Wednesday, March 28, 2007

GOsa2 - Perfect Integration

Implementing GOsa2
OS Probed:
Red Hat EL4/EL5 - Fedora Core 5/6/7 and CentOS 4.4/5
Document version: 0.5

- Integration with: Mail Server: Postfix, Courier-IMAP, Maildrop, GNARWL, Cyrus-SASL, OpenSSL
- Redundancy: OpenLDAP Master/Slave replication
- Install methods: yum install, up2date -i
- GOsa2 release: 2.5.9-1
- Customizations: New LDAP schema that separate mail home from unix home

Capabilities

- Courier IMAP, the best POP3/IMAP4 Software System
- OpenSSL, for securing all connections via TLS
- Postfix, the best and flexible MTA in the world
- OpenLDAP, centralized information
- Maildrop, the best MDA that manage Quotas in LDAP
- GNARWL, the best software for vacations stored in LDAP
- Cyrus SASL, for autenticate users to use SMTP
- OpenLDAP Replication, the best way for high availability
- GOsa2, the best LDAP Administrator software




Autor

Julian Rios
jrios@sapian.org
Sapian S.A, Medellin-Colombia


INDEX

1. Processes flow
2. Installing GOsa2

3. Installing Mail Server
4. Replicating OpenLDAP

NOTES

a. In this guide "jrios.com.co" is the domain
b. mail.jrios.com.co is the MX for mail
c. The guide not have a detailed description of the steps. The "blog method" of this page is intended for resolve questios about steps. Example comment: "In part 2, step 22, how to fork_vacation.sh script works ?"

PROCESSES FLOW

1. Receiving Mail



2. Reading and Sending Mail




3. LDAP Administration with GOsa



STEPS FOR INSTALL GOsa2

This steps describe in form "kitchen prescription" how to install the GOsa2 package.

1. Install OpenLDAP

# yum install openldap openldap-clients openldap-servers

2. Download from GOsa2 site all the RPM Packages for Red Hat Distribution. The FTP URL is: ftp://oss.gonicus.de/pub/gosa/redhat

3. Install GOsa2 Package Prerequisites


# rpm -ivh perl-TimeDate-1.16-1.noarch.rpm
# rpm -ivh perl-MIME-Types-1.16-1.noarch.rpm
# rpm -ivh perl-MailTools-1.74-1.noarch.rpm
# rpm -ivh perl-MIME-Lite-3.01_05-1.noarch.rpm
# rpm -ivh perl-Crypt-SmbHash-0.02-1.noarch.rpm

4. Install OS Package Prerequisites

# yum install httpd
# yum install php-snmp
# yum install php-mysql
# yum install php-mbstring
# yum install php-imap
# yum install perl-ldap

5. Install GOsa2 Package

# rpm -ivh gosa-2.5.9-1.noarch.rpm

6. Install GOsa2 Schemas

# rpm -ivh gosa-schema-2.5.9-1.noarch.rpm

Download gosa_custom.schema or copy from quote:

-----
#$Id: authldap.schema,v 1.8 2005/03/20 19:10:30 mrsam Exp $
#
# OID prefix: 1.3.6.1.4.1.25981
#
# Attributes: 1.3.6.1.4.1.25981.1.1
#
# Depends on: gosa.schema and cosine.schema

attributetype ( 1.3.6.1.4.1.25981.1.1.1 NAME 'gosaMailHome'
DESC 'The absolute path to the mail message stor directory in a virtual mail setup.'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

#
# Objects: 1.3.6.1.4.1.25981.1.2
#

objectclass ( 1.3.6.1.4.1.25981.1.2.1 NAME 'gosaVirtualMailAccount' SUP top AUXILIARY
DESC 'Objectclass to mark Virtual MailAccounts for GOsa (v2.4)'

MAY ( gosaMailHome ) )
-----

The file gosa_custom.schema define new attribute called gosaMailHome for separate the home of
Unix accounts from Mail user homes. This personalized schema must be placed in /etc/openldap/schema/gosa:

# cp gosa_custom.schema /etc/openldap/schema/gosa

7. Installing English web documentation

# rpm -ivh gosa-help-en-2.5.9-1.noarch.rpm

8. OpenLDAP /etc/openldap/slapd.conf file

pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema

include /etc/openldap/schema/gosa/samba3.schema
include /etc/openldap/schema/gosa/pureftpd.schema
include /etc/openldap/schema/gosa/gofon.schema
include /etc/openldap/schema/gosa/gosystem.schema
include /etc/openldap/schema/gosa/goto.schema
include /etc/openldap/schema/gosa/gosa+samba3.schema
include /etc/openldap/schema/gosa/gofax.schema
include /etc/openldap/schema/gosa/goserver.schema
include /etc/openldap/schema/gosa/goto-mime.schema
include /etc/openldap/schema/gosa/gosa_custom.schema

schemacheck on
allow bind_v2
database bdb
directory /var/lib/ldap
loglevel 256
lastmod on
suffix "dc=jrios,dc=com,dc=co"
rootdn "cn=admin,dc=jrios,dc=com,dc=co"
rootpw {MD5}RQoN6pXDXTICFTcKo+wYwQ==

index uid,mail eq
index gosaMailAlternateAddress,gosaMailForwardingAddress eq
index cn,sn,givenName,ou pres,eq,sub
index objectClass pres,eq
index uidNumber,gidNumber,memberuid eq
index gosaSubtreeACL,gosaObject,gosaUser pres,eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq

access to *
by * read

TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem

cachesize 100000

9. Change the rootpw password in slapd.conf file

# slappasswd -h {MD5}

Put the result string in file

10. TLS Certificate for OpenLDAP

Depending of the distribution, the .pem and .crt files are in other path. Search them with:

# find / -name 'slapd.pem'
# find / -name 'ca-bundle.crt'

And change the path in slapd.conf file

11. Enable OpenLDAP logs from /etc/syslog.conf

local4.* /var/log/ldap

12. Restart syslog service

# service syslog restart

13. Start OpenLDAP now

# service ldap start

14. Create initial.ldif file for insert base information to OpenLDAP

dn: dc=jrios,dc=com,dc=co
dc: jrios
objectClass: top
objectClass: domain

dn: ou=groups,dc=jrios,dc=com,dc=co
objectClass: organizationalUnit
ou: groups

dn: ou=people,dc=jrios,dc=com,dc=co
objectClass: organizationalUnit
ou: people

dn: cn=admin,ou=people,dc=jrios,dc=com,dc=co
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: gosaAccount
uid: admin
cn: admin
givenName: admin
sn: GOsa Main Administrator
sambaLMPassword: 10974C6EFC0AEE1917306D272A9441BB
sambaNTPassword: 38F3951141D0F71A039CFA9D1EC06378
userPassword:: dGVzdGVy

dn: cn=administrators,ou=groups,dc=jrios,dc=com,dc=co
objectClass: gosaObject
objectClass: posixGroup
gosaSubtreeACL: :all
cn: administrators
gidNumber: 999
memberUid: admin

15. Add initial.ldif information to OpenLDAP

# ldapadd -x -D "cn=admin,dc=jrios,dc=com,dc=co" -h localhost -W -f initial.ldif -v

16. Edit /etc/php.ini file and modify values for

session.gc_maxlifetime = 100000
memory_limit = 100M

17. Start web server

# service httpd start

18. Setup GOsa2 from web interface

a. Point your browser to http://localhost/gosa. Click Continue button, ignoring this:

checking for mhash module
checking for cups module
checking for kadm5 module

b. Click Continue button, ignoring this:

Checking for fping utility
php.ini check -> magic_quotes_gpc

c. Set URI, and click Continue button:

ldap://localhost:389

d. Complete the form and click Continue Button:

Location Name: Corporation
Admin DN: cn=admin,dc=jrios,dc=com,dc=co
Admin password: *****
Base: dc=jrios,dc=com,dc=co
People storage ou: ou=people
People dn attribute: uid
Group storage ou: ou=groups
ID base for users/groups: 1000
Encryption algorithm: md5
Mail method: disable
Display PHP errors: true

e. Click Download configuration Button and save gosa.conf in a local folder

19. Copy file gosa.conf to /etc/gosa directory and apply permissions

# chown root.apache /etc/gosa/gosa.conf
# chmod 640 /etc/gosa/gosa.conf

20. Click Retry Button

21. Login to web interface of Gosa with admin account:

Login: admin
Password: tester

NOTE: The user admin for gosa is diferent from admin for LDAP !, In this case, the password for admin is "tester". This user admin have a following dn:

cn=admin,ou=people,dc=jrios,dc=com,dc=co

This password "tester" come from initial.ldif file.

22. Configuring GOsa. File /etc/gosa/gosa.conf

In this case, we are using GOsa only for this proposal:

a. Manage Mail and user Accounts

In this file, we need deactivate all other options, plugins, etc. Section need look like this:

section name="My account"


plugin acl="default" class="user" icon="personal.png"

path="plugins/personal/generic"


plugin acl="default" class="mailAccount" icon="email.png"

Path="plugins/personal/mail"


plugin acl="default" class="password" icon="password.png"

path="plugins/personal/password"


section


In the section Administration, we need delete plugins: oGroupManagement, applicationManagement, FAIclass, blocklists, goFonMacro and conference. Finally, need look like this:

section name="Administration"

plugin acl="user" class="userManagement" icon="user.png"

path="plugins/admin/users"

plugin acl="group" class="groupManagement" icon="group.png"
path="plugins/admin/groups"

plugin acl="department" class="departmentManagement" icon="department.png"
path="plugins/admin/departments"

plugin acl="application" class="applicationManagement"
icon="application.png" path="plugins/admin/applications"

plugin acl="systems" class="systems" icon="system.png"
path="plugins/admin/systems"

section


In the Addons section, we only need addressbook and ldapmanager. This are good utilities:

section name="Addons"

plugin acl="addressbook" class="addressbook" icon="addressbook.png"

path="plugins/addons/addressbook"
plugin acl="ldapmanager" class="ldif" icon="ldif.png"
path="plugins/addons/ldapmanager"

section


In usertabs section we only need:

usertabs

tab class="user" name="Generic"

tab class="mailAccount" name="Mail"
postcreate="/usr/bin/sudo /etc/gosa/createmail.sh %uid ;
/usr/bin/sudo /etc/gosa/createhome.sh %uid"

usertabs


Note that "postcreate" call two scripts, one for create mail home directory and one for insert the necesary attributes in LDAP for manage this homes directories.

In grouptabs section we only need:

grouptabs

tab class="group" name="Generic"

tab class="acl" name="ACL"

grouptabs


23. Restart services and configure the automatic start

# service httpd restart
# service ldap restart
# chkconfig --level 345 httpd on
# chkconfig --level 345 ldap on

24. Create postscript file /etc/gosa/createmail.sh. This script create the homes for the mail users.

#!/bin/bash

/usr/bin/sudo mkdir /var/vmail/$1
/usr/bin/sudo /usr/lib/courier-imap/bin/maildirmake /var/vmail/$1/Maildir
/usr/bin/sudo /bin/chown -R vmail.vmail /var/vmail/$1
/usr/bin/sudo /bin/chmod -R 2770 /var/vmail/$1

25. Create postscript file /etc/gosa/createhome.sh. This script create the mail home attribute for the mail users.
Attention to password !

#!/bin/bash

LDAPDN=`ldapsearch -h localhost -x -b "dc=jrios,dc=com,dc=co"\
-D "cn=admin,dc=jrios,dc=com,dc=co" -w jrios "(uid=$1)" | grep dn`

(
echo ""
echo "$LDAPDN"
echo "changetype: modify"
echo "add: objectClass"
echo "objectClass: gosaVirtualMailAccount"
echo ""

echo "$LDAPDN"
echo "changetype: modify"
echo "add: gosaMailHome"
echo "gosaMailHome: /var/vmail/$1"
) | ldapmodify -a -x -D "cn=admin,dc=jrios,dc=com,dc=co" -w jrios -h localhost -v

26. Adjust permissions to postcreate scripts

# chmod a+x /etc/gosa/createhome.sh
# chmod a+x /etc/gosa/createmail.sh

27. Enable apache sudoer for execute this scripts. In file /etc/sudoers:

apache ALL=(ALL) NOPASSWD: /etc/gosa/createhome.sh, /etc/gosa/createmail.sh

Also, if the line "Defaults requiretty" is set, we need comment them !

STEPS FOR INSTALL MAIL SERVER

This steps describe in form "kitchen prescription" how to install a powerful email system.


1. Create user vmail

# groupadd -g 5000 vmail
# useradd -m -d /var/vmail -g 5000 -u 5000 vmail
# chmod 2775 /var/vmail

2. Installing Postfix MTA, and disabling sendmail

# service sendmail stop
# rpm -e sendmail-cf
# rpm -e sendmail
# chkconfig --level 345 sendmail off
# yum install postfix*

3. Installing OS prerequisites for compiling Courier Packages

# yum install mysql-devel
# yum install openldap-devel
# yum install postgresql-devel
# yum install gcc-c++
# yum install gdbm-devel
# yum install pam-devel
# yum install expect
# yum install libtool-ltdl*
# yum install pcre*

4. Download Courier Packages (IMAP, Authlib and Maildrop)

Point your browser to www.courier-mta.org and download files named:

a. courier-authlib-0.59.1.tar.bz2
b. courier-imap-4.1.2.tar.bz2
c. maildrop-2.0.3.tar.bz2

5. With an unprivileged user do:

$ cd
$ mkdir -m 755 rpm
$ mkdir -m 755 rpm/BUILD
$ mkdir -m 755 rpm/RPMS
$ mkdir -m 755 rpm/SOURCES
$ mkdir -m 755 rpm/SPECS
$ mkdir -m 755 rpm/SRPMS

6. Create .rpmmacros file:

$ vi .rpmmacros

%_topdir /home/jrios/rpm
%packager Sapian

7. Build Courier Authlib package

$ rpmbuild -ta courier-authlib-0.59.1.tar.bz2

8. Install Courier Authlib now

$ cd ~/rpm/RPMS/i386
$ su root
# rpm -ivh courier-authlib-0.59.1-1.fc6.i386.rpm
# rpm -ivh courier-authlib-devel-0.59.1-1.fc6.i386.rpm

9. Preparing compilation of Courier IMAP

$ cd
$ tar tvjf courier-imap-4.1.2.tar.bz2 | grep spec
$ tar xvjf courier-imap-4.1.2.tar.bz2 courier-imap-4.1.2/courier-imap.spec
$ mv courier-imap-4.1.2/courier-imap.spec rpm/SPECS/
$ rmdir courier-imap-4.1.2
$ mv courier-imap-4.1.2.tar.bz2 rpm/SOURCES/

10. Modifying /home/jrios/rpm/SPECS/courier-imap.spec file

Replace this:

%if %suse_version
BuildPreReq: rpm >= 3.0.5 /usr/bin/sed openldap2 openldap2-devel %([ %
{suse_version} -gt 819 ] && echo fam-devel)
%else
BuildPreReq: rpm >= 4.0.2 sed fam-devel openldap-devel openldap-servers
%endif

For this:

%if %suse_version
BuildPreReq: rpm >= 3.0.5 /usr/bin/sed openldap2 openldap2-devel
%else
BuildPreReq: rpm >= 4.0.2 sed openldap-devel openldap-servers
%endif

11. Build Courier IMAP

$ rpmbuild -ba ~/rpm/SPECS/courier-imap.spec

12. Install complete Courier IMAP now

# rpm -ivh rpm/RPMS/i386/courier-authlib-ldap-0.59.1-1.fc6.i386.rpm
# rpm -ivh rpm/RPMS/i386/courier-imap-4.1.2-1.6.i386.rpm

13. Compile Maildrop MDA

# tar xjvf maildrop-2.0.3.tar.bz2
# cd maildrop-2.0.3
# ./configure --enable-maildirquota --enable-maildrop-uid=5000 --enable-maildrop-gid=5000 -enable-authlib
# make
# make install
# chown root /usr/local/bin/maildrop
# chmod u+s /usr/local/bin/maildrop
# chmod a+rx /var/spool/authdaemon/

14. Download GNARWL software

Point your web browser at http://www.home.unix-ag.org/patrick/index.php?gnarwl and download package named gnarwl-3.3.tgz

15. Compile GNARWL for LDAP vacations

# tar xzvf gnarwl-3.3.tgz
# cd gnarwl-3.3
# ./configure
# make
# make install
# make perm

16. Install Cyrus-SASL

# yum install cyrus-sasl*

17. Adjust File /usr/local/etc/gnarwl.conf

map_sender $sender
map_receiver $recepient
map_subject $subject
map_field $fullname cn
map_field $deputy mail
server localhost
port 389
scope sub
login cn=admin,dc=jrios,dc=com,dc=co
password jrios
protocol 3
base dc=jrios,dc=com,dc=co
queryfilter (|(mail=$recepient)(gosaMailAlternateAddress=$recepient))
result gosaVacationMessage
blockfiles /usr/local/var/lib/gnarwl/block/
umask 0644
blockexpire 0
mta /usr/sbin/sendmail -F $recepient -t $sender
maxreceivers 64
maxheader 512
charset ISO8859-1
badheaders /usr/local/var/lib/gnarwl/badheaders.db
blacklist /usr/local/var/lib/gnarwl/blacklist.db
forceheader /usr/local/var/lib/gnarwl/header.txt
forcefooter /usr/local/var/lib/gnarwl/footer.txt
recvheader To Cc
loglevel 3

18. Configuring Postfix in /etc/postfix/main.cf file

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
smtpd_banner = mail.jrios.com.co
myhostname = mail.jrios.com.co
myorigin = jrios.com.co
mydestination = mail.jrios.com.co
mynetworks = 127.0.0.0/8, 10.0.0.0/8
alias_maps = hash:/etc/aliases, ldap:virtualaliases
alias_database = hash:/etc/aliases
virtual_mailbox_limit = 50000000000
message_size_limit = 25728640

virtual_mailbox_domains = jrios.com.co, gosa.jrios.com.co

virtual_mailbox_base = /var/vmail
virtual_uid_maps = static:800
virtual_gid_maps = static:800

mailbox_size_limit = 50000000000
recipient_delimiter =
inet_interfaces = all
home_mailbox = Maildir/
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
check_recipient_access ldap:chkuser,
reject_unauth_destination,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unauth_destination,
permit

# RFC standars

smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes

# RBL checks and restrictions

smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_rbl_client combined.njabl.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client dialups.mail-abuse.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client bl.spamcop.net,
reject_unauth_pipelining

# Transport config

[L]_destination_concurrency_limit = 1
[L]_destination_recipient_limit = 1
[VL]_destination_concurrency_limit = 1
[VL]_destination_recipient_limit = 1

virtual_transport = [L]
local_transport = [L]
virtual_maps = hash:/etc/postfix/virtual, ldap:virtualaliases
transport_maps = hash:/etc/postfix/transport, ldap:tmap

# LDAP transport source

tmap_server_host = 127.0.0.1
tmap_search_base = dc=jrios,dc=com,dc=co
tmap_query_filter = (|(mail=%s)(gosaMailAlternateAddress=%s))
tmap_result_attribute = gosaMailDeliveryMode
tmap_cache = no
tmap_bind = yes
tmap_bind_dn = cn=admin,dc=jrios,dc=com,dc=co
tmap_bind_pw = jrios

# GoSA main LDAP source

virtualaliases_server_host = 127.0.0.1
virtualaliases_server_port = 389
virtualaliases_bind = no
virtualaliases_timeout = 5
virtualaliases_search_base = dc=jrios,dc=com,dc=co
virtualaliases_query_filter = (|(mail=%s)(gosaMailAlternateAddress=%s))
virtualaliases_result_attribute = gosaMailForwardingAddress,mail

# Recipient Validation

chkuser_server_host = 127.0.0.1
chkuser_server_port = 389
chkuser_bind = yes
chkuser_bind_dn = cn=admin,dc=jrios,dc=com,dc=co
chkuser_bind_pw = jrios
chkuser_timeout = 5
chkuser_search_base = dc=jrios,dc=com,dc=co
chkuser_query_filter = (|(mail=%s)(gosaMailAlternateA
ddress=%s))
chkuser_result_attribute = gosaMailForwardingAddress,mail
chkuser_result_format = OK


# SSL/TLS config

smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpdkey.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1

# SASL config

smtpd_sasl_auth_enable = yes
smtpd_sasl_application_name = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes

19. Set hostname in /etc/hosts file

Acording to your server private IP address:

192.168.1.1 mail.jrios.com.co jrios.com.co

20. Create SSL certificates for Postfix

First, make sure that file openssl.cnf is in the specified path, otherwise find it

# mkdir /etc/postfix/ssl
# /usr/bin/openssl req -config /etc/pki/tls/openssl.cnf -new -x509 -nodes -out /etc/postfix/ssl/smtpd.pem -keyout /etc/postfix/ssl/smtpdkey.pem -pem -days 999999

21. Configuring Postfix in /etc/postfix/master.cf file

Make sure that you have the following lines:

smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_etrn_restrictions=reject

[L] unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -w 80 -d ${recipient}

[VL] unix - n n - - pipe
flags=F user=adminvac argv=/usr/local/bin/fork_vacation.sh $sender $recipient

22. Creating file /usr/local/bin/fork_vacation.sh for manage vacations

#!/bin/bash

ORIGIN="$1"
DESTINY="$2"

/usr/bin/sudo -u vmail /usr/local/bin/maildrop -w 90 -d $DESTINY
/usr/bin/sudo -u gnarwl /usr/local/bin/gnarwl -s $ORIGIN -a $DESTINY

23. Set permissions to file /usr/local/bin/fork_vacation.sh

# chmod 755 /usr/local/bin/fork_vacation.sh

24. Create user adminvac with sudo for execute the vacation binary

# adduser adminvac
# vi /etc/sudoers

adminvac ALL=(ALL) NOPASSWD: ALL

25. Starting Postfix

# postmap /etc/postfix/transport
# postmap /etc/postfix/virtual
# newaliases
# service postfix start

26. Automatic start for Postfix

# chkconfig --level 345 postfix on

27. Configuring Courier Authlib /etc/authlib/authdaemonrc file

authmodulelist="authldap"

28. Configuring Courier Authlib /etc/authlib/authldaprc file

LDAP_SERVER localhost
LDAP_URI ldap://localhost
LDAP_PORT 389
LDAP_PROTOCOL_VERSION 3
LDAP_BASEDN dc=jrios,dc=com,dc=co
LDAP_BINDDN cn=admin,dc=jrios,dc=com,dc=co
LDAP_BINDPW jrios
LDAP_TIMEOUT 120
LDAP_AUTHBIND 1
LDAP_MAIL mail
LDAP_FILTER (objectClass=gosaMailAccount)
LDAP_GLOB_UID vmail
LDAP_GLOB_GID vmail
LDAP_HOMEDIR gosaMailHome
LDAP_MAILDIR gosaMailHome/Maildir
LDAP_MAILDIRQUOTA gosaMailQuota
LDAP_FULLNAME cn
LDAP_CRYPTPW userPassword
LDAP_DEREF never
LDAP_TLS 0

29. Configuring Cyrus SASL /etc/saslauthd.conf (create file)

ldap-servers: ldap://localhost/
ldap_auth_method: bind
ldap_bind_dn: cn=admin,dc=jrios,dc=com,dc=co
ldap_bind_pw: jrios
ldap_filter: (uid=%U)
ldap_search_base: dc=jrios,dc=com,dc=co

30. File /etc/sysconfig/saslauthd

START=yes
MECH="ldap"
PWDIR="/var/run/saslauthd"
PARAMS="-O /etc/saslauthd.conf -m ${PWDIR}"

31. File /usr/lib/sasl2/smtpd.conf

pwcheck_method: saslauthd
mech_list: plain login

32. Configuring and tunning Maildrop /etc/maildroprc (create file)

SHELL="/bin/bash"
DEFAULT = "Maildir/"
MAILDIR = "Maildir/"

`reformail -D 8000 duplicate.cache`
if ( $RETURNCODE == 0 )
exit

33. Start and Automatic start Courier/Cyrus Applications

# service courier-authlib start
# service courier-imap start
# service saslauthd start
# chkconfig --level 345 courier-authlib on
# chkconfig --level 345 courier-imap on
# chkconfig --level 345 saslauthd on

34. Creating Mail Server in GOsa2 web interface

a. Login to web interface
b. Click on Systems link
c. Click on New Server button
d. Complete the Generic Tab

Server name: Mail
Description: Mail server
IP-address: 127.0.0.1
MAC-address: 00:18:FE:77:41:C2
Mode: Activated

e. Complete the Databases Tab

Click IMAP Admin access
Server Identifier: localhost
Connect URL: {localhost:143}
Admin user: noadmin
Password: none
Sieve Port: 2000

f. Complete Services Tab

Click Mail Server

g. Click on Save Button

35. Create one user for Mail

a. Login to web interface
b. Click on Users link
c. Click on Create new user button

Last name: Rios
First name: Julian
Login: julian

d. Click on Mail Tab

Click on Crate Mail Account button
Primary address: julian@jrios.com.co
Server: localhost
Click on Save button
Choose a password for User

36. Create one user for Manage vacations

Create account gnarwl@jrios.com.co, flollowing the same past steps.


37. Setting user Quotas

Maildrop use Quotas in following format: 5000000S indicates aprox 5 MB of quota (5000000 bytes). The quota text box in the Mail Tab of GOsa not accept this value (the character S is not valid number). GOsa show this error when the administrator set this 5 MB (5000000S) quota value:

An error ocurred while processing your request: Value in 'Quota Size' is not valid

The solution is modify the code of GOsa ! Is simply:

a. In file /usr/share/gosa/plugins/personal/mail/class_mailAccount.inc change these lines:

/* Check quota */
if ($this->gosaMailQuota != '' && chkacl ($this->acl, "gosaMailQuota") == ""){
if (!is_numeric($this->gosaMailQuota)) {
$message[]= _("Value in 'Quota size' is not valid.");
} else {
$this->gosaMailQuota= (int) $this->gosaMailQuota;
}
}

For these lines:

/* Check quota */
//if ($this->gosaMailQuota != '' && chkacl ($this->acl, "gosaMailQuota") == ""){
//if (!is_numeric($this->gosaMailQuota)) {
//$message[]= _("Value in 'Quota size' is not valid.");
//} else {
//$this->gosaMailQuota= (int) $this->gosaMailQuota;
$this->gosaMailQuota= $this->gosaMailQuota;
//}
//}

Note the comment lines. Also, supress (int) in the line that insert the quota value. Now, we can insert correctly the 5000000S value, and Maildrop run perfectly with this.

b.
In file /usr/share/gosa/include/class_mail-methods.inc the function connect need look like this:

function connect($gosaMailServer)
{
return (FALSE);
}

c. In file /usr/share/gosa/include/class_mail-methods.inc the function getQuota need look like this:

function getQuota($folder)
{
$result= array('quotaUsage' => '0', 'gosaMailQuota' => '');
$quota_value = @imap_get_quota($this->mbox, $folder);
return ($result);
}

STEPS FOR INSTALL OPENLDAP REPLICATION

This steps describe in form "kitchen prescription" how to install in diferent servers 2 instances of ldap to gain high availability for the enterprise solution.

1. Configure Openldap master server for replication in /etc/openldap/slapd.conf file

After the indexing options put:


replogfile /var/lib/ldap/replog

replica host=slaveldap:389

binddn="cn=admin,dc=jrios,dc=com,dc=co"

bindmethod=simple credentials="jrios"


2.
Make a "dump" of ldap database to dump.ldif file

# slapcat > /tmp/dump.ldif


3.
Stop the master and slave ldap server


# service ldap stop

4. In the slave server, restore the master ldap dump

# slapadd -b "dc=jrios,dc=com,dc=co" -l dump.ldif -f /etc/openldap/slapd.conf

5. Adjust permissions to database in slave server

# chown ldap:ldap /var/lib/ldap/*

6. In the slave server, put these lines in /etc/openldap/slapd.conf

After the indexing options,

updatedn "cn=admin,dc=jrios,dc=com,co"
updateref ldap://masterldap

7. Start ldap servers, first slave and then master

# service ldap start

Free Hit Counter
Free Counter