UsePhpLDAPAdminForOps

Introduction

OPS uses a ldap backend. According to the ops ldap schema it already contains a group listing users (potential project members), a group for ops administrators, a group for projects etc. You can create and update projects using OPS Admin (see OpsAdminManual) but if you need to add new users (mailaccounts, organisations) you can follow the instructions below.

How to add/remove/change a user or company

This guide describes how to add persons, organizations and projects to the OPS system using phpLDAPAdmin.

• Log in to phpLDAPAdmin

• Add a user:
  • Go to your user group (example: ou=Users)
  • Select "Create new entry here"
  • Select "User Account(Posix Account)"
  • Fill in the form and press "Proceed"
  • Scroll to "ObjectClass" and select "add value"
  • Select "opsPerson" and press "Add new ObjectClass"
  • Add more information about this user:
    • Select "Add new attribute"
    • Select the attribute of your choice
    • Enter the value and press "Add"

• Add a mail account to a user:
  • Select the user
  • Scroll to ObjectClass and select "add value"
  • Select "CourierMailAccount" from the list
  • Fill in the mail address for the user
  • Click "Add new attribute"
  • Select "mailbox" and fill in the absolute path to the mailbox on the mailserver
  • Press "Add"

• Add an organisation:
  • Select your company group (Example: ou=Companies)
  • Select "Create new entry here"
  • Select "custom"
  • Select "opsOrganization" from the list
  • At "RDN:" type "o=organisation name"
  • Press "Proceed"
  • Fill in any additional information
  • Update information for a company: * Change the information * Press "Save Changes"
  • Add additional information: * Select "Add new attribute" * Select the attribute * Enter the value and press "Add"
  • Add project or employee link: * Click on "add value" at project or employee * Add the project name or employee(person) dn

Manually add project (deprecated, use OPS Admin instead)

If you add a project manually or manually add a member to the project, you will need to use the CreateACL tool to create a project mailfolder and grant all members access rights to this folder.

Project

• Add a project:
  • Select your project group (Example: ou=Projects)
  • Select "Create new entry here"
  • Select "custom"
  • Select "project" from the list
  • At "RDN:" type "name=project name" (A projectname may only contain characters, digits and spaces)
  • Press "Proceed"
  • Fill in a projectGuid
  • Fill in any additional information
  • Press "Create Object"
  • Add additional information to a project:
    • Press "Add new attribute"
    • Select the attribute
    • Fill in the value and press "Add"
  • Add member to a project:
    • Press "add attribute" at memberUid
    • Fill in the uid of a user
    • Press "Add"

CreateACL

After adding a project or changing a projects memberUid values this needs to be synced with the IMAP server, we have provided a tool which can do this, "CreateACL.class", this tool requires Java Runtime Environment 1.5. Make sure "imap.jar" is in the classpath, this can be done by adding the -classpath parameter. (Example: "java -classpath .;mail.jar SomeJavaApplication") To be able to connect over SSL Java needs the servers certificate, certificate authority. See OpsProject Webservice install instructions on how to import a certificate in a keystore.

Make sure you are using the Java install which has the keystore the certificate is in! When you have for example a Sun JSDK installed you can import certificates into it's main dir keystore or in the JRE's dir keystore.

CreateACL Usage: java CreateACL [uid] [password] [imap/ldap server address] [imap port] [ldap user group] [ldap project group]

Note: Use the uid and password of the project user account, which has access to all projects and the project IMAP account.

Example: java CreateACL project extermelysecret www.openprojectservices.org 143  ou=Users,dc=www,dc=openprojectservices,dc=org ou=Projects,dc=www,dc=openprojectservices,dc=org

-- BastiaanGrutters - 14 Oct 2005