</abbr> header</div>
|
|
</li>
|
|
</ul>
|
|
|
|
<p>
|
|
Edit also OBM configuration to enable <abbr title="LemonLDAP::NG">LL::NG</abbr> Handler:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> For Apache:</div>
|
|
</li>
|
|
</ul>
|
|
<pre class="code file apache"><<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>>
|
|
<span class="kw1">ServerName</span> obm.example.com
|
|
|
|
<span class="co1"># SSO protection</span>
|
|
PerlHeaderParserHandler Lemonldap::NG::Handler
|
|
|
|
<span class="kw1">DocumentRoot</span> /usr/share/obm/php
|
|
|
|
...
|
|
|
|
</<span class="kw3">VirtualHost</span>></pre>
|
|
<ul>
|
|
<li class="level1"><div class="li"> For Nginx:</div>
|
|
</li>
|
|
</ul>
|
|
<pre class="code file nginx">server {
|
|
listen 80;
|
|
server_name obm.example.com;
|
|
root /usr/share/obm/php;
|
|
# Internal authentication request
|
|
location = /lmauth {
|
|
internal;
|
|
include /etc/nginx/fastcgi_params;
|
|
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
|
# Drop post datas
|
|
fastcgi_pass_request_body off;
|
|
fastcgi_param CONTENT_LENGTH "";
|
|
# Keep original hostname
|
|
fastcgi_param HOST $http_host;
|
|
# Keep original request (LLNG server will received /llauth)
|
|
fastcgi_param X_ORIGINAL_URI $request_uri;
|
|
}
|
|
|
|
# Client requests
|
|
location ~ \.php$ {
|
|
auth_request /lmauth;
|
|
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
|
|
auth_request_set $lmlocation $upstream_http_location;
|
|
error_page 401 $lmlocation;
|
|
try_files $uri $uri/ =404;
|
|
|
|
...
|
|
|
|
include /etc/lemonldap-ng/nginx-lua-headers.conf;
|
|
}
|
|
location / {
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
}</pre>
|
|
|
|
</div>
|
|
<!-- EDIT4 SECTION "OBM" [516-7008] -->
|
|
<h3 class="sectionedit5" id="llng">LL::NG</h3>
|
|
<div class="level3">
|
|
|
|
</div>
|
|
|
|
<h4 id="attributes_and_macros">Attributes and macros</h4>
|
|
<div class="level4">
|
|
|
|
<p>
|
|
You will need to collect all attributes needed to create a user in OBM, this includes:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> First name</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Last name</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Login</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Mail</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> …</div>
|
|
</li>
|
|
</ul>
|
|
|
|
<p>
|
|
To add these attributes, go in Manager, <code>Variables</code> » <code>Exported Variables</code>.
|
|
</p>
|
|
<div class="noteimportant">If you plan to forward user's password to OBM, then you have to <a href="../passwordstore.html" class="wikilink1" title="documentation:2.0:passwordstore">keep the password in session</a>.
|
|
</div>
|
|
<p>
|
|
You may also create these macros to manage OBM administrator account (<code>Variables</code> » <code>Macros</code>):
|
|
</p>
|
|
<div class="table sectionedit6"><table class="inline table table-bordered table-striped">
|
|
<thead>
|
|
<tr class="row0 roweven">
|
|
<th class="col0">field </th><th class="col1">value </th>
|
|
</tr>
|
|
</thead>
|
|
<tr class="row1 rowodd">
|
|
<td class="col0"> uidR </td><td class="col1 leftalign"> ($uid =~ /^admin0/i)[0] ? "admin0\@global.virt" : $uid </td>
|
|
</tr>
|
|
<tr class="row2 roweven">
|
|
<td class="col0 leftalign"> mailR </td><td class="col1 leftalign"> ($uid =~ /^admin0/i)[0] ? "" : ($mail =~ /^([^@]+)/)[0] . "\@example.com" </td>
|
|
</tr>
|
|
</table></div>
|
|
<!-- EDIT6 TABLE [7522-7701] -->
|
|
</div>
|
|
|
|
<h4 id="virtual_host">Virtual host</h4>
|
|
<div class="level4">
|
|
|
|
<p>
|
|
Create OBM virtual host (for example obm.example.com) in <abbr title="LemonLDAP::NG">LL::NG</abbr> configuration: <code>Virtual Hosts</code> » <code>New virtual host</code>.
|
|
</p>
|
|
|
|
<p>
|
|
Then edit rules and headers.
|
|
</p>
|
|
|
|
</div>
|
|
|
|
<h5 id="rules">Rules</h5>
|
|
<div class="level5">
|
|
|
|
<p>
|
|
Define at least:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> <strong>Default rule</strong>: who can access to the application</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <strong>Logout rule</strong>: catch OBM logout</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <strong>Exceptions</strong>: allow anonymous access for specific URLs (connectors, etc.)</div>
|
|
</li>
|
|
</ul>
|
|
<div class="table sectionedit7"><table class="inline table table-bordered table-striped">
|
|
<thead>
|
|
<tr class="row0 roweven">
|
|
<th class="col0">field </th><th class="col1">value </th>
|
|
</tr>
|
|
</thead>
|
|
<tr class="row1 rowodd">
|
|
<td class="col0">^/logout</td><td class="col1">logout_sso</td>
|
|
</tr>
|
|
<tr class="row2 roweven">
|
|
<td class="col0">^/obm-sync</td><td class="col1">unprotect</td>
|
|
</tr>
|
|
<tr class="row3 rowodd">
|
|
<td class="col0">^/minig</td><td class="col1">unprotect</td>
|
|
</tr>
|
|
<tr class="row4 roweven">
|
|
<td class="col0">^/Microsoft-Server-ActiveSync</td><td class="col1">unprotect</td>
|
|
</tr>
|
|
<tr class="row5 rowodd">
|
|
<td class="col0">^/caldav</td><td class="col1">unprotect</td>
|
|
</tr>
|
|
<tr class="row6 roweven">
|
|
<td class="col0">default</td><td class="col1">accept (or whatever you want)</td>
|
|
</tr>
|
|
</table></div>
|
|
<!-- EDIT7 TABLE [8083-8306] -->
|
|
</div>
|
|
|
|
<h5 id="headers">Headers</h5>
|
|
<div class="level5">
|
|
|
|
<p>
|
|
Define headers used in OBM mapping, for example:
|
|
</p>
|
|
<div class="table sectionedit8"><table class="inline table table-bordered table-striped">
|
|
<thead>
|
|
<tr class="row0 roweven">
|
|
<th class="col0">field </th><th class="col1">valeur </th>
|
|
</tr>
|
|
</thead>
|
|
<tr class="row1 rowodd">
|
|
<td class="col0">OBM_GIVENNAME</td><td class="col1">$givenName</td>
|
|
</tr>
|
|
<tr class="row2 roweven">
|
|
<td class="col0">OBM_GROUPS</td><td class="col1">$groups</td>
|
|
</tr>
|
|
<tr class="row3 rowodd">
|
|
<td class="col0">OBM_UID</td><td class="col1">$uidR</td>
|
|
</tr>
|
|
<tr class="row4 roweven">
|
|
<td class="col0">OBM_MAIL</td><td class="col1">$mailR</td>
|
|
</tr>
|
|
<tr class="row5 rowodd">
|
|
<td class="col0">OBM_USERPASSWORD</td><td class="col1">$_password</td>
|
|
</tr>
|
|
</table></div>
|
|
<!-- EDIT8 TABLE [8372-8500] -->
|
|
</div>
|
|
|
|
<h4 id="other">Other</h4>
|
|
<div class="level4">
|
|
|
|
<p>
|
|
Do not forget to add OBM in <a href="../portalmenu.html#categories_and_applications" class="wikilink1" title="documentation:2.0:portalmenu">applications menu</a>.
|
|
</p>
|
|
|
|
</div>
|
|
<!-- EDIT5 SECTION "LL::NG" [7009-] --></div>
|
|
</body>
|
|
</html>
|