Mailsystem

From FBSD_tips

Jump to: navigation, search

NOTE: ${LOCALBASE} is not here to be inserted verbatim into the config files. It is designed as an aid to insert where you installed your software to. FreeBSD places it into /usr/local.

I dreaded this install, because there are so many variables and mixes, configurations, options and it will take a long time to get a working configuration. You have to start somewhere, so all I made working was the postfix + LDAP + dovecot configuration to begin with.

Versions I used:

  • Postfix 2.4.6 (2.4.7 was released during the configuration)
  • OpenLDAP 2.3.40 (2.3.41 was released during the configuration)
  • Dovecot 1.0.10 (1.0.13 was released during the configuration)

It's important to realize how LDAP starts. When you configure slapd.conf (standalone LDAP server), it creates a blank canvas that MUST be configured, from the ground up! It has no preconfigured options when starting the database. This gives you ultimate configuration for the structure. You even have to create the rootcn (the root canonical name, the root of the configuration).

An LDAP schema is essentially a pie tin. Empty but provides structure. A schema defines objectClasses, like the actual cherry pie. objectClasses defines attributes, the individual pieces of the pie that are served to people. Attributes are what LDAP clients look for, and interpret in their own way. Some clients are standardized and will accept the data returned from a search. Be very careful of bugs that are announced from software developers. Example is Outlook XP/2003.

I start by installing OpenLDAP-server. It will pull in it's -client as a dependency. The configuration file is ${LOCALBASE}/etc/openldap/slapd.conf.

OpenLDAP in it's default configuration will only provide what it requires to run. This configuration alone won't be able to provide authentication or address book functions. We must expand the schema (which you may here from other forums or articles) to provide the attributes via objectClasses so we can function as we need. Below is a list of schemas I normally extend my server to:

  • cosine.schema
  • nis.schema
  • inetorgperson.schema

The above can get you an addressbook, but we also want user authentication and mail receiving to be a part of this setup. We will look at both when it is their turn. Right now, we need to start OpenLDAP and create the rootcn, or suffix. 

include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema

modulepath /usr/local/libexec/openldap
moduleload back_bdb

database bdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
directory /var/db/openldap-data
index objectClass eq

After configuring your system to autostart openldap, start it. It's still a blank slate, even the info above doesn't really exist on disk. It "pseudo exists." Creating the rootcn, or suffix (I will use rootcn from here on out), requires typing a LDIF (LDAP Data Interchange Format) file up, and submitting it by hand. After that, any LDAP Administration tool can provide the rest of the setup. Read it's documentation to find out how. Use the sample below with what you see above as an example to create this rootcn. 

dn:     dc=example, dc=com
objectClass:    top
objectClass:    dcObject
objectClass:    organization
dc:     example
o:      Highly Prized Example, Inc

Add it to OpenLDAP with the following, keeping the above top snippit in as a reference point. 

ldapadd -WD "cn=Manager,dc=example,dc=com" -f rootcn.ldif

You're rootcn is created and available, if you got no errors back on the result of the above command. Use the rootpw to authenticate.

I have been using LDAP Admin, from sourceforge.net to work on my setups. There's a provided Postfix schema or jamm schema file for us to use. As I'm getting more into OpenLDAP, that schema file may not be needed, but I am keeping it for now.

The structure of the LDAP directory is not strict. It is completely flexible and possible to define anything. Between the queries your LDAP clients make, you should structure your LDAP directory. I am still working on that (2/27/2008).

TODO: work in the rc.conf stuff 

 slapd_enable="YES"
 slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/"'
 slapd_sockets="/var/run/openldap/ldapi"

SCORE! Bunch of schema files. http://www.grotan.com/ldap

v1.0 2/27/2008, Prev 1 of 6 Next

Retrieved from "http://bsdtips.utcorp.net/mediawiki/index.php/Mailsystem"
Personal tools