OBM is enterprise-class messaging and collaboration platform for workgroup or enterprises with many thousands users. OBM includes Groupware, messaging server, CRM, LDAP, Windows Domain, smartphone and PDA synchronization…
OBM is shipped with a LL::NG plugin with these features:
To enable LL::NG authentication plugin, go in /etc/obm/obm_conf.inc
:
$auth_kind = 'LemonLDAP';
$lemonldap_config = Array(
"auto_update" => true,
"auto_update_force_user" => true,
"auto_update_force_group" => false,
"url_logout" => "https://OBMURL/logout",
"server_ip_address" => "localhost",
"server_ip_check" => false,
"debug_level" => "NONE",
// "debug_header_name" => "HTTP_OBM_UID",
// "group_header_name" => "HTTP_OBM_GROUPS",
"headers_map" => Array(
//"userobm_gid" => "HTTP_OBM_GID",
//"userobm_domain_id" => ,
"userobm_login" => "HTTP_OBM_UID",
"userobm_password" => "HTTP_OBM_USERPASSWORD",
//"userobm_password_type" => ,
"userobm_perms" => "HTTP_OBM_PERMS",
//"userobm_kind" => ,
"userobm_lastname" => "HTTP_OBM_SN",
"userobm_firstname" => "HTTP_OBM_GIVENNAME",
// "userobm_title" => "HTTP_OBM_TITLE",
"userobm_email" => "HTTP_OBM_MAIL",
"userobm_datebegin" => "HTTP_OBM_DATEBEGIN",
//"userobm_account_dateexp" => ,
//"userobm_delegation_target" => ,
//"userobm_delegation" => ,
"userobm_description" => "HTTP_OBM_DESCRIPTION",
//"userobm_archive" => ,
//"userobm_hidden" => ,
//"userobm_status" => ,
//"userobm_local" => ,
//"userobm_photo_id" => ,
"userobm_phone" => "HTTP_OBM_TELEPHONENUMBER",
//"userobom_phone2" => ,
//"userobm_mobile" => ,
"userobm_fax" => "HTTP_OBM_FACSIMILETELEPHONENUMBER",
//"userobm_fax2" => ,
"userobm_company" => "HTTP_OBM_O",
//"userobm_direction" => ,
"userobm_service" => "HTTP_OBM_OU",
"userobm_address1" => "HTTP_OBM_POSTALADDRESS",
//"userobm_address2" => ,
//"userobm_address3" => ,
"userobm_zipcode" => "HTTP_OBM_POSTALCODE",
"userobm_town" => "HTTP_OBM_L",
"userobm_zipcode" => "HTTP_OBM_POSTALCODE",
"userobm_town" => "HTTP_OBM_L",
//"userobm_expresspostal" => ,
//"userobm_host_id" => ,
//"userobm_web_perms" => ,
//"userobm_web_list" => ,
//"userobm_web_all" => ,
//"userobm_mail_perms" => ,
//"userobm_mail_ext_perms" => ,
//"userobm_mail_server_id" => ,
//"userobm_mail_server_hostname" => ,
"userobm_mail_quota" => "HTTP_OBM_MAILQUOTA",
//"userobm_nomade_perms" => ,
//"userobm_nomade_enable" => ,
//"userobm_nomade_local_copy" => ,
//"userobm_email_nomade" => ,
//"userobm_vacation_enable" => ,
//"userobm_vacation_datebegin" => ,
//"userobm_vacation_dateend" => ,
//"userobm_vacation_message" => ,
//"userobm_samba_perms" => ,
//"userobm_samba_home" => ,
//"userobm_samba_home_drive" => ,
//"userobm_samba_logon_script" => ,
// ---- Unused values ? ----
"userobm_ext_id" => "HTTP_OBM_SERIALNUMBER",
//"userobm_system" => ,
//"userobm_nomade_datebegin" => ,
//"userobm_nomade_dateend" => ,
//"userobm_location" => ,
//"userobm_education" => ,
),
);
Parameters:
Edit also OBM configuration to enable LL::NG Handler:
<VirtualHost *:80>
ServerName obm.example.com
# SSO protection
PerlHeaderParserHandler Lemonldap::NG::Handler
DocumentRoot /usr/share/obm/php
...
</VirtualHost>
server {
listen 80;
server_name obm.example.com;
root /usr/share/obm/php;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post data
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH "";
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LL::NG server will receive /lmauth)
fastcgi_param X_ORIGINAL_URI $original_uri;
}
# Client requests
location ~ \.php$ {
auth_request /lmauth;
set $original_uri $uri$is_args$args;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
...
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}
You will need to collect all attributes needed to create a user in OBM, this includes:
To add these attributes, go in Manager, Variables
»
Exported Variables
.
Attention
If you plan to forward user’s password to OBM, then you have to keep the password in session.
You may also create these macros to manage OBM administrator account
(Variables
» Macros
):
field | value |
---|---|
uidR | ($uid =~ /^admin0/i)[0] ? "admin0\@global.virt" : $uid |
mailR | ($uid =~ /admin0/i)[0] ? "" : ($mail =~ / ([ @]+)/)[0] . "\@example.com" |
Create OBM virtual host (for example obm.example.com) in LL::NG
configuration: Virtual Hosts
» New virtual host
.
Then edit rules and headers.
Define at least:
field | value |
---|---|
^/logout | logout_sso |
^/obm-sync | unprotect |
^/minig | unprotect |
^/Microsoft-Server-ActiveSync | unprotect |
^/caldav | unprotect |
default | accept (or whatever you want) |
Define headers used in OBM mapping, for example:
field | valeur |
---|---|
OBM_GIVENNAME | $givenName |
OBM_GROUPS | $groups |
OBM_UID | $uidR |
OBM_MAIL | $mailR |
OBM_USERPASSWORD | $_password |
Do not forget to add OBM in applications menu.