OBM is enterprise-class messaging and collaboration platform for workgroup or enterprises with many thousands users. OBM includes Groupware, messaging server, CRM, LDAP, Windows Domain, smartphone and PDA synchronization…
OBM is shipped with a LL::NG plugin with these features:
To enable LL::NG authentication plugin, go in /etc/obm/obm_conf.inc:
$auth_kind = 'LemonLDAP'; $lemonldap_config = Array( "auto_update" => true, "auto_update_force_user" => true, "auto_update_force_group" => false, "url_logout" => "https://OBMURL/logout", "server_ip_address" => "localhost", "server_ip_check" => false, "debug_level" => "NONE", // "debug_header_name" => "HTTP_OBM_UID", // "group_header_name" => "HTTP_OBM_GROUPS", "headers_map" => Array( //"userobm_gid" => "HTTP_OBM_GID", //"userobm_domain_id" => , "userobm_login" => "HTTP_OBM_UID", "userobm_password" => "HTTP_OBM_USERPASSWORD", //"userobm_password_type" => , "userobm_perms" => "HTTP_OBM_PERMS", //"userobm_kind" => , "userobm_lastname" => "HTTP_OBM_SN", "userobm_firstname" => "HTTP_OBM_GIVENNAME", // "userobm_title" => "HTTP_OBM_TITLE", "userobm_email" => "HTTP_OBM_MAIL", "userobm_datebegin" => "HTTP_OBM_DATEBEGIN", //"userobm_account_dateexp" => , //"userobm_delegation_target" => , //"userobm_delegation" => , "userobm_description" => "HTTP_OBM_DESCRIPTION", //"userobm_archive" => , //"userobm_hidden" => , //"userobm_status" => , //"userobm_local" => , //"userobm_photo_id" => , "userobm_phone" => "HTTP_OBM_TELEPHONENUMBER", //"userobom_phone2" => , //"userobm_mobile" => , "userobm_fax" => "HTTP_OBM_FACSIMILETELEPHONENUMBER", //"userobm_fax2" => , "userobm_company" => "HTTP_OBM_O", //"userobm_direction" => , "userobm_service" => "HTTP_OBM_OU", "userobm_address1" => "HTTP_OBM_POSTALADDRESS", //"userobm_address2" => , //"userobm_address3" => , "userobm_zipcode" => "HTTP_OBM_POSTALCODE", "userobm_town" => "HTTP_OBM_L", "userobm_zipcode" => "HTTP_OBM_POSTALCODE", "userobm_town" => "HTTP_OBM_L", //"userobm_expresspostal" => , //"userobm_host_id" => , //"userobm_web_perms" => , //"userobm_web_list" => , //"userobm_web_all" => , //"userobm_mail_perms" => , //"userobm_mail_ext_perms" => , //"userobm_mail_server_id" => , //"userobm_mail_server_hostname" => , "userobm_mail_quota" => "HTTP_OBM_MAILQUOTA", //"userobm_nomade_perms" => , //"userobm_nomade_enable" => , //"userobm_nomade_local_copy" => , //"userobm_email_nomade" => , //"userobm_vacation_enable" => , //"userobm_vacation_datebegin" => , //"userobm_vacation_dateend" => , //"userobm_vacation_message" => , //"userobm_samba_perms" => , //"userobm_samba_home" => , //"userobm_samba_home_drive" => , //"userobm_samba_logon_script" => , // ---- Unused values ? ---- "userobm_ext_id" => "HTTP_OBM_SERIALNUMBER", //"userobm_system" => , //"userobm_nomade_datebegin" => , //"userobm_nomade_dateend" => , //"userobm_location" => , //"userobm_education" => , ), );
Parameters:
Edit also OBM configuration to enable LL::NG Handler:
<VirtualHost *:80> ServerName obm.example.com # SSO protection PerlHeaderParserHandler Lemonldap::NG::Handler DocumentRoot /usr/share/obm/php ... </VirtualHost>
server {
  listen 80;
  server_name obm.example.com;
  root /usr/share/obm/php;
  # Internal authentication request
  location = /lmauth {
    internal;
    include /etc/nginx/fastcgi_params;
    fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
    # Drop post datas
    fastcgi_pass_request_body  off;
    fastcgi_param CONTENT_LENGTH "";
    # Keep original hostname
    fastcgi_param HOST $http_host;
    # Keep original request (LLNG server will received /llauth)
    fastcgi_param X_ORIGINAL_URI  $request_uri;
  } 
 
  # Client requests
  location ~ \.php$ {
    auth_request /lmauth;
    auth_request_set $lmremote_user $upstream_http_lm_remote_user;
    auth_request_set $lmlocation $upstream_http_location;
    error_page 401 $lmlocation;
    try_files $uri $uri/ =404;
 
    ...
 
    include /etc/lemonldap-ng/nginx-lua-headers.conf;
  }
  location / {
    try_files $uri $uri/ =404;
  }
}
You will need to collect all attributes needed to create a user in OBM, this includes:
To add these attributes, go in Manager, Variables » Exported Variables.
You may also create these macros to manage OBM administrator account (Variables » Macros):
| field | value | 
|---|---|
| uidR | ($uid =~ /^admin0/i)[0] ? "admin0\@global.virt" : $uid | 
| mailR | ($uid =~ /^admin0/i)[0] ? "" : ($mail =~ /^([^@]+)/)[0] . "\@example.com" | 
Create OBM virtual host (for example obm.example.com) in LL::NG configuration: Virtual Hosts » New virtual host.
Then edit rules and headers.
Define at least:
| field | value | 
|---|---|
| ^/logout | logout_sso | 
| ^/obm-sync | unprotect | 
| ^/minig | unprotect | 
| ^/Microsoft-Server-ActiveSync | unprotect | 
| ^/caldav | unprotect | 
| default | accept (or whatever you want) | 
Define headers used in OBM mapping, for example:
| field | valeur | 
|---|---|
| OBM_GIVENNAME | $givenName | 
| OBM_GROUPS | $groups | 
| OBM_UID | $uidR | 
| OBM_MAIL | $mailR | 
| OBM_USERPASSWORD | $_password | 
Do not forget to add OBM in applications menu.