OBM

Presentation

OBM is enterprise-class messaging and collaboration platform for workgroup or enterprises with many thousands users. OBM includes Groupware, messaging server, CRM, LDAP, Windows Domain, smartphone and PDA synchronization…

OBM is shipped with a LL::NG plugin with these features:

Configuration

OBM

To enable LL::NG authentication plugin, go in /etc/obm/obm_conf.inc: 

$auth_kind = 'LemonLDAP';
 
$lemonldap_config = Array(
                "auto_update"           => true,
                "auto_update_force_user" => true,
                "auto_update_force_group" => false,
                "url_logout"            => "https://OBMURL/logout",
                "server_ip_address"     => "localhost",
                "server_ip_check"       => false,
                "debug_level"           => "NONE",
//                "debug_header_name"     => "HTTP_OBM_UID",
//                "group_header_name"     => "HTTP_OBM_GROUPS",
                "headers_map"           => Array(
                        //"userobm_gid"                   => "HTTP_OBM_GID",
                        //"userobm_domain_id"           => ,
                        "userobm_login"                 => "HTTP_OBM_UID",
                        "userobm_password"              => "HTTP_OBM_USERPASSWORD",
                        //"userobm_password_type"       => ,
                        "userobm_perms"                 => "HTTP_OBM_PERMS",
                        //"userobm_kind"                => ,
                        "userobm_lastname"              => "HTTP_OBM_SN",
                        "userobm_firstname"             => "HTTP_OBM_GIVENNAME",
//                        "userobm_title"                 => "HTTP_OBM_TITLE",
                        "userobm_email"                 => "HTTP_OBM_MAIL",
                        "userobm_datebegin"             => "HTTP_OBM_DATEBEGIN",
                        //"userobm_account_dateexp"     => ,
                        //"userobm_delegation_target"   => ,
                        //"userobm_delegation"          => ,
                        "userobm_description"           => "HTTP_OBM_DESCRIPTION",
                        //"userobm_archive"             => ,
                        //"userobm_hidden"              => ,
                        //"userobm_status"              => ,
                        //"userobm_local"               => ,
                        //"userobm_photo_id"            => ,
                        "userobm_phone"                 => "HTTP_OBM_TELEPHONENUMBER",
                        //"userobom_phone2"             => ,
                        //"userobm_mobile"              => ,
                        "userobm_fax"                   => "HTTP_OBM_FACSIMILETELEPHONENUMBER",
                        //"userobm_fax2"                => ,
                        "userobm_company"               => "HTTP_OBM_O",
                        //"userobm_direction"           => ,
                        "userobm_service"               => "HTTP_OBM_OU",
                        "userobm_address1"              => "HTTP_OBM_POSTALADDRESS",
                        //"userobm_address2"            => ,
                        //"userobm_address3"            => ,
                        "userobm_zipcode"               => "HTTP_OBM_POSTALCODE",
                        "userobm_town"                  => "HTTP_OBM_L",
                        "userobm_zipcode"               => "HTTP_OBM_POSTALCODE",
                        "userobm_town"                  => "HTTP_OBM_L",
                        //"userobm_expresspostal"       => ,
                        //"userobm_host_id"             => ,
                        //"userobm_web_perms"           => ,
                        //"userobm_web_list"            => ,
                        //"userobm_web_all"             => ,
                        //"userobm_mail_perms"          => ,
                        //"userobm_mail_ext_perms"      => ,
                        //"userobm_mail_server_id"      => ,
                        //"userobm_mail_server_hostname" => ,
                        "userobm_mail_quota"            => "HTTP_OBM_MAILQUOTA",
                        //"userobm_nomade_perms"        => ,
                        //"userobm_nomade_enable"       => ,
                        //"userobm_nomade_local_copy"   => ,
                        //"userobm_email_nomade"        => ,
                        //"userobm_vacation_enable"     => ,
                        //"userobm_vacation_datebegin"  => ,
                        //"userobm_vacation_dateend"    => ,
                        //"userobm_vacation_message"    => ,
                        //"userobm_samba_perms"         => ,
                        //"userobm_samba_home"          => ,
                        //"userobm_samba_home_drive"    => ,
                        //"userobm_samba_logon_script"  => ,
                        // ---- Unused values ? ----
                        "userobm_ext_id"                => "HTTP_OBM_SERIALNUMBER",
                        //"userobm_system"              => ,
                        //"userobm_nomade_datebegin"    => ,
                        //"userobm_nomade_dateend"      => ,
                        //"userobm_location"            => ,
                        //"userobm_education"           => ,
                        ),
        );

Parameters:

Edit also OBM Apache configuration to enable LL::NG Handler: 

<VirtualHost *:80>
    ServerName obm.example.com
 
    # SSO protection
    PerlHeaderParserHandler My::Package
 
    DocumentRoot /usr/share/obm/php
 
    ...
 
</VirtualHost>

OBM Apache configuration must be loaded after LL::NG Apache configuration.

LL::NG

Attributes and macros

You will need to collect all attributes needed to create a user in OBM, this includes:

To add these attributes, go in Manager, Variables » Exported Variables.

If you plan to forward user's password to OBM, then you have to keep the password in session.

You may also create these macros to manage OBM administrator account (Variables » Macros):

field value
uidR ($uid =~ /^admin0/i)[0] ? "admin0\@global.virt" : $uid
mailR ($uid =~ /^admin0/i)[0] ? "" : ($mail =~ /^([^@]+)/)[0] . "\@example.com"

Virtual host

Create OBM virtual host (for example obm.example.com) in LL::NG configuration: Virtual Hosts » New virtual host.

Then edit rules and headers.

Rules

Define at least:

field value
^/logoutlogout_sso
^/obm-syncunprotect
^/minigunprotect
^/Microsoft-Server-ActiveSyncunprotect
^/caldavunprotect
defaultaccept (or whatever you want)
Headers

Define headers used in OBM mapping, for example:

field valeur
OBM_GIVENNAME$givenName
OBM_GROUPS$groups
OBM_UID$uidR
OBM_MAIL$mailR
OBM_USERPASSWORD$_password

Other

Do not forget to add OBM in applications menu.