LDAP and Claws Mail
From Claws Mail FAQ
Jump to navigationJump to searchLDAP and Claws Mail HOWTO based on Kubuntu (7.10)
Example describes installation and configuration on Ubuntu 7.10 but should be valid for other distributions also. It covers:
- openldap installation and configuration
- claws-mail configuration to use with LDAP
REMOVING OLD INSTALLATION
- In case slapd is already installed, either go to point #CONFIGURATION or reinstall it with commands:
sudo apt-get purge slapd
sudo rm -rf /etc/ldap
- (in case your LDAP configuration is not yet in use)
sudo rm -rf /var/run/slapd
- (in case your LDAP database is not yet filled)
INSTALLATION
- Install slapd:
sudo apt-get install slapd
- during installation Ubuntu usually asks you for ldap admin password - use any - even empty - later we can change it anyway
CONFIGURATION
- make sure to shut down LDAP server after installation:
sudo /etc/init.d/slapd stop
- folder for storing data:
- make directory where your LDAP will store data - by default it is /var/run/slapd but i don't recommend it for backup purposes (in case your root partition is to be reinstalled - OS crashed or whatever - then LDAP db is also vanished - my proposal is to use i.e. directory /home/ldap
sudo mkdir /home/ldap
- Because Ubuntu by default runs slapd daemon as user openldap (created automatically during slapd installation), then we must change the ownership of this directory:
sudo chown -R openldap:openldap /home/ldap
- as an alternative is to change default behaviour of slapd in file /etc/default/slapd the line:
SLAPD_USER="openldap"
- should be changed to:
SLAPD_USER=
- and in this case slapd runs as root and changing ownership is not needed - in this HOWTO we change the ownership to avoid the mismatch with Ubuntu default settings
- main config file creation: /etc/ldap/slapd.conf
- copy current config file:
sudo cp /etc/ldap/slapd.conf /etc/ldap/slapd.conf-org
- create main password for ldap:
slappasswd -s "your_password"
- where "your_password" is any string without quotes of course
- as an output you get for example:
{SSHA}QqvOMErMXSJXRfLdmoIjMHEey129M5Qt
- this is your password encrypted to be used later in config file
- modify configuration file
sudo gedit (or kedit) /etc/ldap/slapd.conf
- and put there (instead of everything what you find there):
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
schemacheck on
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel 0
modulepath /usr/lib/ldap
moduleload back_bdb
backend bdb
checkpoint 512 30
database bdb
suffix "dc=nodomain"
rootdn "cn=admin,dc=nodomain"
rootpw {SSHA}QqvOMErMXSJXRfLdmoIjMHEey129M5Qt
directory "/home/ldap"
index objectClass eq
lastmod on
- create database config file:
sudo gedit (or kedit) /home/ldap/DB_CONFIG
set_cachesize 0 2097152 0
set_lg_bsize 524288
set_lk_max_objects 5000
set_lk_max_locks 5000
set_lk_max_lockers 5000
- these are default settings, not needed to be changed at this point
- if you changed /home/ldap to be owned by openldap user then it must be repeated at this point at least for this created file:
sudo chown openldap:openldap /home/ldap/DB_CONFIG
STARTING LDAP
- start ldap to see if it is working:
sudo /etc/init.d/slapd start
- and check if working:
ps -ef | grep slapd | grep -v grep
- if you see something like this:
openldap 8662 1 0 10:43 ? 00:00:00 /usr/sbin/slapd -g openldap -u openldap
- then this means it works (ldap server)
- if not just start command:
sudo slapd -d 256
- and see any errors which may occur and ... try to find out problem by yourself (use google, or contact me)
FEEDING LDAP WITH INITIAL DATA
- now, ldap is working but empty, lets configure top of it:
gedit (or kedit) /tmp/1.ldif
- and put there:
dn: dc=nodomain
objectclass: dcObject
objectclass: organization
o: My Computer LDAP
dc: nodomain
dn: cn=admin,dc=nodomain
objectclass: organizationalRole
cn: admin
- now import it to ldap:
ldapadd -x -D "cn=admin,dc=nodomain" -W -f /tmp/1.ldif
- it will ask you for your LDAP password
- proper output should be:
Enter LDAP Password:
adding new entry "dc=nodomain"
adding new entry "cn=admin,dc=nodomain"
- in case of password mistake it will be:
ldap_bind: Invalid credentials (49)
- don't repeat this command if successfully imported as it will fail second time saying:
adding new entry "dc=nodomain"
ldap_add: Already exists (68)
- now we can see if imported:
sudo slapcat
- proper output should be:
dn: dc=nodomain
objectClass: dcObject
objectClass: organization
o: My Computer LDAP
dc: nodomain
structuralObjectClass: organization
entryUUID: 35b05380-52e0-102c-8f25-0fc5f46797d9
creatorsName: cn=admin,dc=nodomain
createTimestamp: 20080109092257Z
entryCSN: 20080109092257Z#000000#00#000000
modifiersName: cn=admin,dc=nodomain
modifyTimestamp: 20080109092257Z
dn: cn=admin,dc=nodomain
objectClass: organizationalRole
cn: admin
structuralObjectClass: organizationalRole
entryUUID: 35b335f0-52e0-102c-8f26-0fc5f46797d9
creatorsName: cn=admin,dc=nodomain
createTimestamp: 20080109092257Z
entryCSN: 20080109092257Z#000001#00#000000
modifiersName: cn=admin,dc=nodomain
modifyTimestamp: 20080109092257Z
- you should see 2 records (regardless if ldap is up or not - slapcat prints data from db - not using server deamon)
- adding real data:
- create file /tmp/2.ldif and put in there:
gedit (or kedit) /tmp/1.ldif
- and put there:
dn: cn=Zygfryd Homonto ,dc=nodomain
cn: Zygfryd Homonto
sn: Zygfryd
mail: zyghom@yahoo.co.uk
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
- now import it to ldap:
ldapadd -x -D "cn=admin,dc=nodomain" -W -f /tmp/2.ldif
- proper output should be:
Enter LDAP Password:
adding new entry "cn=Zygfryd Homonto ,dc=nodomain"
- check if imported:
sudo slapcat
- now it should show 3 records
CONFIGURING Claws-Mail
- start claws-mail
- go to Addressbook->Menu: Book->New LDAP Server and there:
Name: any name, i.e. Myserver hostname: localhost Port: 389 TLS: not CHECKED SSL: not CHECKED
- then press button "Check server"
- claws should fill the field: "Search Base" by: "dc=nodomain" by itself and in the bottom should say: "Connected successfully to server"
- now go to tab "Extended" and there"
Bind DN: cn=admin,dc=nodomain Bind Password: password
- Then tab "Search"
Search Attributes: mail, cn, givenName, sn, displayName Max Query Age: 600 Include server in dynamic search: CHECKED Match names containing... CHECKED
ok, claws should be ready to cooperate with LDAP in addressbook you should see now "Myserver" under LDAP Servers go to field "Lookup name" and type i.e. homonto and press Find you should see my name there
AUTOMATIC LDAP CREATION AND CONFIGURATION
- If you are brave enough (joke) you can use the script I prepared. It does all steps mentioned above (except reconfiguring claws-mail: this one must do by himself).
- Just save all lines to text file, i.e:
gedit (or kedit) /tmp/ldap.sh
- and make it executable:
chmod +x /tmp/ldap.sh
- Then run the script:
sudo /tmp/ldap.sh
- when asked for LDAP password just pres Enter - it is later changed by script to "password" (without quotes)
#!/bin/bash
datka=`date '+%Y%m%d_%H%M'`
echo purging existing LDAP...
cp /etc/default/slapd /etc/default/slapd_$datka
cp /etc/ldap/slapd.conf /etc/ldap/slapd.conf_$datka
apt-get purge slapd
mv /etc/ldap /etc/ldap_$datka
mv /var/run/slapd /var/run/slapd_$datka
mv /home/ldap /home/ldap_$datka
mv /etc/default/slapd /etc/default/slapd_$datka
apt-get install slapd
echo stopping LDAP...
/etc/init.d/slapd stop
echo preparing folder...
mkdir /home/ldap
chown -R openldap:openldap /home/ldap
ls -la /home/ldap
echo configuring slapd.conf...
mv /etc/ldap/slapd.conf /etc/ldap/slapd.conf-org_$datka
cat > /etc/ldap/slapd.conf << "EOF"
#-------------------------------------------------------
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
schemacheck on
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel 0
modulepath /usr/lib/ldap
moduleload back_bdb
backend bdb
checkpoint 512 30
database bdb
suffix "dc=nodomain"
rootdn "cn=admin,dc=nodomain"
rootpw {SSHA}A05/lroKS5fDHnBXn56I9BI84L5lDOhX
directory "/home/ldap"
index objectClass eq
lastmod on
#-------------------------------------------------------
EOF
echo configuring DB_CONFIG...
cat > /home/ldap/DB_CONFIG << "EOF"
#-------------------------------------------------------
set_cachesize 0 2097152 0
set_lg_bsize 524288
set_lk_max_objects 5000
set_lk_max_locks 5000
set_lk_max_lockers 5000
#-------------------------------------------------------
EOF
chown openldap:openldap /home/ldap/DB_CONFIG
chmod -R 700 /home/ldap
ls -la /home/ldap
echo starting LDAP...
/etc/init.d/slapd start
if `ps -ef | grep '/usr/sbin/slapd -g openldap -u openldap' | grep -v grep > /dev/null 2>&1` ; then
echo LDAP seems to be working
ps -ef | grep '/usr/sbin/slapd -g openldap -u openldap' | grep -v grep
else
echo Some errors here, exiting...
exit
fi
echo feeding top data in LDAP...
cat > /tmp/1.ldif << "EOF"
#------------------------------
dn: dc=nodomain
objectclass: dcObject
objectclass: organization
o: My Computer LDAP
dc: nodomain
dn: cn=admin,dc=nodomain
objectclass: organizationalRole
cn: admin
#------------------------------
EOF
ldapadd -x -D "cn=admin,dc=nodomain" -w password -f /tmp/1.ldif
echo checking data in LDAP...
slapcat
echo adding example data to LDAP...
cat > /tmp/2.ldif << "EOF"
#------------------------------
dn: cn=Zygfryd Homonto ,dc=nodomain
cn: Zygfryd Homonto
sn: Zygfryd
mail: zyghom@yahoo.co.uk
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
#------------------------------
EOF
ldapadd -x -D "cn=admin,dc=nodomain" -w password -f /tmp/2.ldif
echo checking data in LDAP...
if ` slapcat | grep omonto | grep -v grep > /dev/null 2>&1` ; then
slapcat
echo " "
echo LDAP seems to be working
else
echo Some errors here, exiting...
exit
fi
echo "all data is here: /home/ldap..."
ls -la /home/ldap
GUARANTEE AND RESPONSIBILITY
- sorry but nothing like this
- in case of problems you can contact me by mail: zyghomATyahooDOTcoDOTuk