LDAP and Claws Mail HOWTO based on Kubuntu (7.10)

Exaple describes installation and configuration on Ubuntu 7.10 but should be valid for other distributions also. It covers:

• openldap installation and configuration
• claws-mail configuration to use with LDAP

REMOVING OLD INSTALLATION

• In case slapd is already installed, either go to point 4 or reinstall it with commands:

sudo apt-get purge slapd

sudo rm -rf /etc/ldap

(in case your LDAP configuration is not yet in use)

sudo rm -rf /var/run/slapd

(in case your LDAP database is not yet filled)

INSTALLATION

• Install slapd:

sudo apt-get install slapd

during installation ubuntu usually asks you for ldap admin password - use any - even empty - later we can change it anyway

CONFIGURATION

• make sure to shut down LDAP server after installation:

sudo /etc/init.d/slapd stop

• folder for storing data:

make directory where you LDAP will store data - by default it is /var/run/slapd bud I don't recommend it for backup purposes (in case your root partition is to be reinstalled - OS crashed or whatever - then LDAP db is also vanished - my proposal is to use i.e. directory /home/ldap

sudo mkdir /home/ldap

Because Ubuntu by default runs slapd daemon as user openldap (created automatically during slapd installation), then we must change the ownership of this directory:

sudo chown -R openldap:openldap /home/ldap

as an alternative is to change default behaviour of slapd in file /etc/default/slapd the line:

SLAPD_USER="openldap"

should be changed to:

SLAPD_USER=

and in this case slapd runs as root and changing ownership is not needed - in this HOWTO we change the ownership to avoid the mismatch with Ubuntu default settings

• main config file creation: /etc/ldap/slapd.conf

copy current config file:

sudo cp /etc/ldap/slapd.conf /etc/ldap/slapd.conf-org

create main password for ldap:

slappasswd -s "your_password"

where "your_password" is any string without quotes of course

as an output you get for example:

{SSHA}QqvOMErMXSJXRfLdmoIjMHEey129M5Qt

this is your password encrypted to be used later in config file

modify configuration file

sudo gedit (or kedit) /etc/ldap/slapd.conf

and put there (instead of everything what you find there):

include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
schemacheck     on
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        0
modulepath	/usr/lib/ldap
moduleload	back_bdb
backend		bdb
checkpoint 512 30

database        bdb
suffix          "dc=nodomain"
rootdn          "cn=admin,dc=nodomain"
rootpw		here_output_of_your_password i.e. {SSHA}QqvOMErMXSJXRfLdmoIjMHEey129M5Qt
directory       "/home/ldap"
index           objectClass eq
lastmod         on

create database config file:

sudo gedit (or kedit) /home/ldap/DB_CONFIG 

set_cachesize 	0	2097152		0
set_lg_bsize	524288
set_lk_max_objects      5000
set_lk_max_locks        5000
set_lk_max_lockers	5000

these are default settings, not needed to be changed at this point

if you changde /home/ldap to be owned by openldap user then it must be repeated at this point at least for this created file:

sudo chown openldap:openldap /home/ldap/DB_CONFIG

STARTING LDAP

• start ldap to see if it is working:

sudo /etc/init.d/slapd start

and check if working:

ps -ef | grep slapd  | grep -v grep

if you see something like this:

openldap  8662     1  0 10:43 ?        00:00:00 /usr/sbin/slapd -g openldap -u openldap

then this means it works (ldap server)

if not just start command:

sudo slapd -d 256 

and see any errors which may occure and ... try to find out problem by yourself (use google, or contact me)

FEEDING LDAP WITH INITIAL DATA

• now, ldap is working but empty, lets configure top of it:

gedit (or kedit) /tmp/1.ldif  

and put there:

dn: dc=nodomain
objectclass: dcObject
objectclass: organization
o: My Computer LDAP
dc: nodomain

dn: cn=admin,dc=nodomain
objectclass: organizationalRole
cn: admin

• now import it to ldap:

ldapadd -x -D "cn=admin,dc=nodomain" -W -f /tmp/1.ldif

it will ask you for your LDAP password

proper output should be:

Enter LDAP Password: 
adding new entry "dc=nodomain"

adding new entry "cn=admin,dc=nodomain"

in case of password mistake it will be:

ldap_bind: Invalid credentials (49)

don't repeat this command if sucessfully imported as it will fail second time saying:

adding new entry "dc=nodomain"
ldap_add: Already exists (68)

• now we can see if imported:

sudo slapcat 

proper output should be:

dn: dc=nodomain
objectClass: dcObject
objectClass: organization
o: My Computer LDAP
dc: nodomain
structuralObjectClass: organization
entryUUID: 35b05380-52e0-102c-8f25-0fc5f46797d9
creatorsName: cn=admin,dc=nodomain
createTimestamp: 20080109092257Z
entryCSN: 20080109092257Z#000000#00#000000
modifiersName: cn=admin,dc=nodomain
modifyTimestamp: 20080109092257Z

dn: cn=admin,dc=nodomain
objectClass: organizationalRole
cn: admin
structuralObjectClass: organizationalRole
entryUUID: 35b335f0-52e0-102c-8f26-0fc5f46797d9
creatorsName: cn=admin,dc=nodomain
createTimestamp: 20080109092257Z
entryCSN: 20080109092257Z#000001#00#000000
modifiersName: cn=admin,dc=nodomain
modifyTimestamp: 20080109092257Z

you should see 2 records (regardless if ldap is up or not - slapcat prints data from db - not using server deamon)

• adding real data:

create file /tmp/2.ldif and put in there:

gedit (or kedit) /tmp/1.ldif  

and put there:

dn: cn=Zygfryd Homonto ,dc=nodomain
cn: Zygfryd Homonto
sn: Zygfryd 
mail: zyghom@yahoo.co.uk
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson

now import it to ldap:

ldapadd -x -D "cn=admin,dc=nodomain" -W -f /tmp/2.ldif

proper output should be:

Enter LDAP Password: 
adding new entry "cn=Zygfryd Homonto ,dc=nodomain"