Difference between revisions of "LDAP and Claws Mail"

From Claws Mail FAQ
Jump to: navigation, search
Line 1: Line 1:
Simple HOWTO based on Kubuntu (7.10) and Arch Linux (2007.08.2 Core Dump - 2007.12.30)
+
=Simple HOWTO based on Kubuntu (7.10)=
 +
 
 +
Exaple describes installation and configuration on Ubuntu 7.10 but should be valid for other distributions also.
 +
It covers:
 +
* openldap installation and configuration
 +
* claws-mail configuration to use with LDAP
 +
==REMOVING OLD INSTALLATION==
 +
*In case slapd is already installed, either go to point 4 or reinstall it with commands:
 +
:<pre>sudo apt-get purge slapd</pre>
 +
:<pre>sudo rm -rf /etc/ldap</pre>
 +
::<i>(in case your LDAP configuration is not yet in use)</i>
 +
:<pre>sudo rm -rf /var/run/slapd</pre>
 +
::<i>(in case your LDAP database is not yet filled)</i>
 +
==INSTALLATION==
 +
*Install slapd:
 +
:<pre>sudo apt-get install slapd</pre>
 +
:during installation ubuntu usually asks you for ldap admin password - use any - even empty - later we can change it anyway
 +
 
 +
==CONFIGURATION==
 +
*make sure to shut down LDAP server after installation:
 +
:<pre>sudo /etc/init.d/slapd stop</pre>
 +
*folder for storing data:
 +
:make directory where you LDAP will store data - by default it is /var/run/slapd bud I don't recommend it for backup purposes (in case your root partition is to be reinstalled - OS crashed or whatever - then LDAP db is also vanished - my proposal is to use i.e. directory /home/ldap
 +
::<pre>sudo mkdir /home/ldap</pre>
 +
:Because Ubuntu by default runs slapd daemon as user openldap (created automatically during slapd installation), then we must change the ownership of this directory:
 +
::<pre>sudo chown -R openldap:openldap /home/ldap</pre>
 +
:as an alternative is to change default behaviour of slapd in file /etc/default/slapd the line:
 +
::<pre>SLAPD_USER="openldap"</pre>
 +
:should be changed to:
 +
::<pre>SLAPD_USER=</pre>
 +
:and in this case slapd runs as root and changing ownership is not needed - in this HOWTO we change the ownership to avoid the mismatch with Ubuntu default settings
 +
*main config file creation: /etc/ldap/slapd.conf
 +
:copy current config file:
 +
::<pre>sudo cp /etc/ldap/slapd.conf /etc/ldap/slapd.conf-org</pre>
 +
:create main password for ldap:
 +
::<pre>slappasswd -s "your_password"</pre>
 +
::<i>where  "your_password" is any string without quotes of course</i>
 +
:as an output you get for example:
 +
::<pre>{SSHA}QqvOMErMXSJXRfLdmoIjMHEey129M5Qt</pre>
 +
::<i>this is your password encrypted to be used later in config file</i>
 +
:modify configuration file
 +
::<pre>sudo gedit (or kedit) /etc/ldap/slapd.conf</pre>
 +
:and put there (instead of everything what you find there):
 +
<code><pre>
 +
include        /etc/ldap/schema/core.schema
 +
include        /etc/ldap/schema/cosine.schema
 +
include        /etc/ldap/schema/nis.schema
 +
include        /etc/ldap/schema/inetorgperson.schema
 +
schemacheck    on
 +
pidfile        /var/run/slapd/slapd.pid
 +
argsfile        /var/run/slapd/slapd.args
 +
loglevel        0
 +
modulepath /usr/lib/ldap
 +
moduleload back_bdb
 +
backend bdb
 +
checkpoint 512 30
 +
 
 +
database        bdb
 +
suffix          "dc=nodomain"
 +
rootdn          "cn=admin,dc=nodomain"
 +
rootpw here_output_of_your_password i.e. {SSHA}QqvOMErMXSJXRfLdmoIjMHEey129M5Qt
 +
directory      "/home/ldap"
 +
index          objectClass eq
 +
lastmod        on
 +
</pre></code>
 +
:create database config file:
 +
::<pre>sudo gedit (or kedit) /home/ldap/DB_CONFIG </pre>
 +
<code><pre>
 +
set_cachesize 0 2097152 0
 +
set_lg_bsize 524288
 +
set_lk_max_objects      5000
 +
set_lk_max_locks        5000
 +
set_lk_max_lockers 5000
 +
</pre></code>
 +
:these are default settings, not needed to change at this point
 +
:if you changde /home/ldap to be owned by openldap user then it must be repeated at this point at least for this created file:
 +
::<pre>sudo chown openldap:openldap /home/ldap/DB_CONFIG</pre>
 +
==STARTING LDAP==

Revision as of 15:33, 9 January 2008

Contents

Simple HOWTO based on Kubuntu (7.10)

Exaple describes installation and configuration on Ubuntu 7.10 but should be valid for other distributions also. It covers:

  • openldap installation and configuration
  • claws-mail configuration to use with LDAP

REMOVING OLD INSTALLATION

  • In case slapd is already installed, either go to point 4 or reinstall it with commands:
sudo apt-get purge slapd
sudo rm -rf /etc/ldap
(in case your LDAP configuration is not yet in use)
sudo rm -rf /var/run/slapd
(in case your LDAP database is not yet filled)

INSTALLATION

  • Install slapd:
sudo apt-get install slapd
during installation ubuntu usually asks you for ldap admin password - use any - even empty - later we can change it anyway

CONFIGURATION

  • make sure to shut down LDAP server after installation:
sudo /etc/init.d/slapd stop
  • folder for storing data:
make directory where you LDAP will store data - by default it is /var/run/slapd bud I don't recommend it for backup purposes (in case your root partition is to be reinstalled - OS crashed or whatever - then LDAP db is also vanished - my proposal is to use i.e. directory /home/ldap
sudo mkdir /home/ldap
Because Ubuntu by default runs slapd daemon as user openldap (created automatically during slapd installation), then we must change the ownership of this directory:
sudo chown -R openldap:openldap /home/ldap
as an alternative is to change default behaviour of slapd in file /etc/default/slapd the line:
SLAPD_USER="openldap"
should be changed to:
SLAPD_USER=
and in this case slapd runs as root and changing ownership is not needed - in this HOWTO we change the ownership to avoid the mismatch with Ubuntu default settings
  • main config file creation: /etc/ldap/slapd.conf
copy current config file:
sudo cp /etc/ldap/slapd.conf /etc/ldap/slapd.conf-org
create main password for ldap:
slappasswd -s "your_password"
where "your_password" is any string without quotes of course
as an output you get for example:
{SSHA}QqvOMErMXSJXRfLdmoIjMHEey129M5Qt
this is your password encrypted to be used later in config file
modify configuration file
sudo gedit (or kedit) /etc/ldap/slapd.conf
and put there (instead of everything what you find there):
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
schemacheck     on
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        0
modulepath	/usr/lib/ldap
moduleload	back_bdb
backend		bdb
checkpoint 512 30

database        bdb
suffix          "dc=nodomain"
rootdn          "cn=admin,dc=nodomain"
rootpw		here_output_of_your_password i.e. {SSHA}QqvOMErMXSJXRfLdmoIjMHEey129M5Qt
directory       "/home/ldap"
index           objectClass eq
lastmod         on
create database config file:
sudo gedit (or kedit) /home/ldap/DB_CONFIG 
set_cachesize 	0	2097152		0
set_lg_bsize	524288
set_lk_max_objects      5000
set_lk_max_locks        5000
set_lk_max_lockers	5000
these are default settings, not needed to change at this point
if you changde /home/ldap to be owned by openldap user then it must be repeated at this point at least for this created file:
sudo chown openldap:openldap /home/ldap/DB_CONFIG

STARTING LDAP