Changes between Version 24 and Version 25 of Howto_Ldap


Ignore:
Timestamp:
Jan 15, 2011 9:00:20 AM (2 years ago)
Author:
andudi
Comment:

private and public

Legend:

Unmodified
Added
Removed
Modified

  • Howto_Ldap

    v24 v25  
    22 
    33= LDAP Addressbook Server for Roundcube = 
    4 This Howto describes the setup of a simple LDAP addressbook server that should be ready for using with Roundcube "out of the box". The goal is to have an addressbook solution similar to the SQL based one, including contact groups and configurable fields. On the other side should it be possible to connect with any LDAP addressbook client out there. 
     4This Howto describes the setup of a simple LDAP addressbook server with OpenLDAP (http://www.openldap.org) that should be ready for using with Roundcube "out of the box". The goal is to have an addressbook solution similar to the SQL based one, including public and private contacts, contact groups and configurable fields. On the other side should it be possible to connect with any LDAP addressbook client out there. 
    55 
    6 Since Roundcube 0.5 is not aleb to manage LDAP contact groups, this feature will be available not before Roundcube 0.6. Nevertheless can this LDAP addressbook server allready be used: new contacts do just not belong to a group, they can be added later. 
     6Since Roundcube 0.5 is not able to manage LDAP contact groups, this feature will be available not before Roundcube 0.6. Nevertheless can the here described LDAP addressbook server allready be used: new contacts do just not belong to a group, they can be added later. 
    77 
    8 This Howto makes some simplifications that are maybe a good choice for a smal home server, but not what proffessionals would do: 
    9 - this Howto is based on OpenLDAP (http://www.openldap.org) 
    10 - the LDAP server is running on the same host as Roundcube 
     8This Howto makes some simplifications that are maybe a good choice for a smal home server, but not what proffessionals would prefere: 
     9- the LDAP server must run on the same host as Roundcube 
    1110- the static config file is used instead of the newer dynamic config directory 
    1211- security issues are not part of this Howto, neverthelsess it is highly recomanded to disallow connections from other hosts than needed with a firewall 
    1312- this Howto is based and tested on '''Debian Lenny''' and '''Ubuntu 10.10''', but other Distros (and OS?) should do it as well 
    14 If you do not agree with my propositions, help your self to improve your installation! 
     13- the users of the private addressbooks must be created first, e.g. in the admin part of Roundcube (not yet) 
    1514 
    1615== Install the LDAP Server == 
    17 Install the OpenLDAP following packages (if they are called different on your distro, please let me know): 
     16Install the following packages (maybe they are called different on your distro): 
    1817- slapd : the OpenLDAP server daemon 
    1918- ldap-utils : LDAP tools like ldapsearch and ldapadd 
     
    2726Depending on your distribution (e.g. on '''Debian Lenny'''), you will be asked during the installation about: 
    2827- domainname : '''localhost''' 
    29 - organisation : '''Local LDAP Addressbook Server''' 
     28- organisation : '''LDAP Addressbook Server''' 
    3029- administrator password : '''mypasswd'''  
    3130The proposed answers for the domainname (or suffix) fit well with this Howto: if you want to use another, you have to know (or even find out) how to adapt the following steps! 
     
    3736}}} 
    3837 
    39 If you are not asked about the above, like on distros as '''Ubuntu 9.10''' and later, you have to define everything int the configuration file. Then you have to generate a administrator password first: 
     38If you are not asked about the above, e.g. like on '''Ubuntu 9.10''' and later, you have to define everything int the configuration file. Then you have to generate a administrator password first: 
    4039{{{ 
    4140$ sudo slappasswd 
     
    4544}}} 
    4645Remember (or even copy) the last line for using later. 
     46 
    4747 
    4848== Configure the LDAP Server == 
     
    6161By the way, remember the user and group of the slapd daemon, usually '''openldap'''. 
    6262 
    63 Now you have to create/modify the config file: '''/etc/ldap/slapd.conf'''[[BR]] 
    64 The following example config should just work for this simple Roundcube LDAP addressbook: 
    65 {{{ 
    66 ####################################################################### 
    67 # Global Directives: 
    68 include         /etc/ldap/schema/core.schema 
    69 include         /etc/ldap/schema/cosine.schema 
    70 include         /etc/ldap/schema/inetorgperson.schema 
    71  
    72 pidfile         /var/run/slapd/slapd.pid 
    73 argsfile        /var/run/slapd/slapd.args 
    74 loglevel        none 
    75 modulepath      /usr/lib/ldap 
    76 moduleload      back_hdb 
    77 sizelimit 500 
    78 tool-threads 1 
    79 backend         hdb 
    80  
    81 ####################################################################### 
    82 # Specific Directives for database #1, of type hdb: 
    83 database        hdb 
    84 directory       "/var/lib/ldap" 
    85 dbconfig set_cachesize 0 2097152 0 
    86 dbconfig set_lk_max_objects 1500 
    87 dbconfig set_lk_max_locks 1500 
    88 dbconfig set_lk_max_lockers 1500 
    89 index           objectClass eq 
    90 lastmod         on 
    91  
    92 # If you change the suffix, change all the "localhost" you find below as well! 
    93 suffix          "dc=localhost" 
    94  
    95 # Please change the password with the result of "slappasswd" 
    96 rootdn          "cn=admin,dc=localhost" 
    97 rootpw          {SSHA}TNLUlmvLB86mzX5tA7klra2Cepv/Nn47 
    98  
    99 checkpoint      512 30 
    100  
    101 # Grant the Roundcub user to create private users 
    102 access to dn.one="ou=private,ou=rcabook,dc=localhost" attrs=userPassword 
    103         by dn="cn=rcuser,dc=localhost" write 
    104  
    105 # For user authentication and password change 
    106 access to attrs=userPassword 
    107         by dn="cn=admin,dc=localhost" write 
    108         by anonymous auth 
    109         by self write 
    110         by * none 
    111  
    112 # Grant the Roundcube user access to the whole addressbook 
    113 access to dn.subtree="ou=rcabook,dc=localhost" 
    114         by dn="cn=rcuser,dc=localhost" write   
    115  
    116 # Grant the Roundcube users access to their private addressbooks 
    117 access to dn.regex="^[^,]+,ou=contacts,cn=([^,]+),ou=private,ou=rcabook,dc=localhost$" 
    118         by dn.exact,expand="cn=$1,ou=private,ou=rcabook,dc=localhost" write 
    119 access to dn.regex="^[^,]+,ou=groups,cn=([^,]+),ou=private,ou=rcabook,dc=localhost$" 
    120         by dn.exact,expand="cn=$1,ou=private,ou=rcabook,dc=localhost" write 
    121  
    122 # For direcory access 
    123 access to * 
    124         by dn="cn=admin,dc=localhost" write 
    125         by * read 
    126 }}} 
    127 Some words to this proposed example: 
    128 - you can download it from here: http://trac.roundcube.net/raw-attachment/wiki/Howto_Ldap/slapd.conf 
    129 - compared to the default slapd.conf file, all the nonrelevant comments are removed. 
     63Now you have to create/modify the config file '''/etc/ldap/slapd.conf'''. This example config file should just work for this simple Roundcube LDAP addressbook: [[http://trac.roundcube.net/raw-attachment/wiki/Howto_Ldap/slapd.conf|slapd.conf]][[BR]] 
     64Some words about this example configuration: 
     65- compared to the default slapd.conf file of openldap, all the nonrelevant comments are removed. 
    13066- the nis schema is removed because the simple addressbook do not need it. 
    13167- normally you must not touch anything else than: '''suffix''', '''rootdn''', '''rootpw''' and the '''access''' directives!