On Wed, Jun 10, 2009 at 12:31:56PM +0200, Paweł Madej wrote:
To not spam to much this list i've pasted roundcube webmail LDAP part here http://pastebin.com/m6ba78ab4
It looks to me as if the per-user private addressbook facility requires a specific DIT structure with the username in the DN. This is very restrictive, so I suggest asking the developers to change it.
A more general solution requires something like this:
A 'system' DN and password to bind to the directory before we have verified the user. In some cases this search can be anonymous, but in others anon would be blocked by access-control policy.
A base DN from which to start a subtree search to find the user entry.
A configurable search spec to find user entries. In your case, this might say something like: (&(objectclass=account)(mail=%fu)) [Note the use of objectclass to prevent it from finding addressbook entries: we only want the main account entry at this stage]
Having found the user entry, the application should re-bind as the user for access to addressbooks etc.
For per-user addressbooks, you then want to prepend an optional RDN component to the user DN (e.g. cn=addressbook) and build the addressbook entries below that. I would suggest using a meaningless random number as the RDN of each entry.
Note that the use of search means that the DIT structure is not constrained by the application.
Andrew