1

Topic: new installation of iRedMail to authenticate off existing openLDAP

Hi,

I'm trying to get a fresh installation of iRedMail to authenticate and store all it's information in an existing openLDAP database where a samba PDC already authenticates.

The openLDAP installation was done according to this document.

and works as expected.

Both machines are running Ubuntu 10.04.1 LTS.

From what I understand,my first order of business should be to install the schemas that iRedMail needs. I understand these to be:

include /etc/ldap/schema/amavis.schema
include /etc/ldap/schema/iredmail.schema

Before installation, they need to be converted to .ldif. I've done this through the following process:

slaptest -f convert.conf -F .
/etc/ldap/schema/iredmail.schema: line 335 objectclass: AttributeType not found: "streetAddress"

with just the two schema files that I'm missing. That didn't work. It seems that I need the rest of the schema files.

So now, with 'all' the files I get:

slaptest -f convert.conf -F .
/etc/ldap/schema/iredmail.schema: line 208 attributetype: Inconsistent duplicate attributeType: "mailHost"

Aha!

root@filserver1:/etc/ldap/schema# grep -H mailHost *
iredmail.schema:attributetype ( 1.3.6.1.4.1.32349.1.2.2.7 NAME 'mailHost'
iredmail.schema:        userPassword $ mailHost $ mailUID $ mailGID $
misc.ldif:olcAttributeTypes: ( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'FQDN of
misc.ldif: s $ mailHost $ mailRoutingAddress ) )
misc.schema:    NAME 'mailHost'
misc.schema:    MAY    ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )

tells me that misc.schema is to be blamed.

So I removed it from convert.conf, and

root@filserver1:~/iredconf.narf# slaptest -f convert.conf -F .
config file testing succeeded

Now it turns out that all the resulting ldiff files have numbers, I suppose my question is -will importing these break my current ldap configuration - or can I just import

cn={12}amavis.ldif
cn={13}iredmail.ldif

Several guides on the internet specify removing parts of these files before importing them:

(from the samba guide above)

slapcat will generate a file "~/cn\=samba.ldif". Edit this file;

vi ~/cn\=samba.ldif

and change the following attributes:

dn: cn={12}samba,cn=schema,cn=config
...
cn: {12}samba

to

dn: cn=samba,cn=schema,cn=config
...
cn: samba

Also, remove all these lines at the bottom of the file.

structuralObjectClass: olcSchemaConfig
entryUUID: 99e797a8-07cb-102f-8c5c-739a8467e607
creatorsName: cn=config
createTimestamp: 20100609043122Z
entryCSN: 20100609043122.188753Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20100609043122Z

and from a linuxquestions forum post:

4. Edit the /tmp/ldif_output/cn=config/cn=schema/cn={8}misc.ldif file, changing the following attributes:

dn: cn=misc,cn=schema,cn=config
...
cn: misc

And remove the following lines from the bottom of the file:

structuralObjectClass: olcSchemaConfig
entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757
creatorsName: cn=config
createTimestamp: 20080826021140Z
entryCSN: 20080826021140.791425Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20080826021140Z

Note:

The attribute values will vary, just be sure the attributes are removed.

My question is - have I succeeded with the schema conversion - should I just try adding the ones that I need cn={13}iredmail.ldif and cn={12}amavis.ldif, or should I add them all? Do they need to be edited first.

Sorry for the trillion questions, but I'm trying to figure out how LDAP ties everything together - especially without an slapd.conf file... hmm

Thanks for any assistance/insight/rants,

Richard.