Difference between revisions of "LDAP and Claws Mail"

From Claws Mail FAQ
Jump to: navigation, search
Line 113: Line 113:
:in case of password mistake it will be:
:in case of password mistake it will be:
:<pre>ldap_bind: Invalid credentials (49)</pre>
:<pre>ldap_bind: Invalid credentials (49)</pre>
don't repeat this command if sucessfully imported as it will fail second time saying:  
:<b>don't repeat this command</b> if sucessfully imported as it will fail second time saying:  
adding new entry "dc=nodomain"
adding new entry "dc=nodomain"
ldap_add: Already exists (68)
ldap_add: Already exists (68)

Revision as of 15:50, 9 January 2008


LDAP and Claws Mail HOWTO based on Kubuntu (7.10)

Exaple describes installation and configuration on Ubuntu 7.10 but should be valid for other distributions also. It covers:

  • openldap installation and configuration
  • claws-mail configuration to use with LDAP


  • In case slapd is already installed, either go to point 4 or reinstall it with commands:
sudo apt-get purge slapd
sudo rm -rf /etc/ldap
(in case your LDAP configuration is not yet in use)
sudo rm -rf /var/run/slapd
(in case your LDAP database is not yet filled)


  • Install slapd:
sudo apt-get install slapd
during installation ubuntu usually asks you for ldap admin password - use any - even empty - later we can change it anyway


  • make sure to shut down LDAP server after installation:
sudo /etc/init.d/slapd stop
  • folder for storing data:
make directory where you LDAP will store data - by default it is /var/run/slapd bud I don't recommend it for backup purposes (in case your root partition is to be reinstalled - OS crashed or whatever - then LDAP db is also vanished - my proposal is to use i.e. directory /home/ldap
sudo mkdir /home/ldap
Because Ubuntu by default runs slapd daemon as user openldap (created automatically during slapd installation), then we must change the ownership of this directory:
sudo chown -R openldap:openldap /home/ldap
as an alternative is to change default behaviour of slapd in file /etc/default/slapd the line:
should be changed to:
and in this case slapd runs as root and changing ownership is not needed - in this HOWTO we change the ownership to avoid the mismatch with Ubuntu default settings
  • main config file creation: /etc/ldap/slapd.conf
copy current config file:
sudo cp /etc/ldap/slapd.conf /etc/ldap/slapd.conf-org
create main password for ldap:
slappasswd -s "your_password"
where "your_password" is any string without quotes of course
as an output you get for example:
this is your password encrypted to be used later in config file
modify configuration file
sudo gedit (or kedit) /etc/ldap/slapd.conf
and put there (instead of everything what you find there):
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
schemacheck     on
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        0
modulepath	/usr/lib/ldap
moduleload	back_bdb
backend		bdb
checkpoint 512 30

database        bdb
suffix          "dc=nodomain"
rootdn          "cn=admin,dc=nodomain"
rootpw		here_output_of_your_password i.e. {SSHA}QqvOMErMXSJXRfLdmoIjMHEey129M5Qt
directory       "/home/ldap"
index           objectClass eq
lastmod         on
create database config file:
sudo gedit (or kedit) /home/ldap/DB_CONFIG 
set_cachesize 	0	2097152		0
set_lg_bsize	524288
set_lk_max_objects      5000
set_lk_max_locks        5000
set_lk_max_lockers	5000
these are default settings, not needed to be changed at this point
if you changde /home/ldap to be owned by openldap user then it must be repeated at this point at least for this created file:
sudo chown openldap:openldap /home/ldap/DB_CONFIG


  • start ldap to see if it is working:
sudo /etc/init.d/slapd start
and check if working:
ps -ef | grep slapd  | grep -v grep
if you see something like this:
openldap  8662     1  0 10:43 ?        00:00:00 /usr/sbin/slapd -g openldap -u openldap
then this means it works (ldap server)
if not just start command:
sudo slapd -d 256 
and see any errors which may occure and ... try to find out problem by yourself (use google, or contact me)


  • now, ldap is working but empty, lets configure top of it:
gedit (or kedit) /tmp/1.ldif  
and put there:
dn: dc=nodomain
objectclass: dcObject
objectclass: organization
o: My Computer LDAP
dc: nodomain

dn: cn=admin,dc=nodomain
objectclass: organizationalRole
cn: admin
  • now import it to ldap:
ldapadd -x -D "cn=admin,dc=nodomain" -W -f /tmp/1.ldif
it will ask you for your LDAP password
proper output should be:
Enter LDAP Password: 
adding new entry "dc=nodomain"

adding new entry "cn=admin,dc=nodomain"
in case of password mistake it will be:
ldap_bind: Invalid credentials (49)
don't repeat this command if sucessfully imported as it will fail second time saying:
adding new entry "dc=nodomain"
ldap_add: Already exists (68)