tag:blogger.com,1999:blog-35338008693828585762024-03-05T03:07:36.017-08:00GOsa / GOnicus System AdministrationIntegration with Postfix MTA, Courier IMAP/POP3, Maildrop, Gnarwl, Cyrus SASL and Openssl, implementing Openldap Replication and the best practices for configuring this software tools in Enterprise environments.Julian Rioshttp://www.blogger.com/profile/17448402980560105221noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-3533800869382858576.post-29238440487323931222007-03-28T15:02:00.000-07:002008-12-12T15:52:55.334-08:00GOsa2 - Perfect Integration<span style="font-size:85%;"><span style="font-weight: bold;font-family:arial;" >Implementing GOsa2<br />OS Probed: </span><span style="font-family:arial;">Red Hat EL4/EL5 - Fedora Core 5/6/7 and CentOS 4.4/5</span><span style="font-weight: bold;font-family:arial;" > </span><br /></span><span style="font-size:85%;"><span style="font-weight: bold;font-family:arial;" >Document version: </span><span style="font-family:arial;">0.5</span><span style="font-weight: bold;font-family:arial;" > </span><br /><br /></span><span style="font-size:85%;"><span style="font-family:arial;"> - Integration with: Mail Server: Postfix, Courier-IMAP, Maildrop, GNARWL, Cyrus-SASL, OpenSSL</span><br /><span style="font-family:arial;"> - Redundancy: OpenLDAP Master/Slave replication</span><br /><span style="font-family:arial;"> - Install methods: yum install, up2date -i</span><br /><span style="font-family:arial;"> - GOsa2 release: 2.5.9-1</span><br /><span style="font-family:arial;"> - Customizations: New LDAP schema that separate mail home from unix home<br /><br /></span></span><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4OYvnBY6TBOh7hJKUew1Yx28ytkeOpCnizZS8hkJD66rezBbBt70tpvBnKnljynyTT7lJH1T7gJGPSGjXz9RLWdD8bjx0q_AWLVKXGh4vPg_l3_Bu4Y9m8XyUk2eJdmZTb1v5wbNgloU/s1600-h/gosa01.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4OYvnBY6TBOh7hJKUew1Yx28ytkeOpCnizZS8hkJD66rezBbBt70tpvBnKnljynyTT7lJH1T7gJGPSGjXz9RLWdD8bjx0q_AWLVKXGh4vPg_l3_Bu4Y9m8XyUk2eJdmZTb1v5wbNgloU/s320/gosa01.jpg" alt="" id="BLOGGER_PHOTO_ID_5047140928090560770" border="0" /></a><span style="font-size:85%;"><span style="font-weight: bold;font-family:arial;" >Capabilities<br /><br /></span><span style="font-family:arial;">- Courier IMAP, the best POP3/IMAP4 Software System<br />- OpenSSL, for securing all connections via TLS<br />- Postfix, the best and flexible MTA in the world<br />- OpenLDAP, centralized information<br />- Maildrop, the best MDA that manage Quotas in LDAP<br />- GNARWL, the best software for vacations stored in LDAP<br />- Cyrus SASL, for autenticate users to use SMTP<br />- OpenLDAP Replication, the best way for high availability<br />- GOsa2, the best LDAP Administrator software</span><span style="font-family:arial;"><span style="font-weight: bold;"><br /><br /><br /><br />Autor</span><br />Julian Rios<br />jrios@sapian.org<br />Sapian S.A, Medellin-Colombia</span><br /><br /><span style="font-weight: bold;font-family:arial;" >INDEX</span><br /><br /><span style="font-family:arial;"> 1. Processes flow<br />2. Installing GOsa2</span><br /><span style="font-family:arial;"> 3. Installing Mail Server</span><br /><span style="font-family:arial;"> 4. Replicating OpenLDAP</span><span style="font-family:arial;"><br /><br /></span></span><span style="font-size:85%;"><span style="font-weight: bold;font-family:arial;" >NOTES<br /><br /></span><span style="font-family:arial;">a. In</span><span style="font-family:arial;"> this guide "jrios.com.co" is the domain<br />b. mail.jrios.com.co is the MX for mail<br />c. The guide not have a detailed description of the steps. The "blog method" of this page is intended for resolve questios about steps. Example comment: "In part 2, step 22, how to fork_vacation.sh script works ?"<br /></span></span><span style="font-size:85%;"><br /></span><span style="font-size:85%;"><span style="font-weight: bold;font-family:arial;font-size:180%;" >PROCESSES FLOW</span></span><br /><span style="font-size:85%;"><br /></span><span style="font-size:85%;"><span style="font-family:arial;"><span style="font-weight: bold;font-family:arial;font-size:130%;" >1.</span><span style="font-size:130%;"> </span>Receiving Mail<br /><br /></span></span><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoFNc2wn1hUR7aR-QLDcW8IpVTf1uXtnPv7Yj6T9akEgl5et4FSyw2i6pTVplqYnvBYb-9wkeD8raoUj6Xu0TkQJaTYDasZnz36QhMD0B92FLmf2mERQRFJ_Fya0aaKlhqHI4RFbLWgWE/s1600-h/gosa_sendmail.jpeg"><img style="cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoFNc2wn1hUR7aR-QLDcW8IpVTf1uXtnPv7Yj6T9akEgl5et4FSyw2i6pTVplqYnvBYb-9wkeD8raoUj6Xu0TkQJaTYDasZnz36QhMD0B92FLmf2mERQRFJ_Fya0aaKlhqHI4RFbLWgWE/s400/gosa_sendmail.jpeg" alt="" id="BLOGGER_PHOTO_ID_5047332389142681970" border="0" /></a><br /><br /><span style="font-size:85%;"><span style="font-family:arial;"><span style="font-weight: bold;font-family:arial;font-size:130%;" >2.</span><span style="font-size:130%;"> </span>Reading and Sending Mail<br /></span></span><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWxGUNVKhkGSxYSCeulkZ-TpP5-YYuJ9XBo1x4gnq5mRZRcZqc83FZ63M4H8dKekR7qpZsJdjEktw4tjxDfDm__lQT0iQ6DouOQGP18w6yI09x3Py64vbsyalgPsDfhL-A6X4xsqAwIgs/s1600-h/gosa_reading.jpeg"><img style="cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWxGUNVKhkGSxYSCeulkZ-TpP5-YYuJ9XBo1x4gnq5mRZRcZqc83FZ63M4H8dKekR7qpZsJdjEktw4tjxDfDm__lQT0iQ6DouOQGP18w6yI09x3Py64vbsyalgPsDfhL-A6X4xsqAwIgs/s320/gosa_reading.jpeg" alt="" id="BLOGGER_PHOTO_ID_5047331628933470546" border="0" /></a><br /><span style="font-size:85%;"><br /></span><span style="font-size:85%;"><span style="font-family:arial;"><span style="font-weight: bold;font-family:arial;font-size:130%;" >3.</span><span style="font-size:130%;"> </span>LDAP Administration with GOsa<br /><br /></span></span><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgR0wyAEmCWUbdvXjpr05fVXpfSCAJhOMliVWXgeWS1BbGUtDoyXFBpQaDFL0llZZlqqfhiAO2e1CnRxIxiaENAz1JuB2CzIUNsfOb1WdPu_CIZUNyF0WELR0s8cgfzrnvJ7s3V48EzKtc/s1600-h/gosa_ldap.jpeg"><img style="cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgR0wyAEmCWUbdvXjpr05fVXpfSCAJhOMliVWXgeWS1BbGUtDoyXFBpQaDFL0llZZlqqfhiAO2e1CnRxIxiaENAz1JuB2CzIUNsfOb1WdPu_CIZUNyF0WELR0s8cgfzrnvJ7s3V48EzKtc/s320/gosa_ldap.jpeg" alt="" id="BLOGGER_PHOTO_ID_5047334966123059586" border="0" /></a><br /><span style="font-size:85%;"><br /><span style="font-weight: bold;font-family:arial;font-size:180%;" >STEPS FOR INSTALL GOsa2</span><span style="font-size:180%;"><br /></span><br /></span><span style="font-size:85%;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;">This steps describe in form "kitchen prescription" how to install the GOsa2 package.</span></span></span></span></span></span></span></span></span><br /><span style="font-size:85%;"><br /><span style="font-family:arial;"><span style="font-weight: bold;font-family:arial;font-size:130%;" >1.</span><span style="font-size:130%;"> </span>Install OpenLDAP</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # yum install openldap openldap-clients openldap-servers</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >2.</span> Download from GOsa2 site all the RPM Packages for Red Hat Distribution. The FTP URL is: <a href="ftp://oss.gonicus.de/pub/gosa/redhat">ftp://oss.gonicus.de/pub/gosa/redhat</a></span><br /><span style="font-family:arial;"><br /><span style="font-size:130%;"><span style="font-weight: bold;">3.</span></span> Install GOsa2 Package Prerequisites</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # rpm -ivh perl-TimeDate-1.16-1.noarch.rpm</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # rpm -ivh perl-MIME-Types-1.16-1.noarch.rpm</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # rpm -ivh perl-MailTools-1.74-1.noarch.rpm</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # rpm -ivh perl-MIME-Lite-3.01_05-1.noarch.rpm</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # rpm -ivh perl-Crypt-SmbHash-0.02-1.noarch.rpm</span><br /><br /><span style="font-family:arial;"><span style="font-size:130%;"><span style="font-weight: bold;">4.</span></span> Install OS Package Prerequisites</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # yum install httpd</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # yum install php-snmp</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # yum install php-mysql</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # yum install php-mbstring</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # yum install php-imap</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # yum install perl-ldap</span><br /><span style="font-family:arial;"> </span><br /><span style="font-family:arial;"><span style="font-size:130%;"><span style="font-weight: bold;">5.</span></span> Install GOsa2 Package</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # rpm -ivh gosa-2.5.9-1.noarch.rpm</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >6.</span> Install GOsa2 Schemas</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # rpm -ivh gosa-schema-2.5.9-1.noarch.rpm</span><br /><span style="font-family:arial;"><br />Download <a href="http://rapidshare.com/files/23342008/gosa_custom.schema"><span style="text-decoration: underline;">gosa_custom.schema</span></a> or copy from quote:<br /><br />-----<br /><span style="color: rgb(0, 153, 0);">#$Id: authldap.schema,v 1.8 2005/03/20 19:10:30 mrsam Exp $</span><br /><span style="color: rgb(0, 153, 0);">#</span><br /><span style="color: rgb(0, 153, 0);"># OID prefix: 1.3.6.1.4.1.25981</span><br /><span style="color: rgb(0, 153, 0);">#</span><br /><span style="color: rgb(0, 153, 0);"># Attributes: 1.3.6.1.4.1.25981.1.1</span><br /><span style="color: rgb(0, 153, 0);">#</span><br /><span style="color: rgb(0, 153, 0);"># Depends on: gosa.schema and cosine.schema</span><br /><br /><span style="color: rgb(0, 153, 0);">attributetype ( 1.3.6.1.4.1.25981.1.1.1 NAME 'gosaMailHome'</span><br /><span style="color: rgb(0, 153, 0);">DESC 'The absolute path to the mail message stor directory in a virtual mail setup.'</span><br /><span style="color: rgb(0, 153, 0);">EQUALITY caseExactIA5Match</span><br /><span style="color: rgb(0, 153, 0);">SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )</span><br /><br /><span style="color: rgb(0, 153, 0);">#</span><br /><span style="color: rgb(0, 153, 0);"># Objects: 1.3.6.1.4.1.25981.1.2</span><br /><span style="color: rgb(0, 153, 0);">#</span><br /><br /><span style="color: rgb(0, 153, 0);">objectclass ( 1.3.6.1.4.1.25981.1.2.1 NAME 'gosaVirtualMailAccount' SUP top AUXILIARY</span><span style="color: rgb(0, 153, 0);"><br />DESC 'Objectclass to mark Virtual MailAccounts for GOsa (v2.4)'</span><br /><span style="color: rgb(0, 153, 0);">MAY ( gosaMailHome ) )</span><br />-----<br /><br />The file gosa_custom.schema define new attribute called gosaMailHome for separate the home of</span><span style="font-family:arial;"> Unix accounts from Mail user homes. This personalized schema must be placed in /etc/openldap/schema/gosa:</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # cp gosa_custom.schema /etc/openldap/schema/gosa </span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >7.</span> Installing English web documentation</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # rpm -ivh gosa-help-en-2.5.9-1.noarch.rpm</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > </span><br /><span style="font-family:arial;"><span style="font-size:130%;"><span style="font-weight: bold;">8.</span></span> OpenLDAP /etc/openldap/slapd.conf file</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > pidfile /var/run/openldap/slapd.pid</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > argsfile /var/run/openldap/slapd.args</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > include /etc/openldap/schema/core.schema</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > include /etc/openldap/schema/cosine.schema</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > include /etc/openldap/schema/inetorgperson.schema</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > include /etc/openldap/schema/nis.schema</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > include /etc/openldap/schema/gosa/samba3.schema</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > include /etc/openldap/schema/gosa/pureftpd.schema</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > include /etc/openldap/schema/gosa/gofon.schema</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > include /etc/openldap/schema/gosa/gosystem.schema</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > include /etc/openldap/schema/gosa/goto.schema</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > include /etc/openldap/schema/gosa/gosa+samba3.schema</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > include /etc/openldap/schema/gosa/gofax.schema</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > include /etc/openldap/schema/gosa/goserver.schema</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > include /etc/openldap/schema/gosa/goto-mime.schema</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > include /etc/openldap/schema/gosa/gosa_custom.schema</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > schemacheck on</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > allow bind_v2</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > database bdb</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > directory /var/lib/ldap</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > loglevel 256</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > lastmod on</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > suffix "dc=jrios,dc=com,dc=co"</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > rootdn "cn=admin,dc=jrios,dc=com,dc=co"</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > rootpw {MD5}RQoN6pXDXTICFTcKo+wYwQ==</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > index uid,mail eq</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > index gosaMailAlternateAddress,gosaMailForwardingAddress eq</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > index cn,sn,givenName,ou pres,eq,sub</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > index objectClass pres,eq</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > index uidNumber,gidNumber,memberuid eq</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > index gosaSubtreeACL,gosaObject,gosaUser pres,eq</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > index sambaSID eq</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > index sambaPrimaryGroupSID eq</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > index sambaDomainName eq</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > access to *</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > by * read</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > TLSCertificateFile /etc/pki/tls/certs/slapd.pem</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > cachesize 100000</span><br /><br /><span style="font-family:arial;"><span style="font-size:130%;"><span style="font-weight: bold;">9.</span></span> Change the rootpw password in slapd.conf file</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # slappasswd -h {MD5}</span><br /><br /><span style="font-family:arial;"> Put the result string in file</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >10.</span> TLS Certificate for OpenLDAP</span><br /><br /><span style="font-family:arial;"> Depending of the distribution, the .pem and .crt files are in other path. Search them with:</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # find / -name 'slapd.pem'</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # find / -name 'ca-bundle.crt'</span><br /><br /><span style="font-family:arial;"> And change the path in slapd.conf file</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >11.</span> Enable OpenLDAP logs from /etc/syslog.conf</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > local4.* /var/log/ldap</span><br /><span style="font-family:arial;"> </span><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >12.</span> Restart syslog service</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # service syslog restart</span><br /><br /><span style="font-family:arial;"><span style="font-size:130%;"><span style="font-weight: bold;">13. </span></span>Start OpenLDAP now</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # service ldap start</span><br /><br /><span style="font-family:arial;"><span style="font-size:130%;"><span style="font-weight: bold;">14.</span></span> Create initial.ldif file for insert base information to OpenLDAP</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > dn: dc=jrios,dc=com,dc=co</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > dc: jrios</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > objectClass: top</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > objectClass: domain</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > dn: ou=groups,dc=jrios,dc=com,dc=co</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > objectClass: organizationalUnit</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > ou: groups</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > dn: ou=people,dc=jrios,dc=com,dc=co</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > objectClass: organizationalUnit</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > ou: people</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > dn: cn=admin,ou=people,dc=jrios,dc=com,dc=co</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > objectClass: person</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > objectClass: organizationalPerson</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > objectClass: inetOrgPerson</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > objectClass: gosaAccount</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > uid: admin</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > cn: admin</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > givenName: admin</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > sn: GOsa Main Administrator</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > sambaLMPassword: 10974C6EFC0AEE1917306D272A9441BB</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > sambaNTPassword: 38F3951141D0F71A039CFA9D1EC06378</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > userPassword:: dGVzdGVy</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > dn: cn=administrators,ou=groups,dc=jrios,dc=com,dc=co</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > objectClass: gosaObject</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > objectClass: posixGroup</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > gosaSubtreeACL: :all</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > cn: administrators</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > gidNumber: 999</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > memberUid: admin</span><br /><span style="color: rgb(51, 204, 0);font-family:arial;" > </span><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >15.</span> Add initial.ldif information to OpenLDAP</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # ldapadd -x -D "cn=admin,dc=jrios,dc=com,dc=co" -h localhost -W -f initial.ldif -v</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >16. </span>Edit /etc/php.ini file and modify values for</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > session.gc_maxlifetime = 100000</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > memory_limit = 100M</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >17.</span> Start web server</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # service httpd start</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >18.</span> Setup GOsa2 from web interface</span><br /><br /><span style="font-family:arial;"> a. Point your browser to http://localhost/gosa. Click Continue button, ignoring this:</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > checking for mhash module</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > checking for cups module</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > checking for kadm5 module </span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > </span><br /><span style="font-family:arial;"> b. Click Continue button, ignoring this:</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Checking for fping utility</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > php.ini check -> magic_quotes_gpc</span><br /><br /><span style="font-family:arial;"> c. Set URI, and click Continue button:</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > ldap://localhost:389</span><br /><br /><span style="font-family:arial;"> d. Complete the form and click Continue Button:</span><br /><span style="font-family:arial;"> </span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Location Name: Corporation</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Admin DN: cn=admin,dc=jrios,dc=com,dc=co</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Admin password: *****</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Base: dc=jrios,dc=com,dc=co</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > People storage ou: ou=people</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > People dn attribute: uid</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Group storage ou: ou=groups</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > ID base for users/groups: 1000</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Encryption algorithm: md5</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Mail method: disable</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Display PHP errors: true</span><br /><br /><span style="font-family:arial;"> e. Click Download configuration Button and save gosa.conf in a local folder </span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >19.</span> Copy file gosa.conf to /etc/gosa directory and apply permissions</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # chown root.apache /etc/gosa/gosa.conf</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # chmod 640 /etc/gosa/gosa.conf</span><br /><br /><span style="font-family:arial;"><span style="font-size:130%;"><span style="font-weight: bold;">20.</span></span> Click Retry Button</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >21.</span> Login to web interface of Gosa with admin account:</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Login: admin</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Password: tester</span><br /><br /><span style="font-family:arial;"> NOTE: The user admin for gosa is diferent from admin for LDAP !</span><span style="font-family:arial;">, In this case, the password for admin is "tester". This user admin have a following dn:</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > cn=admin,ou=people,dc=jrios,dc=com,dc=co</span><br /><br /><span style="font-family:arial;"> This password "tester" come from initial.ldif file.</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >22.</span> Configuring GOsa. File /etc/gosa/gosa.conf </span><br /><br /><span style="font-family:arial;"> In this case, we are using GOsa only for this proposal:</span><br /><br /><span style="font-family:arial;"> a. Manage Mail and user Accounts</span><span style="font-family:arial;"></span><br /><br /><span style="font-family:arial;"> In this file, we need deactivate all other options, plugins, etc. Section need look like this: </span><br /><span style="font-family:arial;"><plugin acl="default" class="user" icon="personal.png"><span style="font-family:arial;"><plugin acl="default" class="posixAccount" icon="posix.png"><span style="font-family:arial;"><plugin acl="default" class="mailAccount" icon="email.png"><span style="font-family:arial;"><plugin acl="default" class="sambaAccount" icon="samba.png"><span style="font-family:arial;"><plugin acl="default" class="connectivity" icon="proxy.png"><span style="color: rgb(255, 0, 0);font-family:courier new;font-size:85%;" ><br /><span style="color: rgb(0, 153, 0);font-family:arial;" >section name="My account"</span></span><span style="color: rgb(0, 153, 0);font-family:courier new;font-size:85%;" ><br /><br /><span style="font-family:arial;">plugin acl="default" class="user" icon="personal.png"</span></span><span style="color: rgb(0, 153, 0);font-family:courier new;font-size:85%;" ><br /><span style="font-family:arial;">path="plugins/personal/generic"</span></span><span style="color: rgb(0, 153, 0);font-family:courier new;font-size:85%;" ><br /><br /><span style="font-family:arial;">plugin acl="default" class="mailAccount" icon="email.png"</span></span><span style="color: rgb(0, 153, 0);font-family:courier new;font-size:85%;" ><br /><span style="font-family:arial;">Path="plugins/personal/mail" </span></span><span style="color: rgb(0, 153, 0);font-family:courier new;font-size:85%;" ><br /><br /><span style="font-family:arial;">plugin acl="default" class="password" icon="password.png"</span></span><span style="color: rgb(0, 153, 0);font-family:courier new;font-size:85%;" ><br /><span style="font-family:arial;">path="plugins/personal/password"</span></span><span style="color: rgb(0, 153, 0);font-family:courier new;font-size:85%;" ><br /><br /><span style="font-family:arial;">section</span></span><br /><br /><span style="font-family:arial;"> In the section Administration, we need delete plugins: oGroupManagement, applicationManagement, FAIclass, blocklists,</span><span style="font-family:arial;"> goFonMacro and conference. Finally, need look like this:</span><br /><span style="font-family:arial;"><plugin acl="user" class="userManagement" icon="user.png"><span style="font-family:arial;"><plugin acl="group" class="groupManagement" icon="group.png"><span style="font-family:arial;"><plugin acl="department" class="departmentManagement" icon="department.png"><span style="font-family:arial;"><plugin acl="application" class="applicationManagement"><br /><span style="color: rgb(0, 153, 0);">section name="Administration"</span><br /><span style="color: rgb(0, 153, 0);"><br />plugin acl="user" class="userManagement" icon="user.png"</span><br /><span style="color: rgb(0, 153, 0);">path="plugins/admin/users"</span><br /><span style="color: rgb(0, 153, 0);"> </span><br /><span style="color: rgb(0, 153, 0);">plugin acl="group" class="groupManagement" icon="group.png"</span><br /><span style="color: rgb(0, 153, 0);">path="plugins/admin/groups"</span><br /><span style="color: rgb(0, 153, 0);"> </span><br /><span style="color: rgb(0, 153, 0);">plugin acl="department" class="departmentManagement" icon="department.png"</span><br /><span style="color: rgb(0, 153, 0);">path="plugins/admin/departments"</span><br /><span style="color: rgb(0, 153, 0);"> </span><br /><span style="color: rgb(0, 153, 0);">plugin acl="application" class="applicationManagement"</span><br /><span style="color: rgb(0, 153, 0);">icon="application.png" path="plugins/admin/applications"</span><br /><span style="color: rgb(0, 153, 0);"> </span><br /><span style="color: rgb(0, 153, 0);">plugin acl="systems" class="systems" icon="system.png"</span><br /><span style="color: rgb(0, 153, 0);">path="plugins/admin/systems"</span><br /><span style="color: rgb(0, 153, 0);"><br />section</span><br /><br />In the Addons section, we only need addressbook and ldapmanager. This are good utilities:<br /><br /><section name="Addons"></section><span style="color: rgb(0, 153, 0);">section name="Addons"</span><br /><span style="color: rgb(0, 153, 0);"><br />plugin acl="addressbook" class="addressbook" icon="addressbook.png"</span><br /><span style="color: rgb(0, 153, 0);">path="plugins/addons/addressbook"</span><br /><span style="color: rgb(0, 153, 0);">plugin acl="ldapmanager" class="ldif" icon="ldif.png"</span><br /><span style="color: rgb(0, 153, 0);">path="plugins/addons/ldapmanager"</span><br /><span style="color: rgb(0, 153, 0);"><br />section</span><br /><br /><plugin acl="addressbook" class="addressbook" icon="addressbook.png">In usertabs section we only need:<br /><br /><usertabs></usertabs><span style="color: rgb(0, 153, 0);"> usertabs</span><br /><span style="color: rgb(0, 153, 0);"><br />tab class="user" name="Generic"</span><br /><span style="color: rgb(0, 153, 0);">tab class="mailAccount" name="Mail"</span><br /><span style="color: rgb(0, 153, 0);">postcreate="/usr/bin/sudo /etc/gosa/createmail.sh %uid ;</span><br /><span style="color: rgb(0, 153, 0);">/usr/bin/sudo /etc/gosa/createhome.sh %uid"</span><br /><span style="color: rgb(0, 153, 0);"><br />usertabs</span><br /><br />Note that "postcreate" call two scripts, one for create mail home directory and one for insert the necesary attributes in LDAP for manage this homes directories.<br /><br />In grouptabs section we only need:<br /><br /><grouptabs></grouptabs><span style="color: rgb(0, 153, 0);">grouptabs</span><br /><span style="color: rgb(0, 153, 0);"><br />tab class="group" name="Generic"</span><br /><span style="color: rgb(0, 153, 0);">tab class="acl" name="ACL"</span><br /><span style="color: rgb(0, 153, 0);"><br />grouptabs</span><br /><span style="color: rgb(51, 204, 0);"> <tab class="group" name="Generic"></tab></span></plugin></plugin></span><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >23.</span> Restart services and configure the automatic start</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # service httpd restart</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # service ldap restart</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # chkconfig --level 345 httpd on</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # chkconfig --level 345 ldap on</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >24.</span> Create postscript file /etc/gosa/createmail.sh. This script create the homes for the mail users.</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > #!/bin/bash</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > /usr/bin/sudo mkdir /var/vmail/$1</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > /usr/bin/sudo /usr/lib/courier-imap/bin/maildirmake /var/vmail/$1/Maildir</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > /usr/bin/sudo /bin/chown -R vmail.vmail /var/vmail/$1</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > /usr/bin/sudo /bin/chmod -R 2770 /var/vmail/$1</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >25.</span> Create postscript file /etc/gosa/createhome.sh. This script create the mail home attribute for the mail users.</span><br /><span style="font-family:arial;"> Attention to password !</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > #!/bin/bash</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > LDAPDN=`ldapsearch -h localhost -x -b "dc=jrios,dc=com,dc=co"\</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > -D "cn=admin,dc=jrios,dc=com,dc=co" -w jrios "(uid=$1)" | grep dn`</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > (</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > echo ""</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > echo "$LDAPDN"</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > echo "changetype: modify"</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > echo "add: objectClass"</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > echo "objectClass: gosaVirtualMailAccount"</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > echo ""</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > echo "$LDAPDN"</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > echo "changetype: modify"</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > echo "add: gosaMailHome"</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > echo "gosaMailHome: /var/vmail/$1"</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > ) | ldapmodify -a -x -D "cn=admin,dc=jrios,dc=com,dc=co" -w jrios -h localhost -v</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >26.</span> Adjust permissions to postcreate scripts</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # chmod a+x /etc/gosa/createhome.sh</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # chmod a+x /etc/gosa/createmail.sh</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >27.</span> Enable apache sudoer for execute this scripts. In file /etc/sudoers:</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > apache ALL=(ALL) NOPASSWD: /etc/gosa/createhome.sh, /etc/gosa/createmail.sh</span><br /><br /><span style="font-family:arial;"> Also, if the line "Defaults requiretty" is set, we need comment them ! </span><br /><br /><span style="font-weight: bold;font-family:arial;font-size:180%;" >STEPS FOR INSTALL MAIL SERVER</span><span style="font-weight: bold;font-size:130%;" ><br /></span><br />This steps describe in form "kitchen prescription" how to install a powerful email system.</plugin></span></plugin></span></plugin></span></plugin></span></plugin></span></plugin></span></plugin></span></plugin></span></span><span style="font-size:85%;"><span style="font-family:arial;"><plugin acl="default" class="user" icon="personal.png"><span style="font-family:arial;"><plugin acl="default" class="posixAccount" icon="posix.png"><span style="font-family:arial;"><plugin acl="default" class="mailAccount" icon="email.png"><span style="font-family:arial;"><plugin acl="default" class="sambaAccount" icon="samba.png"><span style="font-family:arial;"><plugin acl="default" class="connectivity" icon="proxy.png"><span style="font-family:arial;"><plugin acl="user" class="userManagement" icon="user.png"><span style="font-family:arial;"><plugin acl="group" class="groupManagement" icon="group.png"><span style="font-family:arial;"><plugin acl="department" class="departmentManagement" icon="department.png"><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >1.</span> Create user vmail</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # groupadd -g 5000 vmail</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # useradd -m -d /var/vmail -g 5000 -u 5000 vmail</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # chmod 2775 /var/vmail</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >2.</span> Installing Postfix MTA, and disabling sendmail</span><br /><span style="font-family:arial;"> </span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # service sendmail stop</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # rpm -e sendmail-cf</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # rpm -e sendmail</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # chkconfig --level 345 sendmail off</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # yum install postfix*</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >3.</span> Installing OS prerequisites for compiling Courier Packages</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # yum install mysql-devel </span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # yum install openldap-devel</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # yum install postgresql-devel </span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # yum install gcc-c++</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # yum install gdbm-devel</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # yum install pam-devel</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # yum install expect</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # yum install libtool-ltdl*</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # yum install pcre*</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >4.</span> Download Courier Packages (IMAP, Authlib and Maildrop)</span><br /><br /><span style="font-family:arial;"> Point your browser to www.courier-mta.org and download files named:</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > a. courier-authlib-0.59.1.tar.bz2</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > b. courier-imap-4.1.2.tar.bz2</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > c. maildrop-2.0.3.tar.bz2</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >5.</span> With an unprivileged user do:</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > $ cd</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > $ mkdir -m 755 rpm</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > $ mkdir -m 755 rpm/BUILD</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > $ mkdir -m 755 rpm/RPMS</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > $ mkdir -m 755 rpm/SOURCES</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > $ mkdir -m 755 rpm/SPECS</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > $ mkdir -m 755 rpm/SRPMS </span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >6.</span> Create .rpmmacros file:</span><br /><br /><span style="font-family:arial;"> $ vi .rpmmacros</span><br /><span style="font-family:arial;"> </span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > %_topdir /home/jrios/rpm</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" ><span style="color: rgb(0, 153, 0);"> %packager Sapian </span><jrios@sapian.org></jrios@sapian.org></span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >7.</span> Build Courier Authlib package </span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > $ rpmbuild -ta courier-authlib-0.59.1.tar.bz2</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >8.</span> Install Courier Authlib now</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > $ cd ~/rpm/RPMS/i386</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > $ su root</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # rpm -ivh courier-authlib-0.59.1-1.fc6.i386.rpm</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # rpm -ivh courier-authlib-devel-0.59.1-1.fc6.i386.rpm</span><br /><br /><span style="font-family:arial;"><span style="font-size:130%;"><span style="font-weight: bold;">9.</span></span> Preparing compilation of Courier IMAP</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > $ cd</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > $ tar tvjf courier-imap-4.1.2.tar.bz2 | grep spec</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > $ tar xvjf courier-imap-4.1.2.tar.bz2 courier-imap-4.1.2/courier-imap.spec</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > $ mv courier-imap-4.1.2/courier-imap.spec rpm/SPECS/</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > $ rmdir courier-imap-4.1.2</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > $ mv courier-imap-4.1.2.tar.bz2 rpm/SOURCES/</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >10.</span> Modifying /home/jrios/rpm/SPECS/courier-imap.spec file</span><br /><br /><span style="font-family:arial;"> Replace this:</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > %if %suse_version</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > BuildPreReq: rpm >= 3.0.5 /usr/bin/sed openldap2 openldap2-devel %([ %</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > {suse_version} -gt 819 ] && echo fam-devel)</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > %else</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > BuildPreReq: rpm >= 4.0.2 sed fam-devel openldap-devel openldap-servers</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > %endif </span><br /><br /><span style="font-family:arial;"> For this:</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > %if %suse_version</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > BuildPreReq: rpm >= 3.0.5 /usr/bin/sed openldap2 openldap2-devel</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > %else</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > BuildPreReq: rpm >= 4.0.2 sed openldap-devel openldap-servers</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > %endif</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >11.</span> Build Courier IMAP</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > $ rpmbuild -ba ~/rpm/SPECS/courier-imap.spec </span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >12.</span> Install complete Courier IMAP now</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # rpm -ivh rpm/RPMS/i386/courier-authlib-ldap-0.59.1-1.fc6.i386.rpm</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # rpm -ivh rpm/RPMS/i386/courier-imap-4.1.2-1.6.i386.rpm</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >13.</span> Compile Maildrop MDA</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # tar xjvf maildrop-2.0.3.tar.bz2</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # cd maildrop-2.0.3</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # ./configure --enable-maildirquota --enable-maildrop-uid=5000 --enable-maildrop-gid=5000 -enable-authlib</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # make</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # make install</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # chown root /usr/local/bin/maildrop</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # chmod u+s /usr/local/bin/maildrop</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # chmod a+rx /var/spool/authdaemon/</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >14.</span> Download GNARWL software</span><br /><br /><span style="font-family:arial;"> Point your web browser at http://www.home.unix-ag.org/patrick/index.php?gnarwl and download package</span><span style="font-family:arial;"> named gnarwl-3.3.tgz</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >15.</span> Compile GNARWL for LDAP vacations</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # tar xzvf gnarwl-3.3.tgz</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # cd gnarwl-3.3</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # ./configure</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # make</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # make install</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # make perm</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >16.</span> Install Cyrus-SASL</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # yum install cyrus-sasl*</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >17.</span> Adjust File /usr/local/etc/gnarwl.conf</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > map_sender $sender</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > map_receiver $recepient</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > map_subject $subject</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > map_field $fullname cn</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > map_field $deputy mail</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > server localhost</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > port 389</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > scope sub</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > login cn=admin,dc=jrios,dc=com,dc=co</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > password jrios</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > protocol 3</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > base dc=jrios,dc=com,dc=co</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > queryfilter (|(mail=$recepient)(gosaMailAlternateAddress=$recepient))</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > result gosaVacationMessage</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > blockfiles /usr/local/var/lib/gnarwl/block/</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > umask 0644</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > blockexpire 0</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > mta /usr/sbin/sendmail -F $recepient -t $sender</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > maxreceivers 64</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > maxheader 512</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > charset ISO8859-1</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > badheaders /usr/local/var/lib/gnarwl/badheaders.db</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > blacklist /usr/local/var/lib/gnarwl/blacklist.db</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > forceheader /usr/local/var/lib/gnarwl/header.txt</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > forcefooter /usr/local/var/lib/gnarwl/footer.txt</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > recvheader To Cc</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > loglevel 3</span><br /><span style="font-family:arial;"> </span><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >18.</span> Configuring Postfix in /etc/postfix/main.cf file</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > queue_directory = /var/spool/postfix</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > command_directory = /usr/sbin</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > daemon_directory = /usr/libexec/postfix</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > mail_owner = postfix</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > smtpd_banner = mail.jrios.com.co</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > myhostname = mail.jrios.com.co</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > myorigin = jrios.com.co</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > mydestination = mail.jrios.com.co</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > mynetworks = 127.0.0.0/8, 10.0.0.0/8</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > alias_maps = hash:/etc/aliases, ldap:virtualaliases</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > alias_database = hash:/etc/aliases</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > virtual_mailbox_limit = 50000000000</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > message_size_limit = 25728640</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > virtual_mailbox_domains = jrios.com.co, gosa.jrios.com.co</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > virtual_mailbox_base = /var/vmail</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > virtual_uid_maps = static:800</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > virtual_gid_maps = static:800</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > mailbox_size_limit = 50000000000</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > recipient_delimiter =</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > inet_interfaces = all</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > home_mailbox = Maildir/</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > smtpd_recipient_restrictions = permit_mynetworks,</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > permit_sasl_authenticated,<br />check_recipient_access ldap:chkuser,<br /></span><span style="color: rgb(0, 153, 0);font-family:arial;" > reject_unauth_destination,</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > reject_non_fqdn_hostname,</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > reject_non_fqdn_sender,</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > reject_non_fqdn_recipient,</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > reject_unknown_sender_domain,</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > reject_unknown_recipient_domain,</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > reject_unauth_pipelining,</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > reject_unauth_destination,</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > permit</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # RFC standars</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > smtpd_helo_required = yes</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > strict_rfc821_envelopes = yes</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > disable_vrfy_command = yes</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # RBL checks and restrictions</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > smtpd_client_restrictions = permit_mynetworks,</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > permit_sasl_authenticated,</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > reject_rbl_client combined.njabl.org,</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > reject_rbl_client dul.dnsbl.sorbs.net,</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > reject_rbl_client zen.spamhaus.org,</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > reject_rbl_client opm.blitzed.org,</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > reject_rbl_client dialups.mail-abuse.org,</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > reject_rbl_client cbl.abuseat.org,</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > reject_rbl_client bl.spamcop.net,</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > reject_unauth_pipelining</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # Transport config</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > [L]_destination_concurrency_limit = 1</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > [L]_destination_recipient_limit = 1</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > [VL]_destination_concurrency_limit = 1</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > [VL]_destination_recipient_limit = 1</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > virtual_transport = [L]</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > local_transport = [L]</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > virtual_maps = hash:/etc/postfix/virtual, ldap:virtualaliases</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > transport_maps = hash:/etc/postfix/transport, ldap:tmap</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # LDAP transport source</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > tmap_server_host = 127.0.0.1</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > tmap_search_base = dc=jrios,dc=com,dc=co</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > tmap_query_filter = (|(mail=%s)(gosaMailAlternateAddress=%s))</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > tmap_result_attribute = gosaMailDeliveryMode</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > tmap_cache = no</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > tmap_bind = yes</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > tmap_bind_dn = cn=admin,dc=jrios,dc=com,dc=co</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > tmap_bind_pw = jrios</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # GoSA main LDAP source</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > virtualaliases_server_host = 127.0.0.1</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > virtualaliases_server_port = 389</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > virtualaliases_bind = no</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > virtualaliases_timeout = 5</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > virtualaliases_search_base = dc=jrios,dc=com,dc=co</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > virtualaliases_query_filter = (|(mail=%s)(gosaMailAlternateAddress=%s))</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > virtualaliases_result_attribute = gosaMailForwardingAddress,mail</span><br /><br /><span style="color: rgb(0, 153, 0);font-size:85%;" ># Recipient Validation<br /></span><span style="color: rgb(0, 153, 0);font-family:arial;font-size:85%;" > </span><span style="color: rgb(0, 153, 0);font-size:85%;" ><br /></span></plugin></span></plugin></span></plugin></span></plugin></span></plugin></span></plugin></span></plugin></span></plugin></span></span><span style="font-family: arial; color: rgb(0, 153, 0);font-size:85%;" >chkuser_server_host = <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://127.0.0.1/" target="_blank">127.0.0.1</a><br />chkuser_server_port = 389<br />chkuser_bind = yes<br />chkuser_bind_dn = cn=admin,dc=jrios,dc=com,dc=co<br />chkuser_bind_pw = jrios<br />chkuser_timeout = 5<br />chkuser_search_base = dc=jrios,dc=com,dc=co<br />chkuser_query_filter = (|(mail=%s)(gosaMailAlternateA</span><wbr style="font-family: arial; color: rgb(0, 153, 0);"><span style="font-family: arial; color: rgb(0, 153, 0);font-size:85%;" >ddress=%s))<br />chkuser_result_attribute = gosaMailForwardingAddress,mail<br />chkuser_result_format = OK</span><br /><span style="font-size:85%;"><span style="font-family:arial;"><plugin acl="default" class="user" icon="personal.png"><span style="font-family:arial;"><plugin acl="default" class="posixAccount" icon="posix.png"><span style="font-family:arial;"><plugin acl="default" class="mailAccount" icon="email.png"><span style="font-family:arial;"><plugin acl="default" class="sambaAccount" icon="samba.png"><span style="font-family:arial;"><plugin acl="default" class="connectivity" icon="proxy.png"><span style="font-family:arial;"><plugin acl="user" class="userManagement" icon="user.png"><span style="font-family:arial;"><plugin acl="group" class="groupManagement" icon="group.png"><span style="font-family:arial;"><plugin acl="department" class="departmentManagement" icon="department.png"><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # SSL/TLS config</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > smtp_use_tls = yes</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > smtpd_use_tls = yes</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > smtp_tls_note_starttls = yes</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > smtpd_tls_key_file = /etc/postfix/ssl/smtpdkey.pem</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > smtpd_tls_loglevel = 1</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # SASL config</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > smtpd_sasl_auth_enable = yes</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > smtpd_sasl_application_name = smtpd</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > smtpd_sasl_security_options = noanonymous</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > smtpd_sasl_local_domain =</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > broken_sasl_auth_clients = yes</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >19.</span> Set hostname in /etc/hosts file</span><br /><span style="font-family:arial;"> </span><br /><span style="font-family:arial;"> Acording to your server private IP address:</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > 192.168.1.1 mail.jrios.com.co jrios.com.co</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >20.</span> Create SSL certificates for Postfix</span><br /><br /><span style="font-family:arial;"> First, make sure that file openssl.cnf is in the specified path, otherwise find it</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # mkdir /etc/postfix/ssl</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # /usr/bin/openssl req -config /etc/pki/tls/openssl.cnf -new -x509 -nodes -out /etc/postfix/ssl/smtpd.pem </span><span style="color: rgb(0, 153, 0);font-family:arial;" >-keyout /etc/postfix/ssl/smtpdkey.pem -pem -days 999999 </span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > </span><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >21.</span> Configuring Postfix in /etc/postfix/master.cf file</span><br /><br /><span style="font-family:arial;"> Make sure that you have the following lines:</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > smtps inet n - n - - smtpd</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > submission inet n - n - - smtpd</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_etrn_restrictions=reject</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > [L] unix - n n - - pipe</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > flags=DRhu user=vmail argv=/usr/local/bin/maildrop -w 80 -d ${recipient}</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > [VL] unix - n n - - pipe</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > flags=F user=adminvac argv=/usr/local/bin/fork_vacation.sh $sender $recipient</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >22. </span>Creating file /usr/local/bin/fork_vacation.sh for manage vacations</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > #!/bin/bash</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > ORIGIN="$1"</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > DESTINY="$2"</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > /usr/bin/sudo -u vmail /usr/local/bin/maildrop -w 90 -d $DESTINY</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > /usr/bin/sudo -u gnarwl /usr/local/bin/gnarwl -s $ORIGIN -a $DESTINY</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >23.</span> Set permissions to file /usr/local/bin/fork_vacation.sh</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # chmod 755 /usr/local/bin/fork_vacation.sh</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >24.</span> Create user adminvac with sudo for execute the vacation binary</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # adduser adminvac</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # vi /etc/sudoers</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > adminvac ALL=(ALL) NOPASSWD: ALL</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >25.</span> Starting Postfix</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # postmap /etc/postfix/transport</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # postmap /etc/postfix/virtual</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # newaliases</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # service postfix start</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >26.</span> Automatic start for Postfix</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # chkconfig --level 345 postfix on</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >27. </span>Configuring Courier Authlib /etc/authlib/authdaemonrc file</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > authmodulelist="authldap"</span><br /><br /><span style="font-family:arial;"><span style="font-size:130%;"><span style="font-weight: bold;">28.</span></span> Configuring Courier Authlib /etc/authlib/authldaprc file</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > LDAP_SERVER localhost</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > LDAP_URI ldap://localhost</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > LDAP_PORT 389</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > LDAP_PROTOCOL_VERSION 3</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > LDAP_BASEDN dc=jrios,dc=com,dc=co</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > LDAP_BINDDN cn=admin,dc=jrios,dc=com,dc=co</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > LDAP_BINDPW jrios</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > LDAP_TIMEOUT 120</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > LDAP_AUTHBIND 1</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > LDAP_MAIL mail</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > LDAP_FILTER (objectClass=gosaMailAccount)</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > LDAP_GLOB_UID vmail</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > LDAP_GLOB_GID vmail</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > LDAP_HOMEDIR gosaMailHome</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > LDAP_MAILDIR gosaMailHome/Maildir</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > LDAP_MAILDIRQUOTA gosaMailQuota</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > LDAP_FULLNAME cn</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > LDAP_CRYPTPW userPassword</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > LDAP_DEREF never</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > LDAP_TLS 0</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >29.</span> Configuring Cyrus SASL /etc/saslauthd.conf (create file)</span><br /><br /><span style="color: rgb(51, 204, 0);font-family:arial;" > l<span style="color: rgb(0, 153, 0);">dap-servers: ldap://localhost/</span></span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > ldap_auth_method: bind</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > ldap_bind_dn: cn=admin,dc=jrios,dc=com,dc=co</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > ldap_bind_pw: jrios</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > ldap_filter: (uid=%U)</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > ldap_search_base: dc=jrios,dc=com,dc=co</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >30.</span> File /etc/sysconfig/saslauthd</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > START=yes</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > MECH="ldap"</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > PWDIR="/var/run/saslauthd"</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > PARAMS="-O /etc/saslauthd.conf -m ${PWDIR}"</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >31.</span> File /usr/lib/sasl2/smtpd.conf</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > pwcheck_method: saslauthd</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > mech_list: plain login</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >32.</span> Configuring and tunning Maildrop /etc/maildroprc (create file)</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > SHELL="/bin/bash"</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > DEFAULT = "Maildir/"</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > MAILDIR = "Maildir/"</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > `reformail -D 8000 duplicate.cache`</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > if ( $RETURNCODE == 0 )</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > exit</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >33.</span> Start and Automatic start Courier/Cyrus Applications</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # service courier-authlib start</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # service courier-imap start</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # service saslauthd start</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # chkconfig --level 345 courier-authlib on</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # chkconfig --level 345 courier-imap on</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # chkconfig --level 345 saslauthd on</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >34.</span> Creating Mail Server in GOsa2 web interface</span><br /><br /><span style="font-family:arial;"> a. Login to web interface</span><br /><span style="font-family:arial;"> b. Click on Systems link</span><br /><span style="font-family:arial;"> c. Click on New Server button</span><br /><span style="font-family:arial;"> d. Complete the Generic Tab</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Server name: Mail</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Description: Mail server</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > IP-address: 127.0.0.1</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > MAC-address: 00:18:FE:77:41:C2 </span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Mode: Activated</span><br /><br /><span style="font-family:arial;"> e. Complete the Databases Tab</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Click IMAP Admin access</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Server Identifier: localhost</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Connect URL: {localhost:143}</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Admin user: noadmin</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Password: none</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Sieve Port: 2000</span><br /><br /><span style="font-family:arial;"> f. Complete Services Tab</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Click Mail Server</span><br /><br /><span style="font-family:arial;"> g. Click on Save Button</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >35.</span> Create one user for Mail</span><br /><br /><span style="font-family:arial;"> a. Login to web interface</span><br /><span style="font-family:arial;"> b. Click on Users link</span><br /><span style="font-family:arial;"> c. Click on Create new user button</span><br /><span style="font-family:arial;"> </span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Last name: Rios</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > First name: Julian</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Login: julian</span><br /><br /><span style="font-family:arial;"> d. Click on Mail Tab</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Click on Crate Mail Account button</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Primary address: julian@jrios.com.co</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Server: localhost</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > Click on Save button</span><br /><span style="color: rgb(51, 204, 0);font-family:arial;" ><span style="color: rgb(0, 153, 0);"> Choose a password for User</span><br /><br /></span></plugin></span></plugin></span></plugin></span></plugin></span></plugin></span></plugin></span></plugin></span></plugin></span></span><span style="font-size:85%;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >36.</span> Create one user for Manage vacations</span></span></span></span></span></span></span></span></span></span><span style="color: rgb(255, 255, 0);font-size:85%;" ><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="color: rgb(51, 204, 0);font-family:arial;" ><br /><br /><span style="color: rgb(0, 153, 0);">Create account gnarwl@jrios.com.co, flollowing the same past steps.</span></span></span></span></span></span></span></span></span></span></span><br /><span style="font-size:85%;"><span style="font-family:arial;"><plugin acl="default" class="user" icon="personal.png"><span style="font-family:arial;"><plugin acl="default" class="posixAccount" icon="posix.png"><span style="font-family:arial;"><plugin acl="default" class="mailAccount" icon="email.png"><span style="font-family:arial;"><plugin acl="default" class="sambaAccount" icon="samba.png"><span style="font-family:arial;"><plugin acl="default" class="connectivity" icon="proxy.png"><span style="font-family:arial;"><plugin acl="user" class="userManagement" icon="user.png"><span style="font-family:arial;"><plugin acl="group" class="groupManagement" icon="group.png"><span style="font-family:arial;"><plugin acl="department" class="departmentManagement" icon="department.png"><span style="color: rgb(51, 204, 0);font-family:arial;" ><br /></span></plugin></span></plugin></span></plugin></span></plugin></span></plugin></span></plugin></span></plugin></span></plugin></span></span><span style="font-size:85%;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >37.</span> Setting user Quotas<br /><br />Maildrop use Quotas in following format: 5000000S indicates aprox 5 MB of quota (5000000 bytes). The quota text box in the Mail Tab of GOsa not accept this value (the character S is not valid number). GOsa show this error when the administrator set this 5 MB (5000000S) quota value:<br /><br /><span style="color: rgb(0, 153, 0);">An error ocurred while processing your request: Value in 'Quota Size' is not valid<br /><br /><span style="color: rgb(0, 0, 0);">The solution is modify the code of GOsa ! Is simply:<br /><br />a. In file /usr/share/gosa/plugins/personal/mail/class_mailAccount.inc change these lines:<br /><br /><span style="color: rgb(0, 153, 0);">/* Check quota */</span><br /><span style="color: rgb(0, 153, 0);">if ($this->gosaMailQuota != '' && chkacl ($this->acl, "gosaMailQuota") == ""){</span><br /><span style="color: rgb(0, 153, 0);">if (!is_numeric($this->gosaMailQuota)) {</span><br /><span style="color: rgb(0, 153, 0);">$message[]= _("Value in 'Quota size' is not valid.");</span><br /><span style="color: rgb(0, 153, 0);">} else {</span><br /><span style="color: rgb(0, 153, 0);">$this->gosaMailQuota= (int) $this->gosaMailQuota;</span><br /><span style="color: rgb(0, 153, 0);">}</span><br /><span style="color: rgb(0, 153, 0);">}</span><br /><br />For these lines:<br /><br /><span style="color: rgb(0, 153, 0);">/* Check quota */</span><br /><span style="color: rgb(0, 153, 0);">//if ($this->gosaMailQuota != '' && chkacl ($this->acl, "gosaMailQuota") == ""){</span><br /><span style="color: rgb(0, 153, 0);">//if (!is_numeric($this->gosaMailQuota)) {</span><br /><span style="color: rgb(0, 153, 0);">//$message[]= _("Value in 'Quota size' is not valid.");</span><br /><span style="color: rgb(0, 153, 0);">//} else {</span><br /><span style="color: rgb(0, 153, 0);">//$this->gosaMailQuota= (int) $this->gosaMailQuota;</span><br /><span style="color: rgb(0, 153, 0);">$this->gosaMailQuota= $this->gosaMailQuota;</span><br /><span style="color: rgb(0, 153, 0);">//}</span><br /><span style="color: rgb(0, 153, 0);">//}</span><br /><br />Note the comment lines. Also, supress (int) in the line that insert the quota value. Now, we can insert correctly the 5000000S value, and Maildrop run perfectly with this.<br /><br />b. </span></span></span></span></span></span></span></span></span></span></span></span><span style="font-size:85%;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 0, 0);"> In file /usr/share/gosa/include/class_mail-methods.inc the function connect need look like this:</span></span></span></span></span></span></span></span></span></span></span></span><span style="font-size:85%;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="color: rgb(0, 153, 0);"><span style="color: rgb(0, 0, 0);"><br /><br /><span style="color: rgb(0, 153, 0);">function connect($gosaMailServer)</span><br /><span style="color: rgb(0, 153, 0);">{</span><br /><span style="color: rgb(0, 153, 0);">return (FALSE);</span><br /><span style="color: rgb(0, 153, 0);">}</span><br /><br />c. In file /usr/share/gosa/include/class_mail-methods.inc the function getQuota need look like this:<br /><br /><span style="color: rgb(0, 153, 0);">function getQuota($folder)</span><br /><span style="color: rgb(0, 153, 0);">{</span><br /><span style="color: rgb(0, 153, 0);">$result= array('quotaUsage' => '0', 'gosaMailQuota' => '');</span><br /><span style="color: rgb(0, 153, 0);">$quota_value = @imap_get_quota($this->mbox, $folder);</span><br /><span style="color: rgb(0, 153, 0);">return ($result);</span><br /><span style="color: rgb(0, 153, 0);">}</span><br /></span><br /></span></span></span></span></span></span></span></span></span></span></span><span style="font-size:85%;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-weight: bold;font-family:arial;font-size:180%;" >STEPS FOR INSTALL OPENLDAP REPLICATION<br /></span></span></span></span></span></span></span></span></span></span><span style="font-size:85%;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><br />This steps describe in form "kitchen prescription" how to install in diferent servers 2 instances of ldap to gain high availability for the enterprise solution.<br /><br /></span></span></span></span></span></span></span></span></span><span style="font-size:85%;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >1.</span> Configure Openldap master server for replication in /etc/openldap/slapd.conf file</span><br /><br />After the indexing options put:</span></span></span></span></span></span></span></span></span><span style="color: rgb(0, 153, 0);font-family:arial;font-size:85%;" ><span style="color: rgb(51, 204, 0);"><br /><br /><span style="color: rgb(0, 153, 0);">replogfile /var/lib/ldap/replog</span></span></span><span style="color: rgb(0, 153, 0);font-family:arial;font-size:85%;" ><br />replica host=slaveldap:389</span><span style="color: rgb(0, 153, 0);font-size:85%;" ><br /><span style="font-family:arial;">binddn="cn=admin,dc=jrios,dc=com,dc=co"</span></span><span style="color: rgb(0, 153, 0);font-family:arial;font-size:85%;" ><br />bindmethod=simple credentials="jrios"</span><span style="font-size:85%;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-size:130%;"><span style="font-weight: bold;"><br /><br />2.</span> </span>Make a "dump" of ldap database to dump.ldif file<br /><br /><span style="color: rgb(0, 153, 0);"># slapcat > /tmp/dump.ldif </span></span></span></span></span></span></span></span></span></span></span><span style="font-size:85%;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-size:130%;"><span style="font-weight: bold;"><br /><br />3.</span> </span>Stop the master and slave ldap server </span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" ># service ldap stop</span><br /><br /></span></span></span></span></span></span></span></span></span><span style="font-size:85%;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >4.</span> In the slave server, restore the master ldap dump<br /><br /><span style="color: rgb(0, 153, 0);"># slapadd -b "dc=jrios,dc=com,dc=co" -l dump.ldif -f /etc/openldap/slapd.conf</span><br /></span></span></span></span></span></span></span></span></span></span><span style="font-size:85%;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" ><br /></span></span></span></span></span></span></span></span></span></span></span><span style="font-size:85%;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >5.</span> Adjust permissions to database in slave server<br /><br /><span style="color: rgb(0, 153, 0);"># chown ldap:ldap /var/lib/ldap/*</span><br /></span></span></span></span></span></span></span></span></span></span><br /><span style="font-size:85%;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >6.</span> In the slave server, put these lines in /etc/openldap/slapd.conf</span><br /><br />After the indexing options,<br /></span></span></span></span></span></span></span></span></span><span style="font-family:monospace;"><br /></span><span style="color: rgb(51, 204, 0);font-size:85%;" ><span style="color: rgb(0, 153, 0);font-family:arial;" >updatedn "cn=admin,dc=jrios,dc=com,co"</span><br /><span style="color: rgb(0, 153, 0);font-family:arial;" >updateref ldap://masterldap</span><br /></span><br /><span style="font-size:85%;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-weight: bold;font-size:130%;" >7.</span> Start ldap servers, first slave and then master</span><br /><br /><span style="color: rgb(0, 153, 0);font-family:arial;" > # service ldap start</span><br /></span></span></span></span></span></span></span></span></span><span style="font-size:85%;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-family:arial;"><span style="font-weight: bold;font-family:arial;font-size:180%;" ><br /><a href="http://easyhitcounters.com/stats.php?site=jrios" target="_top"><img alt="Free Hit Counter" src="http://beta.easyhitcounters.com/counter/index.php?u=jrios&s=ainv" align="middle" border="0" hspace="4" vspace="2" /></a><script src="http://beta.easyhitcounters.com/counter/script.php?u=jrios"></script><br /><span style="font-size:100%;"><a href="http://easyhitcounters.com/" target="_top"><span style="color: rgb(102, 102, 102);">Free Counter</span></a></span><br /></span><span style="font-weight: bold;font-family:arial;font-size:180%;" ><br /><!-- END OF ADDME LINK --><br /></span><span style="font-weight: bold;font-family:arial;font-size:180%;" ><br /></span></span></span></span></span></span></span></span></span></span>Julian Rioshttp://www.blogger.com/profile/17448402980560105221noreply@blogger.com