eGroupWare + smbldap-tools integration with SQL hack

Submitted by hswong3i on Mon, 2009/02/23 - 04:08

By default, smbldap-populate will add groups 'Domain User' with gidnumber 513, and 'Administrators' with gidnumber 544. This can map with eGroupWare's default groups 'Default' and 'Admins'. On the other hand, smbldap-populate will add default administrator account 'root' with uidnumber 0, where it is invalid for eGroupWare (eGroupWare count account id with AUTO_INCREMENT, where starting from 1 and so 0 is invalid). We need some tricks in order to integrate them:

  1. Populate default Samba LDAP schema with following command:
    smbldap-populate -l 65534
  2. Create a first smbldap user 'postmaster' with uid 1001.
  3. Install eGroupWare as usual, use SQL for both user authentication and store/retrieve user accounts.
  4. Create SQL admin account with username 'postmaster', and "Delete all existing SQL accounts, groups, ACLs and preferences".
  5. After eGroupWare installation complete, run the following SQL hack from phpmyadmin, in order to update related users and groups record:
    -- Update egw_acl 'Default' group related record.
    UPDATE egw_acl SET acl_location = -513 WHERE acl_location = -(
      SELECT account_id FROM egw_accounts WHERE account_lid = 'Default' AND account_type = 'g'
    ) AND acl_account > 0;
    UPDATE egw_acl SET acl_account = -513 WHERE acl_account = -(
      SELECT account_id FROM egw_accounts WHERE account_lid = 'Default' AND account_type = 'g'
    );

    -- Update egw_acl 'Admins' group related record.
    UPDATE egw_acl SET acl_location = -544 WHERE acl_location = -(
      SELECT account_id FROM egw_accounts WHERE account_lid = 'Admins' AND account_type = 'g'
    ) AND acl_account > 0;
    UPDATE egw_acl SET acl_account = -544 WHERE acl_account = -(
      SELECT account_id FROM egw_accounts WHERE account_lid = 'Admins' AND account_type = 'g'
    );

    -- Update egw_acl 'postmaster' user related record.
    UPDATE egw_acl SET acl_account = 1001 WHERE acl_account = (
      SELECT account_id FROM egw_accounts WHERE account_lid = 'postmaster' AND account_type = 'u'
    );

    -- Update 'Default' group as 'Domain Users' with id 513.
    UPDATE egw_accounts SET account_id = 513, account_lid = 'Domain Users' WHERE account_lid = 'Default';
    -- Update 'Admins' group as 'Administrators' with id 544.
    UPDATE egw_accounts SET account_id = 544, account_lid = 'Administrators' WHERE account_lid = 'Admins';
    -- Update 'postmaster' account id as 1001.
    UPDATE egw_accounts SET account_id = 1001, account_primary_group = 544 WHERE account_lid = 'postmaster' AND account_type = 'u';
  6. Go back to eGroupWare setup, switch user authentication and store/retrieve backend as LDAP.
  7. Login eGroupWare with account 'postmaster'. You should get all required privilege!

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <h1> <h2> <h3> <h4> <h5> <h6> <em> <strong> <code> <del> <blockquote> <q> <sub> <p> <br> <ul> <ol> <li> <dl> <dt> <dd> <a> <b> <u> <i> <sup> <acronym> <pre> <img>
  • Lines and paragraphs break automatically.
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.
  • Images can be added to this post.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.