can you please publish some output of ldapsearch... with at least a contact and group record?
what is exactly your problem? you can not assing a contact to a specific group? can you try to do it with using ldapmodify on the command line? e.g. like ---------------------------- echo " dn: cn=Group,dc=example,dc=com add: member member: cn=Contact,dc=example,dc=com " | ldapmodify -x -H $server -D $bind_dn -w $bind_pass ---------------------------- it seems that your bind_dn do not have enough rights for modifying the group object... how do you grant that? can you show me the slapd.conf directive? Andreas Am Mittwoch, 29. Februar 2012, 06.45:00 schrieben Sie: > under Private Address Group I have ability to create more groupsofNames > that works fine and there is no replication issues. > I can add dn from ldap side to groupofNames via ldap tools (apache > directory studio) > Problem is that if user try to drag or associate existing name in public or > private list to this new groupofNames ldap log chookes. > essentially there is a problem with association of existing ldap account > and dn entry with groupofNames object class with attribute member. > > > add [dn: cn=IT,ou=addressbook,uid=xxx,ou=People,dc=xxx,dc=xxx]: Array > ( > [member] => Array > ( > [0] => ou=addressbook,uid=xxx,ou=People,dc=xxx,dc=xxx > ) > > ) > > [28-Feb-2012 22:03:31 -0500]: S: Insufficient access > > I have right to push changes in ldap via slapd.conf file. > > On Wed, Feb 29, 2012 at 3:52 AM, Andreas Dick <[email protected]> wrote: > > in my setup, this works well. but I know about a problem with showing > > contacts of new created groups in the listing... > > can you check if the "empty" group shows more than 0 on the bottom of > > the > > list, even when you do not see the contacts? > > can you check if the ldap group record contain the added contacts? > > > > Andreas > > > > Am 2012-02-29 01:35, schrieb Sasha Kacanski: > >> Hi Andreas, > >> one more question? > >> On the private ldap address group, if I create additional group I am > >> creating cn= ldap object class groupofNames > >> > >> What is the idea behind this approach. > >> In rouncube I am unable to add a member of public address group to > >> private group... > >> > >> example: > >> > >> Public Address Group > >> name1 > >> name2 > >> name3 > >> > >> Private Address Group > >> external email contact1 > >> external email contact2 > >> > >> Office (group) > >> > >> member name1 ( will not work) - meaning if I drag contact I > >> > >> cant add it > >> > >> memeber name2 ( if I flag it as group in contact) cant add > >> it > >> > >> I believe that I need to change something in main.inc.php to allow dn > >> to be transferred from the contact that I want to add to the group to > >> member attribute value. > >> > >> Could you please point me to right direction, > >> > >> Regards, > >> > >> On Mon, Feb 27, 2012 at 6:57 PM, Sasha Kacanski <[email protected] > >> > >> [5]> wrote: > >> U the man Andreas, > >> > >>> Thanks so much for quick, clear and concise answers. > >>> This works and I can push this for production. > >>> Thanks much, and this is good stuff ... > >>> --sasha > >>> > >>> On Mon, Feb 27, 2012 at 11:44 AM, Andreas Dick <[email protected] [4]> > >>> > >>> wrote: > >>> I hope you did not try like that: > >>>> ************************** > >>>> > >>>> groups => > >>>> > >>>> array ( > >>>> > >>>> base_dn => , > >>>> filter => (objectClass=groupOfNames), > >>>> object_classes => > >>>> array ( > >>>> > >>>> 0 => top, > >>>> 1 => groupOfNames, > >>>> > >>>> ), > >>>> member_attr => member, > >>>> name_attr => cn, > >>>> > >>>> ), > >>>> > >>>> scope => one > >>>> > >>>> ), > >>>> private => > >>>> array ( > >>>> > >>>> name => Private LDAP Addressbook, > >>>> > >>>> hosts => > >>>> > >>>> .... > >>>> ************************** > >>>> > >>>> the scope must be INSIDE the groups array, e.g. like > >>>> ************************** > >>>> > >>>> groups => > >>>> > >>>> array ( > >>>> > >>>> base_dn => , > >>>> scope => one > >>>> > >>>> filter => (objectClass=groupOfNames), > >>>> object_classes => > >>>> array ( > >>>> > >>>> 0 => top, > >>>> 1 => groupOfNames, > >>>> > >>>> ), > >>>> member_attr => member, > >>>> name_attr => cn, > >>>> > >>>> ), > >>>> > >>>> ************************** > >>>> > >>>> Andreas > >>>> > >>>> Am 2012-02-27 14:26, schrieb Sasha Kacanski: > >>>> Andreas, > >>>> > >>>>> your suggestion did not work ether: > >>>>> groups => > >>>>> > >>>>> array ( > >>>>> > >>>>> base_dn => , > >>>>> filter => (objectClass=groupOfNames), > >>>>> > >>>>> object_classes => > >>>>> > >>>>> array ( > >>>>> > >>>>> 0 => top, > >>>>> 1 => groupOfNames, > >>>>> > >>>>> ), > >>>>> member_attr => member, > >>>>> name_attr => cn, > >>>>> > >>>>> ), > >>>>> > >>>>> SCOPE => ONE > >>>>> > >>>>> ), > >>>>> private => > >>>>> array ( > >>>>> > >>>>> name => Private LDAP Addressbook, > >>>>> > >>>>> hosts => > >>>>> > >>>>> .... > >>>>> > >>>>> I tried with sub, list base options, just to see if it makes > >>>>> > >>>>> a > >>>>> difference and nothing is happening ... > >>>>> > >>>>> in ldap log "rounde cube" > >>>>> C: Search [(objectClass=inetOrgPerson)][**dn: > >>>>> ou=People,dc=xxxxxx,dc=xxx] > >>>>> > >>>>> so it seems that option is not being passed ... > >>>>> > >>>>> --sasha > >>>>> > >>>>> On Sun, Feb 26, 2012 at 2:14 PM, Sasha Kacanski > >>>>> <[email protected] [3] > >>>>> > >>>>> [1]> wrote: > >>>>> Ok, > >>>>> > >>>>>> Ill let u know how it went! > >>>>>> > >>>>>> On Sunday, February 26, 2012, Andreas Dick wrote: > >>>>>> Am Sonntag, 26. Februar 2012, 07.00:08 schrieben Sie: > >>>>>>> > Curious, Why would you separate searches per group > >>>>>>> > and/or > >>>>>>> > >>>>>>> contact? > >>>>>>> I think it makes sense to seperate... > >>>>>>> > >>>>>>> but well, the concerning option is not yet prepared in the > >>>>>>> default config > >>>>>>> > >>>>>>> file... please try to add: > >>>>>>> scope => one, > >>>>>>> > >>>>>>> in the groups array... it is allready implemented in the > >>>>>>> code :-) > >>>>>>> > >>>>>>> Andreas > >>>>>>> > >>>>>>> > anyway, is there anything else we can do in the mean > >>>>>>> > >>>>>>> time. > >>>>>>> > >>>>>>> > I am not good in php, but pretty good with python and > >>>>>>> > >>>>>>> java. > >>>>>>> > >>>>>>> > Regards, --sasha > >>>>>>> > > >>>>>>> > On Sat, Feb 25, 2012 at 6:37 PM, Andreas Dick > >>>>>>> > >>>>>>> <[email protected] [1]> > >>>>>>> > >>>>>>> wrote: > >>>>>>> > > I suppose the search scope is not yet imlemented for > >>>>>>> > >>>>>>> groups... just for > >>>>>>> > >>>>>>> > > contacts... maybe il check that soon... > >>>>>>> > > > >>>>>>> > > > >>>>>>> > > Andreas > >>>>>>> > > > >>>>>>> > > Sasha Kacanski <[email protected] [2]> schrieb: > >>>>>>> > > >Absolutely, > >>>>>>> > > > > >>>>>>> > > >btw, roundcube works great otherwise. This is a > >>>>>>> > > >first > >>>>>>> > >>>>>>> product that can > >>>>>>> > >>>>>>> > > >so > >>>>>>> > > >well integrate with two imap cyrus servers, one as > >>>>>>> > >>>>>>> main mail > >>>>>>> server > >>>>>>> > >>>>>>> > > >and > >>>>>>> > > >other as long term archive. With remote plugin for > >>>>>>> > > >two > >>>>>>> > >>>>>>> imaps, users > >>>>>>> > >>>>>>> > > >can > >>>>>>> > > >switch between mail and archive. > >>>>>>> > > > > >>>>>>> > > >Anyway here is the main.inc.php > >>>>>>> > > > > >>>>>>> > > >$rcmail_config[address_book_**type] = ldap; > >>>>>>> > > > > >>>>>>> > > >// In order to enable public ldap search, > >>>>>>> > > >configure an > >>>>>>> > >>>>>>> array > >>>>>>> like the > >>>>>>> > >>>>>>> > > >Verisign > >>>>>>> > > >// example further below. if you would like to > >>>>>>> > > >test, > >>>>>>> > >>>>>>> simply > >>>>>>> uncomment > >>>>>>> > >>>>>>> > > >the > >>>>>>> > > >example. > >>>>>>> > > >// Array key must contain only safe characters, > >>>>>>> > > >ie. > >>>>>>> > >>>>>>> a-zA-Z0-9_ > >>>>>>> > >>>>>>> > > >$rcmail_config[ldap_public] = array ( > >>>>>>> > > > > >>>>>>> > > > public => > >>>>>>> > > > array ( > >>>>>>> > > > > >>>>>>> > > > name => Public Addressbook, > >>>>>>> > > > hosts => > >>>>>>> > > > array ( > >>>>>>> > > > > >>>>>>> > > > 0 => some IP, > >>>>>>> > > > > >>>>>>> > > > ), > >>>>>>> > > > port => 389, > >>>>>>> > > > use_tls => false, > >>>>>>> > > > ldap_version => 3, > >>>>>>> > > > user_specific => false, > >>>>>>> > > > base_dn => ou=People,dc=xxx,dc=xxx, > >>>>>>> > > > bind_dn => cn=Some admin,dc=xxx,dc=xxx, > >>>>>>> > > > bind_pass => xxxxx, > >>>>>>> > > > search_base_dn => > >>>>>>> > > > ou=People,dc=xxxx,dc=xxx, > >>>>>>> > > > search_filter => > >>>>>>> > >>>>>>> (&(objectClass=posixAccount)(**uid=%u)), > >>>>>>> > >>>>>>> > > > search_bind_dn => cn=Some > >>>>>>> > > > admin,dc=xxxxx,dc=xxx, > >>>>>>> > > > search_bind_pw => xxxxxxx, > >>>>>>> > > > > >>>>>>> > > > search_dn_default => , > >>>>>>> > > > auth_cid => , > >>>>>>> > > > auth_method => , > >>>>>>> > > > hidden => false, > >>>>>>> > > > searchonly => false, > >>>>>>> > > > writable => false, > >>>>>>> > > > LDAP_Object_Classes => > >>>>>>> > > > array ( > >>>>>>> > > > > >>>>>>> > > > 0 => top, > >>>>>>> > > > 1 => inetOrgPerson, > >>>>>>> > > > > >>>>>>> > > > ), > >>>>>>> > > > LDAP_rdn => mail, > >>>>>>> > > > required_fields => > >>>>>>> > > > array ( > >>>>>>> > > > > >>>>>>> > > > 0 => cn, > >>>>>>> > > > 1 => sn, > >>>>>>> > > > 2 => mail, > >>>>>>> > > > 3 => uid, > >>>>>>> > > > > >>>>>>> > > > ), > >>>>>>> > > > search_fields => > >>>>>>> > > > array ( > >>>>>>> > > > > >>>>>>> > > > 0 => uid, > >>>>>>> > > > 1 => mail, > >>>>>>> > > > 2 => cn, > >>>>>>> > > > > >>>>>>> > > > ), > >>>>>>> > > > fieldmap => > >>>>>>> > > > array ( > >>>>>>> > > > > >>>>>>> > > > name => cn, > >>>>>>> > > > surname => sn, > >>>>>>> > > > firstname => givenName, > >>>>>>> > > > email => mail, > >>>>>>> > > > phone:home => homePhone, > >>>>>>> > > > phone:work => telephoneNumber, > >>>>>>> > > > phone:mobile => mobile, > >>>>>>> > > > street => street, > >>>>>>> > > > zipcode > >>>>>> > >>>>>> -- > >>>>>> Aleksandar Kacanski > >>> > >>> -- > >>> Aleksandar Kacanski _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/8f4f07cd
