Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - markc

Pages: 1 [2] 3 4
16
How To's / Re: Feng Office & Google Apps Email/Calendar/Contacts
« on: August 23, 2010, 04:04:17 pm »
Also...come to think of it. Be sure and double check or disable the firewall on your FO box.

It is not improbable that your workstation has a more open firewall than the FO server. We know that you've tried the servers that google recommends (at least for @gmail.com) addresses, and you're getting "Connection refused" so it may not be able to talk to the imap server at all. I bet if it was the username or the password that was wrong you'd get something more along those lines as the error (just a guess).

hth,
Mark

17
How To's / Re: Feng Office & Google Apps Email/Calendar/Contacts
« on: August 23, 2010, 03:59:42 pm »
I presume you've been able to get this working in Outlook Express, Windows Mail, Thunderbird, or etc.?

If not, you should. In this case fengoffice is the unknown and so you should get it working in a more regular environment first. Any errors you receive from those mail clients while doing so will be vastly more documented than anything you'll find on FO.

Then, when that works, move the settings over verbatim and you'll finally have an argument against FO's implementation. Until then there are too many unknowns.

hth,
Markc

18
How To's / Re: Feng Office & Google Apps Email/Calendar/Contacts
« on: August 23, 2010, 03:30:59 pm »
Well, I am not in a similar position but I looked up the gmail page on using IMAP:

http://mail.google.com/support/bin/topic.py?hl=en&topic=12806

I looked on the pages for Windows Mobile 6, Outlook '07, and Apple Mail 2.0 to get a bit of variation and they all say to use 'imap.gmail.com' and 'smtp.gmail.com' instead of using the 'googlemail.com' domain you have entered.

I did nslookup on them and it looks like they are not the same server.
Quote
Non-authoritative answer:
Name:    googlemail-imap.l.google.com
Address:  74.125.95.16
Aliases:  imap.googlemail.com

Quote
Non-authoritative answer:
Name:    gmail-imap.l.google.com
Address:  74.125.95.109
Aliases:  imap.gmail.com

I have never actually set up IMAP access to my gmail account so I may be missing something... This would be easy enough to overlook though (especially if it used to be the googlemail.com domain), so I thought I'd mention it.

I don't know anything about the calendar sync so I'd be searching from scratch on that one. Maybe someone else has an idea there.

hth,
Mark

19
Getting Started / Re: Active Directory Integration
« on: August 23, 2010, 12:34:20 pm »
I've just pulled up the MySQL db for my test FO instance. If I change my local username there to something that does not exist I can no longer log in regardless of the fact the nothing has changed in LDAP.

I'm not a dev...but I suspect this is because LDAP is a recent addition to this project and at the end of the day it consists of nothing more than a few new functions to bind to LDAP to check the password. I tried modifying the functions and a few others and all I could get was newer and more exciting errors (which tells me I was in the right place, but that it isn't that simple).

When you try to set permissions on a workspace for user 'bob', or assign a task or milestone to him, or update the "last changed at/by" timestamp on a file when he edits it, all of those functions are still using the usernames and numbers from MySQL.

Unfortunately the ideal scenario in which FO keeps its data in MySQL for a list of nameless users that it trusts LDAP to provide seems like quite an undertaking and not something to expect in the short term.

If it helps any, /fengoffice/console.php lets you add local users at the command line. I used a slightly modified version of that script and an export of my AD data to create the local users and it has been perfectly seamless ever since.

hth,
Mark

20
Getting Started / Re: Active Directory Integration
« on: August 23, 2010, 11:42:52 am »
-Set debug=true in config/config.php to have a log.

-Make sure the php-ldap library is installed.

-Remember that to log in as an LDAP user, that same user must exist as a local user in FO. I usually just create the new account with the random password option and set it not to email it to the user; so the local password remains unknown and unused.

hth,
Mark

21
Getting Started / Re: Active Directory Integration
« on: August 20, 2010, 12:35:32 pm »
No problem. It is probably obvious, but do note that my binddn was not in the standard ou.


Quote
<?php

  /**
  * ldap.config.example.php is sample configuration file for ldap authentication.
  * Rename it in ldap.config.php and change the values acconrding to your env.
  *
  * @author Luca Corbo <luca.corbo@2bopen.org>
  */

  // The configuration array:
  $config_ldap = array (
      'binddn'    => 'cn=USER,ou=users,ou=dallas,dc=blahblahblah,dc=com',
      'bindpw'    => 'PASS',
      'basedn'    => 'dc=blahblahblah,dc=com',
      'host'      => 'blah-dc1.blahblahblah.com:3268',
      'uid'       => 'sAMAccountName' //Change in according with your settings to match the userid entry
  );
  return true;

?>

22
Getting Started / Re: LDAP logout white screen
« on: August 17, 2010, 02:07:16 pm »
markc, I see how your setup is working. I mean the patch so local FO and LDAP working at the same time. But what  If admins are only local. In your situation if LDAP fails, you can check against local. However,  if LDAP admin is just a normal user of FO and FO admin is another guy. LDAP admin can gain access as an FO admin easily by just adding the same FO admin user name into the LDAP. I see this a security problem.
On the other hand, it is going to be interesting to combine my approach and yours so you can check normal users/passwords against  LDAP first then local and FO admins are only local. I will try to do that.

Ahhh. Now it clicks and I hope the devs do give this a bit of thought...

You don't want a username to be allowed to be an FO admin if they exist in AD/LDAP. I can see your concern. If I created an 'admin' account in AD I could override the one in FO. In my situation I don't care because our company is so small that I am one of only two people who could do this, but I could see it as an issue in larger companies...especially if you've got FO set to be looking through the entire user structure! I may try out your patch anyway though.

Thank you,
Mark

23
Getting Started / Re: LDAP logout white screen
« on: August 16, 2010, 11:38:43 am »
Thank you markc for your response

Yes I mean solution for keeping FO admins local. I tired the solution posted in the forum but it did not do it. It basicly reroutes password check to local for all users. IT is equal to LDAP set to false.

I am still having the logout white screen it is for admin accounts only, regular users are ok.

I don't think it is quite the same as setting ldap to false, since I am able to log in with ldap users/passwords just fine the patch I mentioned. It always takes me a minute to walk through the patch and remember the exact logic, but basically it only checks to make sure the local FO user exists and then it doesn't actually try local login unless ldap login fails.

In my environment the only user that is local to FO but is not in ldap is the admin user, so that patch basically just turns the local admin user back on for me. It is true that all of my ldap users are also local FO users but it doesn't bother me because I had FO set random passwords, no one knows what they are, and ldap is being checked first.

I am glad you found a solution too though! Hopefully someone else who needs the same thing will come across it. :)

Mark

24
Getting Started / Re: Active Directory Integration
« on: August 11, 2010, 05:20:53 pm »
Apparently this issue of only being able to use one OU has a solution. I tested the solution at this page http://forums.fengoffice.com/index.php?topic=4554.0 (connecting to AD on a different port) and it worked.

Actually I really only modified my base dn (removed the specific OUs) and tacked the new port number onto the host string and it worked. So there appears to be some flexibility as to how it is entered, as long as it is using the correct port.

HTH,
Mark

25
Getting Started / Re: LDAP logout white screen
« on: August 11, 2010, 05:16:28 pm »
Excellent! Thank you for this solution.

I and a few others had the AD login working, but several of us were limited to one OU!

That was on this topic:
http://forums.fengoffice.com/index.php?topic=4446.0

For anyone else coming across this, I'd like to mention that this apparently works because queries to the default LDAP port of 389 check a smaller portion of Active Directory than using the Global Catalog port of 3268. New to me, but great to know.

Here are some details on Microsoft's site about the difference:
http://technet.microsoft.com/en-us/library/cc978012.aspx ("Global Catalog and LDAP Searches")

As to your other points. 1. Try enabling debugging if you haven't already:
http://www.fengoffice.com/web/wiki/doku.php/debugging#switching_debugging_mode_on_off

2. Take a look at the second part of the second post on this page:
http://forums.fengoffice.com/index.php?topic=2821.0

^^ That deals with keeping the local admin user enabled. I'm not sure if that is exactly what you were looking for because I do not quite understand your #2 point. Could you clarify?

Thank you,
Mark

26
Getting Started / Re: Active Directory Integration
« on: August 03, 2010, 12:01:23 pm »
Don't rush off too fast! I believe a patch will be forthcoming for having multiple OUs. I'll write it myself if I have to.

As for your other issue, see post #2 here:
http://forums.fengoffice.com/index.php?topic=2821.0

The SECOND half of that post...as there are two patches he is talking about.

27
Mine did that at one point and it turned out to be a dependency issue. LDAP was failing to load within PHP. I'm not fully familiar with that and the whole PEAR setup but somehow or another I was pointed towards adding a few more packages and it started working so I just put them in my notes. This was also on Linux, not sure if you've mentioned your platform.

Anyway my notes just say to make sure these PHP libs are all installed (some of them are obvious cause you can't even install if they're missing):
php5-mysql
php5-gd
php5-ldap

Also had a note for 'simplexml' but I can't seem to find the package now so that may be one that FO handles for you.

hth,
Mark

28
Development / Re: LDAP 1.7 RC
« on: July 29, 2010, 02:31:27 pm »
See the fourth post in this thread for more info on the 'uid' field. It is possible for it to work configured as it is in your example (with 'uid' => 'cn') but there are complications.

hth,
Mark

edit: forgot the URL http://forums.fengoffice.com/index.php?topic=4469.0

29
Sure thing!

I've already thought of a few improvements besides getting the escaped delimiters regex working.

-For one I only put in the english lang info for the extra address fields.

-Also I came across a vcard that had quoted-printable encoding. My function just imported the encoded characters literally. Looks like vcard spec for v3 dropped that encoding and only supports b-type. This one did at least say v2.1 inside it though so it was kosher.

I see php has a convert function for QP so I may have to add a check/convert for that. I suspect there may be more of this issue to come with other types of encoding.

Mark

30
(edit: I'm of course only saying you need to do this part if you're using one of the patches that expands your address fields!)

OH!! Here is what I used to make mysql play nice with my new fields! If you happen to apply my patch before running the main installer, the patch fixes the schema file so you shouldn't have to do this.

If not...you need to add the following fields:

w_address2
w_address3
h_address2
h_address3
o_address2
o_address3

Base them on this example for the first few, or install phpmyadmin, or something. Be sure to update the name of the contacts table...yours may not be og_contacts.

ALTER TABLE `og_contacts` ADD `w_address2` VARCHAR( 200 ) NULL AFTER `w_address1` ;

ALTER TABLE `og_contacts` ADD `w_address3` VARCHAR( 200 ) NULL AFTER `w_address2` ;

...etc...etc...

Pages: 1 [2] 3 4