Difference between revisions of "LDAP and Claws Mail"
From Claws Mail FAQ
Jump to navigationJump to search| Line 1: | Line 1: | ||
| − | Simple HOWTO based on Kubuntu (7.10) and | + | =Simple HOWTO based on Kubuntu (7.10)= |
| + | |||
| + | Exaple describes installation and configuration on Ubuntu 7.10 but should be valid for other distributions also. | ||
| + | It covers: | ||
| + | * openldap installation and configuration | ||
| + | * claws-mail configuration to use with LDAP | ||
| + | ==REMOVING OLD INSTALLATION== | ||
| + | *In case slapd is already installed, either go to point 4 or reinstall it with commands: | ||
| + | :<pre>sudo apt-get purge slapd</pre> | ||
| + | :<pre>sudo rm -rf /etc/ldap</pre> | ||
| + | ::<i>(in case your LDAP configuration is not yet in use)</i> | ||
| + | :<pre>sudo rm -rf /var/run/slapd</pre> | ||
| + | ::<i>(in case your LDAP database is not yet filled)</i> | ||
| + | ==INSTALLATION== | ||
| + | *Install slapd: | ||
| + | :<pre>sudo apt-get install slapd</pre> | ||
| + | :during installation ubuntu usually asks you for ldap admin password - use any - even empty - later we can change it anyway | ||
| + | |||
| + | ==CONFIGURATION== | ||
| + | *make sure to shut down LDAP server after installation: | ||
| + | :<pre>sudo /etc/init.d/slapd stop</pre> | ||
| + | *folder for storing data: | ||
| + | :make directory where you LDAP will store data - by default it is /var/run/slapd bud I don't recommend it for backup purposes (in case your root partition is to be reinstalled - OS crashed or whatever - then LDAP db is also vanished - my proposal is to use i.e. directory /home/ldap | ||
| + | ::<pre>sudo mkdir /home/ldap</pre> | ||
| + | :Because Ubuntu by default runs slapd daemon as user openldap (created automatically during slapd installation), then we must change the ownership of this directory: | ||
| + | ::<pre>sudo chown -R openldap:openldap /home/ldap</pre> | ||
| + | :as an alternative is to change default behaviour of slapd in file /etc/default/slapd the line: | ||
| + | ::<pre>SLAPD_USER="openldap"</pre> | ||
| + | :should be changed to: | ||
| + | ::<pre>SLAPD_USER=</pre> | ||
| + | :and in this case slapd runs as root and changing ownership is not needed - in this HOWTO we change the ownership to avoid the mismatch with Ubuntu default settings | ||
| + | *main config file creation: /etc/ldap/slapd.conf | ||
| + | :copy current config file: | ||
| + | ::<pre>sudo cp /etc/ldap/slapd.conf /etc/ldap/slapd.conf-org</pre> | ||
| + | :create main password for ldap: | ||
| + | ::<pre>slappasswd -s "your_password"</pre> | ||
| + | ::<i>where "your_password" is any string without quotes of course</i> | ||
| + | :as an output you get for example: | ||
| + | ::<pre>{SSHA}QqvOMErMXSJXRfLdmoIjMHEey129M5Qt</pre> | ||
| + | ::<i>this is your password encrypted to be used later in config file</i> | ||
| + | :modify configuration file | ||
| + | ::<pre>sudo gedit (or kedit) /etc/ldap/slapd.conf</pre> | ||
| + | :and put there (instead of everything what you find there): | ||
| + | <code><pre> | ||
| + | include /etc/ldap/schema/core.schema | ||
| + | include /etc/ldap/schema/cosine.schema | ||
| + | include /etc/ldap/schema/nis.schema | ||
| + | include /etc/ldap/schema/inetorgperson.schema | ||
| + | schemacheck on | ||
| + | pidfile /var/run/slapd/slapd.pid | ||
| + | argsfile /var/run/slapd/slapd.args | ||
| + | loglevel 0 | ||
| + | modulepath /usr/lib/ldap | ||
| + | moduleload back_bdb | ||
| + | backend bdb | ||
| + | checkpoint 512 30 | ||
| + | |||
| + | database bdb | ||
| + | suffix "dc=nodomain" | ||
| + | rootdn "cn=admin,dc=nodomain" | ||
| + | rootpw here_output_of_your_password i.e. {SSHA}QqvOMErMXSJXRfLdmoIjMHEey129M5Qt | ||
| + | directory "/home/ldap" | ||
| + | index objectClass eq | ||
| + | lastmod on | ||
| + | </pre></code> | ||
| + | :create database config file: | ||
| + | ::<pre>sudo gedit (or kedit) /home/ldap/DB_CONFIG </pre> | ||
| + | <code><pre> | ||
| + | set_cachesize 0 2097152 0 | ||
| + | set_lg_bsize 524288 | ||
| + | set_lk_max_objects 5000 | ||
| + | set_lk_max_locks 5000 | ||
| + | set_lk_max_lockers 5000 | ||
| + | </pre></code> | ||
| + | :these are default settings, not needed to change at this point | ||
| + | :if you changde /home/ldap to be owned by openldap user then it must be repeated at this point at least for this created file: | ||
| + | ::<pre>sudo chown openldap:openldap /home/ldap/DB_CONFIG</pre> | ||
| + | ==STARTING LDAP== | ||
Revision as of 13:33, 9 January 2008
Simple HOWTO based on Kubuntu (7.10)
Exaple describes installation and configuration on Ubuntu 7.10 but should be valid for other distributions also. It covers:
- openldap installation and configuration
- claws-mail configuration to use with LDAP
REMOVING OLD INSTALLATION
- In case slapd is already installed, either go to point 4 or reinstall it with commands:
sudo apt-get purge slapd
sudo rm -rf /etc/ldap
- (in case your LDAP configuration is not yet in use)
sudo rm -rf /var/run/slapd
- (in case your LDAP database is not yet filled)
INSTALLATION
- Install slapd:
sudo apt-get install slapd
- during installation ubuntu usually asks you for ldap admin password - use any - even empty - later we can change it anyway
CONFIGURATION
- make sure to shut down LDAP server after installation:
sudo /etc/init.d/slapd stop
- folder for storing data:
- make directory where you LDAP will store data - by default it is /var/run/slapd bud I don't recommend it for backup purposes (in case your root partition is to be reinstalled - OS crashed or whatever - then LDAP db is also vanished - my proposal is to use i.e. directory /home/ldap
sudo mkdir /home/ldap
- Because Ubuntu by default runs slapd daemon as user openldap (created automatically during slapd installation), then we must change the ownership of this directory:
sudo chown -R openldap:openldap /home/ldap
- as an alternative is to change default behaviour of slapd in file /etc/default/slapd the line:
SLAPD_USER="openldap"
- should be changed to:
SLAPD_USER=
- and in this case slapd runs as root and changing ownership is not needed - in this HOWTO we change the ownership to avoid the mismatch with Ubuntu default settings
- main config file creation: /etc/ldap/slapd.conf
- copy current config file:
sudo cp /etc/ldap/slapd.conf /etc/ldap/slapd.conf-org
- create main password for ldap:
slappasswd -s "your_password"
- where "your_password" is any string without quotes of course
- as an output you get for example:
{SSHA}QqvOMErMXSJXRfLdmoIjMHEey129M5Qt- this is your password encrypted to be used later in config file
- modify configuration file
sudo gedit (or kedit) /etc/ldap/slapd.conf
- and put there (instead of everything what you find there):
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
schemacheck on
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel 0
modulepath /usr/lib/ldap
moduleload back_bdb
backend bdb
checkpoint 512 30
database bdb
suffix "dc=nodomain"
rootdn "cn=admin,dc=nodomain"
rootpw here_output_of_your_password i.e. {SSHA}QqvOMErMXSJXRfLdmoIjMHEey129M5Qt
directory "/home/ldap"
index objectClass eq
lastmod on
- create database config file:
sudo gedit (or kedit) /home/ldap/DB_CONFIG
set_cachesize 0 2097152 0
set_lg_bsize 524288
set_lk_max_objects 5000
set_lk_max_locks 5000
set_lk_max_lockers 5000
- these are default settings, not needed to change at this point
- if you changde /home/ldap to be owned by openldap user then it must be repeated at this point at least for this created file:
sudo chown openldap:openldap /home/ldap/DB_CONFIG
