Topic: anyone have Davical LDAP Settings config file they can share

Curious if anyone has a davical  /etc/davical/config.php  (that integrates with iRedMail LDAP) that you could share?



Re: anyone have Davical LDAP Settings config file they can share

Nate: did you manage to find a working LDAP config for DaviCal when pointing it at the OpenLDAP install from iRedMail.

I have managed to get Ejabberd working against the same LDAP, but my similar efforts for DaviCal, Axjaxplorer, WebDav have yet to provide a working solution - note I used the iRedMail generated read-only account vmail rather than the Manager account just in case that password gets busted wide open....so for Ejabberd /etc/ejabberd.cfg I added:

{auth_method, ldap}.
{ldap_servers, ["ldap.domain.tld"]}.
{ldap_encrypt, none}.
{ldap_port, 389}.
{ldap_rootdn, "cn=vmail,dc=domain,dc=TLD"}.
{ldap_password, "big-nasty-password"}.
{ldap_base, "o=domains,dc=domain,dc=TLD"}.
{ldap_uids, [{"uid"}]}.
{ldap_filter," (enabledService=ejabberd)"}. 

Though rather than using an adjusted base ou=Users, via phpLDAPAdmin I added a new service tag to all XMPP permitted users otherwise users such as postmaster/noreply/admin show up in EJabberd roster. So the updated LDAP filter to restrict the user base was then shown in the ldap_filter (enabledService=ejabberd)


Re: anyone have Davical LDAP Settings config file they can share

Ok here is working config for Davical, OpenLDAP with iRedMail configuration - edit the Davical config file matching your hostname (or the one linked to /etc/davical/localhost-conf..php):

It typically as default config looks something like:

$c->admin_email = 'admin@domain.tld';
$c->system_name = "CalDAV Server";
$c->default_locale = 'en_GB';
$c->local_tzid = 'Europe/London';
$c->enable_row_linking = true;
$c->public_freebusy_url = true;
$c->pg_connect[] = 'dbname=davical user=davical_app';

If you want any privileges granted to all by default then add as the next line something like:

$c->default_privileges = array('read-free-busy', 'schedule-deliver');

To get Calendar clients to correctly behave, in the case of Thunderbird and not to auto-schedule in others calendars then add:

$c->enable_auto_schedule = false;

And finally....the LDAP configuration - all the added service tag of Davical (in my example):

$c->authenticate_hook['call'] = 'LDAP_check';
$c->authenticate_hook['config'] = array(
   'host'          => 'ldap.domain.tld',
   'port'          => '389',
   'filterUsers'   => '(&(enabledService=davical))',
   'bindDN'        => 'cn=vmail,dc=domain,dc=tld',
   'passDN'        => 'big-nasty-password',
   'baseDNUsers'   => 'ou=Users,domainName=domain.tld,o=domains,dc=domain,dc=tld',
   'protocolVersion' => 3,
   'scope' => 'subtree',
   'mapping_field' => array(
                            'username' => 'mail',
                            'modified'  => 'modifyTimestamp',
                            'fullname' => 'cn',
                            'email'    => 'mail'),
   'default_value' => array("date_format_type" => "E","locale" => "en_GB"),
   'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),);
$c->do_not_sync_from_ldap = array( 'admin' => true );

So some differences here to what I found generally available against Davical knowledge bases:

1. Mapping_field: 'username' => 'mail' - by default its 'username' => 'uid', if you already have defined calendars using user@domain.tld then it fails, so this makes it work and allows the full email username including domain.tld to be used - this is better for servers hosting multiple domains
2. The rest of Mapping_field, date_format_type and format_updated is as per OpenLDAP suggestions (rather than Active Directory)
3. Ensure Davical admin user can connect regardless of LDAP entry - do_not_sync_from_ldap = array( 'admin' => true )

For Apple OSX/IOS Address Book lookups following guidance from this forum becomes:

hostname: ldap.domain.tld
port: 389
baseDN: domainName=domain.tld,o=domains,dc=domain,dc=tld
bindDN: mail=XXX@domain.tld,ou=Users,domainName=domain.tld,o=domains,dc=domain,dc=tld
Scope: Subtree
Filter: (&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailList)(objectClass=mailAlias)(objectClass=mailUser)))

Where XXX is the username part of the full email address and when connecting you must specify the matching password of the mail username XXX@domain.tld

I have Ajaxplorer, Lighttpd and WebDav to attempt next but it should be very similar to the above for Davical with the username field mapping to mail and not uid.