Addition/OpenLDAP/Personal LDAP Address Book
From iRedMail
(Difference between revisions)
(→Test) |
(→Note to iRedAdmin-Pro-LDAP customers) |
||
| (11 intermediate revisions not shown) | |||
| Line 2: | Line 2: | ||
= Summary = | = Summary = | ||
| + | Per-user personal LDAP address book allow user to store their personal contacts in LDAP instead of MySQL. | ||
| + | |||
| + | Contact will have 4 LDAP attributes: | ||
| + | * cn: Common name. | ||
| + | * givenName: First name. | ||
| + | * sn: Last name. | ||
| + | * mail: Email address. | ||
| + | |||
| + | Only '''cn''' and '''mail''' are required. | ||
= Configure OpenLDAP = | = Configure OpenLDAP = | ||
| + | |||
| + | We need to modify OpenLDAP server setting, add a new access control to allow user add or update their personal contacts. | ||
| + | |||
| + | Open OpenLDAP config file '''slapd.conf''', it could be one of below: | ||
| + | * RHEL/CentOS/OpenSuSE: /etc/openldap/slapd.conf | ||
| + | * Debian/Ubuntu: /etc/ldap/slapd.conf | ||
| + | * FreeBSD: /usr/local/etc/openldap/slapd.conf | ||
| + | |||
| + | Find this line: | ||
| + | {{cfg|slapd.conf|<pre> | ||
| + | access to attrs="userPassword,mailForwardingAddress" | ||
| + | </pre>}} | ||
| + | |||
| + | Then add below lines ABOVE it ('''NOTE''': You must replace '''dc=iredmail,dc=org''' by your own LDAP suffix below): | ||
| + | {{cfg|slapd.conf|<pre> | ||
| + | access to dn.regex="cn=[^,]+,mail=([^,]+)@([^,]+),ou=Users,domainName=([^,]+),o=domains,dc=iredmail,dc=org$" | ||
| + | by anonymous none | ||
| + | by self none | ||
| + | by dn.exact="cn=vmail,dc=iredmail,dc=org" read | ||
| + | by dn.exact="cn=vmailadmin,dc=iredmail,dc=org" write | ||
| + | by dn.regex="mail=$1@$2,ou=Users,domainName=$3,o=domains,dc=iredmail,dc=org$" write | ||
| + | by users none | ||
| + | </pre>}} | ||
| + | |||
| + | The final result looks like below: | ||
| + | {{cfg|slapd.conf|<pre> | ||
| + | access to dn.regex="cn=[^,]+,mail=([^,]+)@([^,]+),ou=Users,domainName=([^,]+),o=domains,dc=iredmail,dc=org$" | ||
| + | by anonymous none | ||
| + | by self none | ||
| + | by dn.exact="cn=vmail,dc=iredmail,dc=org" read | ||
| + | by dn.exact="cn=vmailadmin,dc=iredmail,dc=org" write | ||
| + | by dn.regex="mail=$1@$2,ou=Users,domainName=$3,o=domains,dc=iredmail,dc=org$" write | ||
| + | by users none | ||
| + | |||
| + | access to attrs="userPassword,mailForwardingAddress" | ||
| + | [...SKIP OTHER LINES HERE...] | ||
| + | </pre>}} | ||
| + | |||
| + | Restart OpenLDAP service to make it work. | ||
= Configure Roundcube Webmail = | = Configure Roundcube Webmail = | ||
| + | |||
| + | Open Roundcube webmail config file '''main.inc.php''', it could be one of below: | ||
| + | * RHEL/CentOS: /var/www/roundcubemail/config/main.inc.php | ||
| + | * Debian/Ubuntu: /usr/share/apache2/roundcubemail/config/main.inc.php | ||
| + | * OpenSuSE: /srv/www/roundcubemail/config/main.inc.php | ||
| + | * FreeBSD: /usr/local/www/roundcubemail/main.inc.php | ||
| + | |||
| + | Add below lines before the last line "'''?>'''" ('''NOTE''': You must replace '''dc=iredmail,dc=org''' by your own LDAP suffix below): | ||
| + | {{cfg|main.inc.php|<pre> | ||
| + | $rcmail_config['ldap_public']['ldap_personal'] = array( | ||
| + | 'name' => 'Personal LDAP Address Book', | ||
| + | 'hosts' => array('127.0.0.1'), | ||
| + | 'port' => 389, | ||
| + | 'use_tls' => false, | ||
| + | 'user_specific' => true, | ||
| + | 'base_dn' => 'mail=%u@%d,ou=Users,domainName=%d,o=domains,dc=iredmail,dc=org', | ||
| + | 'bind_dn' => 'mail=%u@%d,ou=Users,domainName=%d,o=domains,dc=iredmail,dc=org', | ||
| + | 'writable' => true, | ||
| + | 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), | ||
| + | 'required_fields' => array('cn', 'mail'), | ||
| + | 'LDAP_rdn' => 'cn', | ||
| + | 'ldap_version' => '3', | ||
| + | 'search_fields' => array('mail', 'cn', 'givenName', 'sn'), | ||
| + | 'name_field' => 'cn', | ||
| + | 'email_field' => 'mail', | ||
| + | 'surname_field' => 'sn', | ||
| + | 'firstname_field' => 'givenName', | ||
| + | 'sort' => 'cn', | ||
| + | 'scope' => 'list', | ||
| + | 'filter' => '(objectClass=inetOrgPerson)', | ||
| + | 'fuzzy_search' => true); | ||
| + | </pre>}} | ||
| + | |||
| + | Change default personal address book from sql to ldap in same file '''main.inc.php''': | ||
| + | {{cfg|main.inc.php|<pre> | ||
| + | $rcmail_config['address_book_type'] = 'ldap'; | ||
| + | </pre>}} | ||
| + | |||
| + | Append '''ldap_personal''' in setting '''autocomplete_addressbooks''', and remove '''sql''': | ||
| + | {{cfg|main.inc.php|<pre> | ||
| + | $rcmail_config['autocomplete_addressbooks'] = array(..., 'ldap_personal'); | ||
| + | </pre>}} | ||
| + | |||
| + | Restarting apache is optional but strongly recommended. | ||
= Test = | = Test = | ||
| + | After restaring OpenLDAP server and Apache web server, you can now log into Roundcube webmail, click "'''Address Book'''" on the top-right cornor, select '''Personal LDAP Address Book''', then try to add and update new contacts. | ||
= Note to iRedAdmin-Pro-LDAP customers = | = Note to iRedAdmin-Pro-LDAP customers = | ||
| + | If you're using iRedAdmin-Pro-LDAP-1.4.0 with personal LDAP address book, you can't delete users who has contacts stored in LDAP. Please follow below steps to fix it. | ||
| + | |||
| + | * Save below content as file '''personal_addr_book.patch''' and upload or copy it to directory '''/tmp''' on your server which has iRedAdmin-Pro-LDAP running. | ||
| + | {{cfg|personal_addr_book.patch|<pre> | ||
| + | diff -r 6ef8322a6f16 admin/1.4.x/libs/ldaplib/user.py | ||
| + | --- a/admin/1.4.x/libs/ldaplib/user.py Sun Feb 13 13:02:03 2011 +0800 | ||
| + | +++ b/admin/1.4.x/libs/ldaplib/user.py Mon Feb 14 02:37:14 2011 +0800 | ||
| + | @@ -6,7 +6,7 @@ | ||
| + | import ldap.filter | ||
| + | import web | ||
| + | from libs import iredutils | ||
| + | -from libs.ldaplib import core, domain as domainlib, attrs, ldaputils, iredldif, connUtils, decorators | ||
| + | +from libs.ldaplib import core, domain as domainlib, attrs, ldaputils, iredldif, connUtils, decorators, deltree | ||
| + | |||
| + | # Policyd integration. | ||
| + | from libs.policyd import throttle | ||
| + | @@ -311,8 +311,8 @@ | ||
| + | |||
| + | # Delete user object. | ||
| + | try: | ||
| + | - #deltree.DelTree(self.conn, self.dnUser, ldap.SCOPE_SUBTREE) | ||
| + | - self.conn.delete_s(self.dnUser) | ||
| + | + deltree.DelTree(self.conn, self.dnUser, ldap.SCOPE_SUBTREE) | ||
| + | + #self.conn.delete_s(self.dnUser) | ||
| + | |||
| + | if deleteFromGroups: | ||
| + | self.deleteSingleUserFromGroups(self.mail) | ||
| + | </pre>}} | ||
| + | |||
| + | * Change working directory to root directory of iRedAdmin-Pro-LDAP-1.4.0 in terminal with command '''cd''', it should be one of below: | ||
| + | ** RHEL/CentOS: /var/www/iRedAdmin-Pro-LDAP-1.4.0/ | ||
| + | ** Debian/Ubuntu: /usr/share/apache2/iRedAdmin-Pro-LDAP-1.4.0/ | ||
| + | ** OpenSuSE: /srv/www/iRedAdmin-Pro-LDAP-1.4.0/ | ||
| + | ** FreeBSD: /usr/local/www/iRedAdmin-Pro-LDAP-1.4.0/ | ||
| + | |||
| + | * Try to patch it with command '''patch''': | ||
| + | {{cmd|<pre> | ||
| + | # patch -p3 --dry-run < /tmp/personal_addr_book.patch | ||
| + | patching file libs/ldaplib/user.py | ||
| + | </pre>}} | ||
| + | |||
| + | * If you get same output message as above, it's safe to patch it now: | ||
| + | {{cmd|<pre> | ||
| + | # patch -p3 < /tmp/personal_addr_book.patch | ||
| + | patching file libs/ldaplib/user.py | ||
| + | </pre>}} | ||
| + | |||
| + | * Restarting Apache web server is optional but strongly recommended. | ||
Current revision as of 18:44, 13 February 2011
Contents |
Summary
Per-user personal LDAP address book allow user to store their personal contacts in LDAP instead of MySQL.
Contact will have 4 LDAP attributes:
- cn: Common name.
- givenName: First name.
- sn: Last name.
- mail: Email address.
Only cn and mail are required.
Configure OpenLDAP
We need to modify OpenLDAP server setting, add a new access control to allow user add or update their personal contacts.
Open OpenLDAP config file slapd.conf, it could be one of below:
- RHEL/CentOS/OpenSuSE: /etc/openldap/slapd.conf
- Debian/Ubuntu: /etc/ldap/slapd.conf
- FreeBSD: /usr/local/etc/openldap/slapd.conf
Find this line:
| File: slapd.conf |
access to attrs="userPassword,mailForwardingAddress" |
Then add below lines ABOVE it (NOTE: You must replace dc=iredmail,dc=org by your own LDAP suffix below):
| File: slapd.conf |
access to dn.regex="cn=[^,]+,mail=([^,]+)@([^,]+),ou=Users,domainName=([^,]+),o=domains,dc=iredmail,dc=org$"
by anonymous none
by self none
by dn.exact="cn=vmail,dc=iredmail,dc=org" read
by dn.exact="cn=vmailadmin,dc=iredmail,dc=org" write
by dn.regex="mail=$1@$2,ou=Users,domainName=$3,o=domains,dc=iredmail,dc=org$" write
by users none
|
The final result looks like below:
| File: slapd.conf |
access to dn.regex="cn=[^,]+,mail=([^,]+)@([^,]+),ou=Users,domainName=([^,]+),o=domains,dc=iredmail,dc=org$"
by anonymous none
by self none
by dn.exact="cn=vmail,dc=iredmail,dc=org" read
by dn.exact="cn=vmailadmin,dc=iredmail,dc=org" write
by dn.regex="mail=$1@$2,ou=Users,domainName=$3,o=domains,dc=iredmail,dc=org$" write
by users none
access to attrs="userPassword,mailForwardingAddress"
[...SKIP OTHER LINES HERE...]
|
Restart OpenLDAP service to make it work.
Configure Roundcube Webmail
Open Roundcube webmail config file main.inc.php, it could be one of below:
- RHEL/CentOS: /var/www/roundcubemail/config/main.inc.php
- Debian/Ubuntu: /usr/share/apache2/roundcubemail/config/main.inc.php
- OpenSuSE: /srv/www/roundcubemail/config/main.inc.php
- FreeBSD: /usr/local/www/roundcubemail/main.inc.php
Add below lines before the last line "?>" (NOTE: You must replace dc=iredmail,dc=org by your own LDAP suffix below):
| File: main.inc.php |
$rcmail_config['ldap_public']['ldap_personal'] = array(
'name' => 'Personal LDAP Address Book',
'hosts' => array('127.0.0.1'),
'port' => 389,
'use_tls' => false,
'user_specific' => true,
'base_dn' => 'mail=%u@%d,ou=Users,domainName=%d,o=domains,dc=iredmail,dc=org',
'bind_dn' => 'mail=%u@%d,ou=Users,domainName=%d,o=domains,dc=iredmail,dc=org',
'writable' => true,
'LDAP_Object_Classes' => array('top', 'inetOrgPerson'),
'required_fields' => array('cn', 'mail'),
'LDAP_rdn' => 'cn',
'ldap_version' => '3',
'search_fields' => array('mail', 'cn', 'givenName', 'sn'),
'name_field' => 'cn',
'email_field' => 'mail',
'surname_field' => 'sn',
'firstname_field' => 'givenName',
'sort' => 'cn',
'scope' => 'list',
'filter' => '(objectClass=inetOrgPerson)',
'fuzzy_search' => true);
|
Change default personal address book from sql to ldap in same file main.inc.php:
| File: main.inc.php |
$rcmail_config['address_book_type'] = 'ldap'; |
Append ldap_personal in setting autocomplete_addressbooks, and remove sql:
| File: main.inc.php |
$rcmail_config['autocomplete_addressbooks'] = array(..., 'ldap_personal'); |
Restarting apache is optional but strongly recommended.
Test
After restaring OpenLDAP server and Apache web server, you can now log into Roundcube webmail, click "Address Book" on the top-right cornor, select Personal LDAP Address Book, then try to add and update new contacts.
Note to iRedAdmin-Pro-LDAP customers
If you're using iRedAdmin-Pro-LDAP-1.4.0 with personal LDAP address book, you can't delete users who has contacts stored in LDAP. Please follow below steps to fix it.
- Save below content as file personal_addr_book.patch and upload or copy it to directory /tmp on your server which has iRedAdmin-Pro-LDAP running.
| File: personal_addr_book.patch |
diff -r 6ef8322a6f16 admin/1.4.x/libs/ldaplib/user.py
--- a/admin/1.4.x/libs/ldaplib/user.py Sun Feb 13 13:02:03 2011 +0800
+++ b/admin/1.4.x/libs/ldaplib/user.py Mon Feb 14 02:37:14 2011 +0800
@@ -6,7 +6,7 @@
import ldap.filter
import web
from libs import iredutils
-from libs.ldaplib import core, domain as domainlib, attrs, ldaputils, iredldif, connUtils, decorators
+from libs.ldaplib import core, domain as domainlib, attrs, ldaputils, iredldif, connUtils, decorators, deltree
# Policyd integration.
from libs.policyd import throttle
@@ -311,8 +311,8 @@
# Delete user object.
try:
- #deltree.DelTree(self.conn, self.dnUser, ldap.SCOPE_SUBTREE)
- self.conn.delete_s(self.dnUser)
+ deltree.DelTree(self.conn, self.dnUser, ldap.SCOPE_SUBTREE)
+ #self.conn.delete_s(self.dnUser)
if deleteFromGroups:
self.deleteSingleUserFromGroups(self.mail)
|
- Change working directory to root directory of iRedAdmin-Pro-LDAP-1.4.0 in terminal with command cd, it should be one of below:
- RHEL/CentOS: /var/www/iRedAdmin-Pro-LDAP-1.4.0/
- Debian/Ubuntu: /usr/share/apache2/iRedAdmin-Pro-LDAP-1.4.0/
- OpenSuSE: /srv/www/iRedAdmin-Pro-LDAP-1.4.0/
- FreeBSD: /usr/local/www/iRedAdmin-Pro-LDAP-1.4.0/
- Try to patch it with command patch:
| Terminal: |
# patch -p3 --dry-run < /tmp/personal_addr_book.patch patching file libs/ldaplib/user.py |
- If you get same output message as above, it's safe to patch it now:
| Terminal: |
# patch -p3 < /tmp/personal_addr_book.patch patching file libs/ldaplib/user.py |
- Restarting Apache web server is optional but strongly recommended.
