Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP sync for Team Mailboxes #1115

Open
chibenwa opened this issue Jul 2, 2024 · 13 comments
Open

LDAP sync for Team Mailboxes #1115

chibenwa opened this issue Jul 2, 2024 · 13 comments
Labels
enhancement New feature or request

Comments

@chibenwa
Copy link
Member

chibenwa commented Jul 2, 2024
edited by Arsnael
Loading

Why?

Automate Team mailboxes and mailing lists management through LDAP.

Be able to synchronise a list of groups from the LDAP as Twake Mail mailboxes and mailing lists.

Those groups could then be defined from a set of rules defined and replicated by a LinID bot.

This approach is very flexible and hopefully not specific to James / mails. We only need a LSC connector

LDAP data

I want to synchronise ou=groups,dc=james,dc=org in the following LDIF:

dn: ou=groups, dc=james,dc=org
ou: groups
objectClass: organizationalUnit

dn: cn=sales,ou=groups, dc=james,dc=org
objectclass: top
objectclass: groupofnames
member: uid=usera,ou=people,dc=james,dc=org
member: uid=userb,ou=people,dc=james,dc=org
cn: mygroup
ou: groups
businessCategory: tmailbox

dn: cn=hiring,ou=groups, dc=james,dc=org
objectclass: top
objectclass: groupofnames
member: uid=userc,ou=people,dc=james,dc=org
member: uid=userb,ou=people,dc=james,dc=org
cn: mygroup
ou: groups
businessCategory: mlist

Resulting in the following:

Please note that:

  • We can use the CN in order to build the local part of a group.
  • User mails needs to be recovered from their DN and not inferred by their uid

How?

Add a script for LSC twake mail in order to do this.
@chibenwa chibenwa added the enhancement New feature or request label Jul 2, 2024
@chibenwa
Copy link
Member Author

chibenwa commented Jul 2, 2024

@guimard is it possible to attach a mail property into the groupofnames ? Or we just use the cn for building the team mailbox name?

@guimard
Copy link
Member

guimard commented Jul 2, 2024

@guimard is it possible to attach a mail property into the groupofnames ? Or we just use the cn for building the team mailbox name?

Not directly, we need a schemas change

@chibenwa
Copy link
Member Author

chibenwa commented Jul 2, 2024

Ok then we can likely configure the domain name on LSC, and rely on the cn to build the mail address.

@guimard
Copy link
Member

guimard commented Jul 3, 2024
edited
Loading

Ok then we can likely configure the domain name on LSC, and rely on the cn to build the mail address.

Not exactly: we need to distinguish groups with mail and groups without. Maybe more, group mailbox can be :

  • a "team mailbox" : shared messages
  • a mailing list : a copy of mail for each member

A standard LDAP group has the following attributes :

  • cn
  • member (multi-valued)
  • optional:
    • businessCategory
    • seeAlso
    • owner
    • ou (multi-valued)
    • o
    • description

@chibenwa, @jcabannes, @shepilov: maybe we can use the "businessCategory" here to defined the "role" of the group. For example if:

  • it contains "tmailbox" => team mailbox
  • it contains "mlist" => mailing list
  • it contains "drive" => shared drive

@chibenwa
Copy link
Member Author

chibenwa commented Jul 3, 2024
edited
Loading

@chibenwa, @jcabannes, @shepilov: maybe we can use the "businessCategory" here to defined the "role" of the group.

I am not against but I thought the LDAP base would serve this purpose.

dn: ou=tmailbox, dc=james,dc=org
dn: ou=mlist, dc=james,dc=org

dn: cn=sales,ou=tmailbox, dc=james,dc=org
dn: cn=hiring,ou=tmailbox, dc=james,dc=org

dn: cn=paris,ou=mlist, dc=james,dc=org

I think it could be simpler.

(Can businessCategory be multi-valued?)

@guimard
Copy link
Member

guimard commented Jul 3, 2024

@chibenwa, @jcabannes, @shepilov: maybe we can use the "businessCategory" here to defined the "role" of the group.

I am not against but I thought the LDAP base would serve this purpose.

dn: ou=tmailbox, dc=james,dc=org
dn: ou=mlist, dc=james,dc=org

dn: cn=sales,ou=tmailbox, dc=james,dc=org
dn: cn=hiring,ou=tmailbox, dc=james,dc=org

dn: cn=paris,ou=mlist, dc=james,dc=org

I think it could be simpler.

(Can businessCategory be multi-valued?)

But then it exclude having both mail and drive, no ?

@chibenwa
Copy link
Member Author

chibenwa commented Jul 3, 2024

Can businessCategory be multi-valued?

@guimard
Copy link
Member

guimard commented Jul 3, 2024

Can businessCategory be multi-valued?

Yes but I prefer a space-concatened string

@chibenwa
Copy link
Member Author

chibenwa commented Jul 3, 2024

Ok then I fully agree to use businessCategory

@guimard
Copy link
Member

guimard commented Jul 5, 2024

Ok then I fully agree to use businessCategory

@jcabannes OK for you also ?

@jcabannes
Copy link
Member

Ok for me too

@Arsnael
Copy link
Member

Arsnael commented Jul 18, 2024

Updated the description of the task with usage of businessCategory for differentiation between team mailbox and ml group.

Let me know if it's ok.

Moving this to ToDo. When can we expect businessCategory put in place on ldap for prod?

@chibenwa
Copy link
Member Author

Back to backlog as this is not essential for upcoming client projects.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@guimard @chibenwa @Arsnael @jcabannes