This a plugin for LSC, using TMail REST API
The object of this plugin is to synchronize addresses aliases and users from one referential to a TMail server.
For example, it can be used to synchronize the aliases stored in the LDAP of an OBM instance to the TMail Server(s) of a TMail deployment.
Given the following LDAP entry:
dn: uid=rkowalsky,ou=users,dc=linagora.com,dc=lng
[...]
mail: [email protected]
mailAlias: [email protected]
mailAlias: [email protected]
This will be represented as the following TMail address alias:
$ curl -XGET http://ip:port/address/aliases/[email protected]
[
{"source":"[email protected]"},
{"source":"[email protected]"}
]
As addresses aliases in TMail are only created if there are some sources, an LDAP entry without mailAlias attribute won't be synchronized.
The pivot used for the synchronization in the LSC connector is the email address, here [email protected]
stored in the email
attribute.
The destination attribute for the LSC aliases connector is named sources
.
For example, it can be used to synchronize the users stored in the LDAP of an OBM instance to the TMail Server(s) of a TMail deployment.
Given the following LDAP entries:
dn: uid=james-user, ou=people, dc=james,dc=org
mail: [email protected]
[...]
dn: uid=james-user2, ou=people, dc=james,dc=org
mail: [email protected]
[...]
dn: uid=james-user3, ou=people, dc=james,dc=org
mail: [email protected]
[...]
This will be represented as the following TMail users:
$ curl -XGET http://ip:port/users
[
{"username":"[email protected]"},
{"username":"[email protected]"}
]
If LDAP entry with the mail
attribute exists but not synchronized, the user will be created with choose:
- Generating random password
- Synchronizing existing password
If LDAP entry has no mail
attribute corresponding, the user will be deleted.
Expected Result:
- [email protected] -> create
- [email protected] -> nothing happens
- [email protected] -> create
- [email protected] -> delete
$ curl -XGET http://ip:port/users
[
{"username":"[email protected]"},
{"username":"[email protected]"},
{"username":"[email protected]"}
]
The pivot used for the synchronization in LSC connector is email address. For this case, [email protected]
is stored in email
attribute.
For example, it can be used to synchronize the domain contact stored in a LDAP instance to the TMail Server(s) of a TMail deployment in order to empower auto-complete.
Given the following LDAP entries:
dn: uid=renecordier, ou=people, dc=james,dc=org
mail: [email protected]
givenName: Rene
sn: Cordier
[...]
dn: uid=tungtranvan, ou=people, dc=james,dc=org
mail: [email protected]
givenName: Tung
sn: Tran Van
[...]
This will be represented as the following TMail domain contacts:
$ curl -XGET http://ip:port/domains/contacts
["[email protected]", "[email protected]"]
Second contact ([email protected]) details:
$ curl -XGET http://ip:port/domains/james.org/contacts/tungtranvan
{
"id": "2",
"emailAddress": "[email protected]",
"firstname": "Tung",
"surname": "Tran Van"
}
LDAP entries's givenName
and sn
are Optional.
The pivot used for the synchronization in the LSC connector is the email address, here [email protected]
stored in the email
attribute.
The destination attributes for the LSC aliases connector are named firstname
and surname
.
For the domain synchronization, you can specify the wished domain list to be synchronized by specify the dedicated ENV variable with key DOMAIN_LIST_TO_SYNCHRONIZE
and DELIMITER ,
. The synchronization for other domain contacts will be ignored (no create, update, delete operation). For example: DOMAIN_LIST_TO_SYNCHRONIZE=james.org,linagora.com
.
If you omit this environment variable setting, all domains contact will be synchronized from LDAP.
For example, it can be used to synchronize the address mappings stored in the LDAP server to the TMail Server(s) of a TMail deployment.
Given the following LDAP entry:
dn: uid=rkowalsky,ou=users,dc=linagora.com,dc=lng
[...]
mail: [email protected]
otherMailbox: [email protected]
otherMailbox: [email protected]
This will be represented as the following TMail address mappings:
$ curl -XGET http://ip:port/mappings/user/[email protected]
[
{
"type": "Address",
"mapping": "[email protected]"
},
{
"type": "Address",
"mapping": "[email protected]"
}
]
Please notice that users need to be created in James before creating address mappings for those users.
The pivot used for the synchronization in the LSC connector is the email address, here [email protected]
stored in the email
attribute.
The destination attribute for the LSC address mappings connector is named addressMappings
.
- Update: If a user has some address mappings in James, but there are some address mappings in LDAP that do not exist yet for the user in James side, those address mappings would be created. If a user has some address mappings in James but do not exist in LDAP, be careful that those address mappings in James would be removed.
- Delete: If a user exists in James but does not exist in LDAP, then all of his address mappings on James should be removed.
For example, it can be used to provision default JMAP identity for users that leverages the names stored in an LDAP instance to the TMail Server(s) of a TMail deployment.
Given the following LDAP entries:
dn: uid=tungtranvan, ou=people, dc=james,dc=org
mail: [email protected]
givenName: Tung
sn: Tran Van
[...]
After running this identity synchronization job, a default identity will be created for the user:
$ curl -XGET http://ip:port/users/[email protected]/identities?default=true
[{
"name": "Tung Tran Van",
"email": "[email protected]",
"id": "4c039533-75b9-45db-becc-01fb0e747aa8",
"mayDelete": true,
"textSignature": "",
"htmlSignature": "",
"sortOrder": 0,
"bcc": [],
"replyTo": []
}]
The pivot used for the synchronization in the LSC connector is the email address, here [email protected]
that stored in the email
attribute.
The destination attributes for the LSC aliases connector are named firstname
and surname
.
For example, it can be used to synchronize the forwards stored in the LDAP server to the TMail Server(s) of a TMail deployment.
Given the following LDAP entry:
dn: uid=rkowalsky,ou=users,dc=linagora.com,dc=lng
[...]
mail: [email protected]
otherMailbox: [email protected]
otherMailbox: [email protected]
This will be represented as the following TMail address forwards:
$ curl -XGET http://ip:port/address/forwards/[email protected]
[
{"mailAddress":"[email protected]"}
]
Be default, local copy forwards from LDAP (e.g. [email protected]
in the above case) would not be synchronized.
To allow synchronizing local copy forwards, add
the following JVM property when run the LSC script: -Dallow.synchronize.local.copy.forwards=true
.
Setting this property to false
or omitting this property would not synchronize local copy forwards.
As addresses forwards in TMail are only created if there are some sources, an LDAP entry without otherMailbox
attribute won't be synchronized.
Please notice that users need to be created in James before creating forwards for those users.
The pivot used for the synchronization in the LSC connector is the email address, here [email protected]
stored in the email
attribute.
The destination attribute for the LSC forwards connector is named forwards
.
- Create: If a user has no forward in James, but has some forwards in LDAP, then those forwards would be created on James.
- Update: If a user has some forwards in James, but there are some forwards in LDAP that do not exist yet for the user in James side, those forwards would be created. Note that we would not remove the forwards that are in James but not in LDAP, because those forwards could be user created forwards via JMAP.
- Delete: If a user does not exist in LDAP, then all of his forwards on James would be removed.
For example, it can be used to synchronize the mail quota size stored in the LDAP server to the TMail Server(s) of a TMail deployment.
Given the following LDAP entry:
dn: uid=rkowalsky,ou=users,dc=linagora.com,dc=lng
[...]
mail: [email protected]
mailQuotaSize: 4000000000
This will be represented as the following TMail mail quota size:
$ curl -XGET http://ip:port/quota/users/[email protected]/size
4000000000
The mailQuotaSize
LDAP attribute will be used as source of truth for the synchronization.
Please notice that users need to be created in James before creating mail quota size for those users.
The pivot used for the synchronization in the LSC connector is the email address, here [email protected]
stored in the email
attribute.
The destination attribute for the LSC forwards connector is named mailQuotaSize
.
- Create: If a user has no mail quota size in TMail, but has mail quota size in LDAP, then it would be created on TMail.
- Update:
- If the admin changes a user's mail quota size on LDAP, the new mail quota size would be updated on TMail.
- If the admin unset a user's mail quota size on LDAP, the mail quota size would be removed on TMail.
- Delete: If a user does not exist in LDAP, then his mail quota size on James would be removed.
The plugin connection needs a JWT token to connect to TMail. To configure this JWT token, set the password
field of the plugin connection as the JWT token you want to use.
The url
field of the plugin connection must be set to the URL of TMail' webadmin.
The username
field of the plugin is ignored for now.
There is an example of configuration in the sample
directory. The lsc.xml
file describe a synchronization from an OBM LDAP to a TMail server.
The values to configure are:
-
connections.ldapConnection.url
: The URL to the LDAP of OBM -
connections.ldapConnection.username
: An LDAP user which is able to read the OBM aliases -
connections.ldapConnection.password
: The password of this user -
connections.pluginConnection.url
: The URL to the TMail Webadmin -
connections.pluginConnection.password
: the JWT token used to connect the TMail Webadmin, it must includes an admin claim. -
tasks.task.ldapSourceService.baseDn
: The search base of the users to synchronize.
The domains used in the aliases must have been previously created in TMail. Otherwise, if a user have a single alias pointing to an unknown domain, none of her aliases will be added.
For the domain synchronization, you can specify the wished domain list to be synchronized by specify the dedicated ENV variable with key DOMAIN_LIST_TO_SYNCHRONIZE
and DELIMITER ,
. The synchronization for other domain contacts will be ignored (no create, update, delete operation). For example: DOMAIN_LIST_TO_SYNCHRONIZE=linagora.com
or DOMAIN_LIST_TO_SYNCHRONIZE=lists.linagora.com
.
If you omit this environment variable setting, all domains contact will be synchronized from LDAP.
The jar of the TMail LSC plugin (target/lsc-tmail-plugin-1.0-distribution.jar
) must be copied in the lib
directory of your LSC installation.
Then you can launch it with the following command line:
JAVA_OPTS="-DLSC.PLUGINS.PACKAGEPATH=org.lsc.plugins.connectors.james.generated" bin/lsc --config /home/rkowalski/Documents/lsc-james-plugin/sample/ldap-to-james/ --synchronize all --clean all --threads 1
If don't want to delete dangling data, run this command without --clean all
parameter.
We provide autonomously Docker image building thanks to Maven plugins. You need to run mvn clean install
to build the image linagora/tmail-lsc:latest
.
To use this image, please mount the appropriate LSC configuration files to container's /opt/lsc/conf
directory.
E.g:
docker run -it -v ${PWD}/sample/ldap-to-tmail-contact/logback.xml:/opt/lsc/conf/logback.xml -v ${PWD}/sample/ldap-to-tmail-contact/lsc.xml:/opt/lsc/conf/lsc.xml linagora/tmail-lsc:latest
Then run this command inside the container to run synchronization tasks:
JAVA_OPTS=$JAVA_OPTS ./lsc --config $CONF_DIR --synchronize all --clean all --threads 1
If don't want to delete dangling data on TMail, either turn the delete operation in lsc.xml
to false
or run the above command without --clean all
parameter.