Page MenuHomekolab.org

Kolab on debian - posix user
Closed, ResolvedPublic

Description

Hello and thank you for this great package :)

Problem 1: Creating posix users doesnt work . aka no unix users are ceated .

Problem 2: Creating Email user with posix account dosnt not work: email works but user doesnt exist in the unix/linux posix system .

setup tested on a working installation on debian 8,9 and 10, with and without backports enabled .

Best regards

Details

Ticket Type
Task

Event Timeline

gpunk created this task.May 21 2020, 10:22 PM
gpunk triaged this task as High priority.

Changing to hight, since it is a non working advertised feature -- hence a blocking problem .

jh23453 added a subscriber: jh23453.EditedJul 4 2020, 7:26 PM

Hello gpunk,

my guess is that there is a misunderstanding what a posix user in Kolab is.

All Kolab users are created in the LDAP directory under ou=People,dc=example,dc=org.
A posix user in Kolab has more attributes that a Kolab user, especially a numeric uid,
a shell, and a home directory.

Creating such a local user would require root access, which kolab-webadmin doesn't have.
Also you would only get the user created on the Kolab server, which doesn't seem
too useful.

You can configure your Linux systems to get the users from LDAP.
I suggest you have a look at sssd - which can access LDAP and caches the credentials.
You need two parts:

  1. /etc/nsswitch.conf: With
passwd:         compat sss systemd
group:          compat sss systemd
shadow:         compat sss

or similar you can resolve users with sssd. You'll need the packages libnss-sss, sssd, and sssd-ldap.

  1. Add pam_sss to your PAM configuration in /etc/pam.d. You'll need libpam-sss for that.

Does that help you?
Jochen

gpunk closed this task as Resolved.Mon, Jul 6, 12:39 PM
gpunk claimed this task.

Yes I agree a 1000% (three zeros!)
I taught about it a while ago, but was very busy,

Kolab is a "big script" of php/html etc, that is run by apache and it's helpers (php-fpm for examples)
and all these guys run under the uid of www-data ...
Which never in the history of "unix" was able to create "unix" users, the job of "root" ... , otherwise ... we would have been doomed decades ago !

Sorry for the spam ... we humains get tired sometimes ...