OBM is enterprise-class messaging and collaboration platform for workgroup or enterprises with many thousands users. OBM includes Groupware, messaging server, CRM, LDAP, Windows Domain, smartphone and PDA synchronization…
OBM is shipped with a LL::NG plugin with these features:
To enable LL::NG authentication plugin, go in /etc/obm/obm_conf.inc:
$auth_kind = 'LemonLDAP'; $lemonldap_config = Array( "auto_update" => true, "auto_update_force_user" => true, "auto_update_force_group" => false, "url_logout" => "https://OBMURL/logout", "server_ip_address" => "localhost", "server_ip_check" => false, "debug_level" => "NONE", // "debug_header_name" => "HTTP_OBM_UID", // "group_header_name" => "HTTP_OBM_GROUPS", "headers_map" => Array( //"userobm_gid" => "HTTP_OBM_GID", //"userobm_domain_id" => , "userobm_login" => "HTTP_OBM_UID", "userobm_password" => "HTTP_OBM_USERPASSWORD", //"userobm_password_type" => , "userobm_perms" => "HTTP_OBM_PERMS", //"userobm_kind" => , "userobm_lastname" => "HTTP_OBM_SN", "userobm_firstname" => "HTTP_OBM_GIVENNAME", // "userobm_title" => "HTTP_OBM_TITLE", "userobm_email" => "HTTP_OBM_MAIL", "userobm_datebegin" => "HTTP_OBM_DATEBEGIN", //"userobm_account_dateexp" => , //"userobm_delegation_target" => , //"userobm_delegation" => , "userobm_description" => "HTTP_OBM_DESCRIPTION", //"userobm_archive" => , //"userobm_hidden" => , //"userobm_status" => , //"userobm_local" => , //"userobm_photo_id" => , "userobm_phone" => "HTTP_OBM_TELEPHONENUMBER", //"userobom_phone2" => , //"userobm_mobile" => , "userobm_fax" => "HTTP_OBM_FACSIMILETELEPHONENUMBER", //"userobm_fax2" => , "userobm_company" => "HTTP_OBM_O", //"userobm_direction" => , "userobm_service" => "HTTP_OBM_OU", "userobm_address1" => "HTTP_OBM_POSTALADDRESS", //"userobm_address2" => , //"userobm_address3" => , "userobm_zipcode" => "HTTP_OBM_POSTALCODE", "userobm_town" => "HTTP_OBM_L", "userobm_zipcode" => "HTTP_OBM_POSTALCODE", "userobm_town" => "HTTP_OBM_L", //"userobm_expresspostal" => , //"userobm_host_id" => , //"userobm_web_perms" => , //"userobm_web_list" => , //"userobm_web_all" => , //"userobm_mail_perms" => , //"userobm_mail_ext_perms" => , //"userobm_mail_server_id" => , //"userobm_mail_server_hostname" => , "userobm_mail_quota" => "HTTP_OBM_MAILQUOTA", //"userobm_nomade_perms" => , //"userobm_nomade_enable" => , //"userobm_nomade_local_copy" => , //"userobm_email_nomade" => , //"userobm_vacation_enable" => , //"userobm_vacation_datebegin" => , //"userobm_vacation_dateend" => , //"userobm_vacation_message" => , //"userobm_samba_perms" => , //"userobm_samba_home" => , //"userobm_samba_home_drive" => , //"userobm_samba_logon_script" => , // ---- Unused values ? ---- "userobm_ext_id" => "HTTP_OBM_SERIALNUMBER", //"userobm_system" => , //"userobm_nomade_datebegin" => , //"userobm_nomade_dateend" => , //"userobm_location" => , //"userobm_education" => , ), );
Parameters:
Edit also OBM configuration to enable LL::NG Handler:
<VirtualHost *:80> ServerName obm.example.com # SSO protection PerlHeaderParserHandler Lemonldap::NG::Handler DocumentRoot /usr/share/obm/php ... </VirtualHost>
server {
listen 80;
server_name obm.example.com;
root /usr/share/obm/php;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH "";
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
# Client requests
location ~ \.php$ {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
...
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}
You will need to collect all attributes needed to create a user in OBM, this includes:
To add these attributes, go in Manager, Variables » Exported Variables.
You may also create these macros to manage OBM administrator account (Variables » Macros):
| field | value |
|---|---|
| uidR | ($uid =~ /^admin0/i)[0] ? "admin0\@global.virt" : $uid |
| mailR | ($uid =~ /^admin0/i)[0] ? "" : ($mail =~ /^([^@]+)/)[0] . "\@example.com" |
Create OBM virtual host (for example obm.example.com) in LL::NG configuration: Virtual Hosts » New virtual host.
Then edit rules and headers.
Define at least:
| field | value |
|---|---|
| ^/logout | logout_sso |
| ^/obm-sync | unprotect |
| ^/minig | unprotect |
| ^/Microsoft-Server-ActiveSync | unprotect |
| ^/caldav | unprotect |
| default | accept (or whatever you want) |
Define headers used in OBM mapping, for example:
| field | valeur |
|---|---|
| OBM_GIVENNAME | $givenName |
| OBM_GROUPS | $groups |
| OBM_UID | $uidR |
| OBM_MAIL | $mailR |
| OBM_USERPASSWORD | $_password |
Do not forget to add OBM in applications menu.