Open Hub
Black Duck Open Hub

 Settings |  Report Duplicate

2
I Use This!
Activity Not Available

News

Analyzed 4 months ago. based on code collected 12 months ago.
Email Archiving
Posted almost 14 years ago by [email protected] (Manvendra Bhangui)
IndiMail provides multiple options for those who want their emails archived automatically. For easy retrieval, you can use tools like google desktop, beagle, etc If you use IndiMail, you have two methods to achieve automatic archiving of emails ... [More] 1. using environment variable EXTRAQUEUE If EXTRAQUEUE environment variable is set to any environment variable, qmail-queue will deposit an extra copy of the email which it receives for putting it in the queue. Normally you would set EXTRAQUEUE variable in any of the clients which use qmail-queue. e.g. qmail-smtpd, qmail-inject, sendmail, etc. If you have setup IndiMail as per the official instructions, you can set EXTRAQUEUE for incoming and outgoing mails as given below % su # echo "[email protected]" > /service/qmail-smtpd.25/variables/EXTRAQUEUE # echo "[email protected]" > /service/qmail-smtpd.587/variables/EXTRAQUEUE # svc -d /service/qmail-smtpd.25 /service/qmail-smtpd.587 # svc -u /service/qmail-smtpd.25 /service/qmail-smtpd.587 # exit Now all your emails coming in and going out of the system, a copy will be sent to [email protected]. If [email protected] lies on IndiMail Messaging Platform, you can set filters (using vfilter(1)) to automatically deposit the mails in different folders. The folders can be decided on various criteria like date, sender, recipient, domain, etc. 2. using control file mailarchive This control file allows you to set up rule based archiving. For any specific sender or recipient, you can set a rule to select a destination email for archiving. This is much more flexible than using EXTRAQUEUE which allowed you to archive emails to a single email address. A line in the control file mailarchive can be of the form type:regexp:dest_address Here type is 'T' to set a rule on recipients. You can set the type as 'F' to set a rule on the sender. regexp is any email address which matches the sender or recipient (depending on whether type is 'T' or 'F'). dest_address should expand to a valid email address. You can have a valid email address. You can also have the '%' sign followed by the letters u, d or e in the address to have the following substitutions made %u - gets replaced by the user component of email address (without the '@' sign) %d - gets replaced by the domain component of email address %e - gets replaced by the email address The email address in the above substitution will be the recipient (if type is 'T') and the sender (if type is 'F'). another example and a cool tip :) T:*:%u@arch%d Will make a hot standby of your incoming mails for yourdomain on another server hosting archyourdomain. NOTE: Currently only type = 'F' is implemented. type='T' will be implemented in release 1.7.8 For some organizations, email archiving is a must due to compliance with regulatory standards like SOX, HIPAA, Basel II Accord (effective 2006), Canadian Privacy Act, Data Protection Act 1988, EU Data Protection Directive 95/46/FC, Federal Information Security Management Act (FISMA), Federal Rules of Civil Procedure (FRCP), Financial Services Act 198, regulated by FSA, Freedom of Information Act (FOIA), Freedom of Information Act (in force January 2005), The Gramm-Leach-Bliley Act (GLBA), MiFID (Markets in Financial Instruments Directives), PIPEDA (Personal Information Protection and Electronic Documents Act), SEC Rule 17a-4/ NASD 3010 (Securities Exchange Act 1934). Apart from archiving, you would also want to set disclaimers. IndiMail allows you to set a disclaimer by setting the FILTERARGS environment variable and using altermime(1). The following acts/circular specifically require you to set disclaimers. UK Companies Act 2006, IRS Circular 230, Reference Email Compliance - A simple 5 step guide E-Mail archiving - Wikipedia Compliance Requirements for email archiving Email Legislation - Summary of UK, US, EU legislations You can download IndiMail athttp://sourceforge.net/projects/indimail/The RPM can be downloaded fromhttp://download.opensuse.org/repositories/home:/indimail/ Subscribe to indimail Email: Visit this group [Less]
Email Archiving
Posted almost 14 years ago by [email protected] (Manvendra Bhangui)
IndiMail provides multiple options for those who want their emails archived automatically. For easy retrieval, you can use tools like google desktop, beagle, etc If you use IndiMail, you have two methods to achieve automatic archiving of emails ... [More] 1. using environment variable EXTRAQUEUE If EXTRAQUEUE environment variable is set to any environment variable, qmail-queue will deposit an extra copy of the email which it receives for putting it in the queue. Normally you would set EXTRAQUEUE variable in any of the clients which use qmail-queue. e.g. qmail-smtpd, qmail-inject, sendmail, etc. If you have setup IndiMail as per the official instructions, you can set EXTRAQUEUE for incoming and outgoing mails as given below % su # echo "[email protected]" > /service/qmail-smtpd.25/variables/EXTRAQUEUE # echo "[email protected]" > /service/qmail-smtpd.587/variables/EXTRAQUEUE # svc -d /service/qmail-smtpd.25 /service/qmail-smtpd.587 # svc -u /service/qmail-smtpd.25 /service/qmail-smtpd.587 # exit Now all your emails coming in and going out of the system, a copy will be sent to [email protected]. If [email protected] lies on IndiMail Messaging Platform, you can set filters (using vfilter(1)) to automatically deposit the mails in different folders. The folders can be decided on various criteria like date, sender, recipient, domain, etc. 2. using control file mailarchive This control file allows you to set up rule based archiving. For any specific sender or recipient, you can set a rule to select a destination email for archiving. This is much more flexible than using EXTRAQUEUE which allowed you to archive emails to a single email address. A line in the control file mailarchive can be of the form type:regexp:dest_address Here type is 'T' to set a rule on recipients. You can set the type as 'F' to set a rule on the sender. regexp is any email address which matches the sender or recipient (depending on whether type is 'T' or 'F'). dest_address should expand to a valid email address. You can have a valid email address. You can also have the '%' sign followed by the letters u, d or e in the address to have the following substitutions made %u - gets replaced by the user component of email address (without the '@' sign) %d - gets replaced by the domain component of email address %e - gets replaced by the email address The email address in the above substitution will be the recipient (if type is 'T') and the sender (if type is 'F'). another example and a cool tip :) T:*:%u@arch%d Will make a hot standby of your incoming mails for yourdomain on another server hosting archyourdomain. NOTE: Currently only type = 'F' is implemented. type='T' will be implemented in release 1.7.8 For some organizations, email archiving is a must due to compliance with regulatory standards like SOX, HIPAA, Basel II Accord (effective 2006), Canadian Privacy Act, Data Protection Act 1988, EU Data Protection Directive 95/46/FC, Federal Information Security Management Act (FISMA), Federal Rules of Civil Procedure (FRCP), Financial Services Act 198, regulated by FSA, Freedom of Information Act (FOIA), Freedom of Information Act (in force January 2005), The Gramm-Leach-Bliley Act (GLBA), MiFID (Markets in Financial Instruments Directives), PIPEDA (Personal Information Protection and Electronic Documents Act), SEC Rule 17a-4/ NASD 3010 (Securities Exchange Act 1934). Apart from archiving, you would also want to set disclaimers. IndiMail allows you to set a disclaimer by setting the FILTERARGS environment variable and using altermime(1). The following acts/circular specifically require you to set disclaimers. UK Companies Act 2006, IRS Circular 230, Reference Email Compliance - A simple 5 step guide E-Mail archiving - Wikipedia Compliance Requirements for email archiving Email Legislation - Summary of UK, US, EU legislations You can download IndiMail athttp://sourceforge.net/projects/indimail/The RPM can be downloaded fromhttp://download.opensuse.org/repositories/home:/indimail/ Subscribe to indimail Email: Visit this group [Less]
Email Archiving
Posted almost 14 years ago by [email protected] (Cprogrammer)
IndiMail provides multiple options for those who want their emails archived automatically. For easy retrieval, you can use tools like google desktop, beagle, etcIf you use IndiMail, you have two methods to achieve automatic archiving of emails1. ... [More] using environment variable EXTRAQUEUEIf EXTRAQUEUE environment variable is set to any environment variable, qmail-queue will deposit an extra copy of the email which it receives for putting it in the queue. Normally you would set EXTRAQUEUE variable in any of the clients which use qmail-queue. e.g. qmail-smtpd, qmail-inject, sendmail, etc. If you have setup IndiMail as per the official instructions, you can set EXTRAQUEUE for incoming and outgoing mails as given below% su# echo "[email protected]" > /service/qmail-smtpd.25/variables/EXTRAQUEUE# echo "[email protected]" > /service/qmail-smtpd.587/variables/EXTRAQUEUE# svc -d /service/qmail-smtpd.25 /service/qmail-smtpd.587# svc -u /service/qmail-smtpd.25 /service/qmail-smtpd.587# exitNow all your emails coming in and going out of the system, a copy will be sent to [email protected]. If [email protected] lies on IndiMail Messaging Platform, you can set filters (using vfilter(1)) to automatically deposit the mails in different folders. The folders can be decided on various criteria like date, sender, recipient, domain, etc.2. using control file mailarchiveThis control file allows you to set up rule based archiving. For any specific sender or recipient, you can set a rule to select a destination email for archiving. This is much more flexible than using EXTRAQUEUE which allowed you to archive emails to a single email address. A line in the control file mailarchive can be of the formtype:regexp:dest_addressHere type is 'T' to set a rule on recipients. You can set the type as 'F' to set a rule on the sender.regexp is any email address which matches the sender or recipient (depending on whether type is 'T' or 'F').dest_address should expand to a valid email address. You can have a valid email address. You can also have the '%' sign followed by the letters u, d or e in the address to have the following substitutions made%u - gets replaced by the user component of email address (without the '@' sign)%d - gets replaced by the domain component of email address%e - gets replaced by the email addressThe email address in the above substitution will be the recipient (if type is 'T') and the sender (if type is 'F').another example and a cool tip :)T:*:%u@arch%dWill make a hot standby of your incoming mails for yourdomain on another server hosting archyourdomain.NOTE: Currently only type = 'F' is implemented. type='T' will be implemented in release 1.7.8For some organizations, email archiving is a must due to compliance with regulatory standards like SOX, HIPAA, Basel II Accord (effective 2006), Canadian Privacy Act, Data Protection Act 1988, EU Data Protection Directive 95/46/FC, Federal Information Security Management Act (FISMA), Federal Rules of Civil Procedure (FRCP), Financial Services Act 198, regulated by FSA, Freedom of Information Act (FOIA), Freedom of Information Act (in force January 2005), The Gramm-Leach-Bliley Act (GLBA), MiFID (Markets in Financial Instruments Directives), PIPEDA (Personal Information Protection and Electronic Documents Act), SEC Rule 17a-4/ NASD 3010 (Securities Exchange Act 1934).Apart from archiving, you would also want to set disclaimers. IndiMail allows you to set a disclaimer by setting the FILTERARGS environment variable and using altermime(1). The following acts/circular specifically require you to set disclaimers.UK Companies Act 2006, IRS Circular 230, ReferenceEmail Compliance - A simple 5 step guideE-Mail archiving - WikipediaCompliance Requirements for email archivingEmail Legislation - Summary of UK, US, EU legislationsYou can download IndiMail athttp://sourceforge.net/projects/indimail/The RPM can be downloaded fromhttp://download.opensuse.org/repositories/home:/indimail/ Subscribe to indimailEmail: Visit this group [Less]
Setting Limits for your Virtual Domain
Posted almost 14 years ago by [email protected] (Manvendra Bhangui)
IndiMail comes with a program vlimit(1), which allows you to set global limits for your domain. Before using vlimit, you need to enable domain limits for a domain using vmoddomain(1).% vmoddomain -l 1 example.comOnce you have done the above, you can ... [More] start using vlimit for the domain example.com% vlimit -s example.comDomain Expiry Date : Never ExpiresPassword Expiry Date : Never ExpiresMax Domain Quota : -1Max Domain Messages : -1Default User Quota : -1Default User Messages: -1Max Pop Accounts : -1Max Aliases : -1Max Forwards : -1Max Autoresponders : -1Max Mailinglists : -1GID Flags:Flags for non postmaster accounts:pop account : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEalias : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEforward : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEautoresponder : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist users : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist moderators: ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEdomain quota : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEdefault quota : ALLOW_CREATE ALLOW_MODIFYUsing vlimit you can set various limits or defaults for a domain. One of my favourite use of vlimit is setting default quota for users created in a domain. The default quota compiled in IndiMail is 5Mb which is not good enough for today's users. So if you want to have a default quota of 50 Mb for your users when you add them using the vadduser(1) command -% vlimit -q 52428800 example.com% vlimit -s example.comDomain Expiry Date : Never ExpiresPassword Expiry Date : Never ExpiresMax Domain Quota : -1Max Domain Messages : -1Default User Quota : 52428800Default User Messages: -1Max Pop Accounts : -1Max Aliases : -1Max Forwards : -1Max Autoresponders : -1Max Mailinglists : -1GID Flags:Flags for non postmaster accounts:pop account : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEalias : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEforward : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEautoresponder : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist users : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist moderators: ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEdomain quota : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEdefault quota : ALLOW_CREATE ALLOW_MODIFY You can also implement domain level restrictions. To disable POP3 for all users in example.com% vlimit -g p example.com% vlimit -s example.comDomain Expiry Date : Never ExpiresPassword Expiry Date : Never ExpiresMax Domain Quota : -1Max Domain Messages : -1Default User Quota : 52428800Default User Messages: -1Max Pop Accounts : -1Max Aliases : -1Max Forwards : -1Max Autoresponders : -1Max Mailinglists : -1GID Flags:NO_POPFlags for non postmaster accounts:pop account : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEalias : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEforward : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEautoresponder : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist users : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist moderators: ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEdomain quota : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEdefault quota : ALLOW_CREATE ALLOW_MODIFYYou can download IndiMail athttp://sourceforge.net/projects/indimail/The RPM can be downloaded fromhttp://download.opensuse.org/repositories/home:/indimail/ Subscribe to indimail Email: Visit this group [Less]
Setting Limits for your Virtual Domain
Posted almost 14 years ago by [email protected] (Cprogrammer)
IndiMail comes with a program vlimit(1), which allows you to set global limits for your domain. Before using vlimit, you need to enable domain limits for a domain using vmoddomain(1).% vmoddomain -l 1 example.comOnce you have done the above, you can ... [More] start using vlimit for the domain example.com% vlimit -s example.comDomain Expiry Date : Never ExpiresPassword Expiry Date : Never ExpiresMax Domain Quota : -1Max Domain Messages : -1Default User Quota : -1Default User Messages: -1Max Pop Accounts : -1Max Aliases : -1Max Forwards : -1Max Autoresponders : -1Max Mailinglists : -1GID Flags:Flags for non postmaster accounts:pop account : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEalias : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEforward : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEautoresponder : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist users : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist moderators: ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEdomain quota : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEdefault quota : ALLOW_CREATE ALLOW_MODIFYUsing vlimit you can set various limits or defaults for a domain. One of my favourite use of vlimit is setting default quota for users created in a domain. The default quota compiled in IndiMail is 5Mb which is not good enough for today's users. So if you want to have a default quota of 50 Mb for your users when you add them using the vadduser(1) command -% vlimit -q 52428800 example.com% vlimit -s example.comDomain Expiry Date : Never ExpiresPassword Expiry Date : Never ExpiresMax Domain Quota : -1Max Domain Messages : -1Default User Quota : 52428800Default User Messages: -1Max Pop Accounts : -1Max Aliases : -1Max Forwards : -1Max Autoresponders : -1Max Mailinglists : -1GID Flags:Flags for non postmaster accounts:pop account : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEalias : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEforward : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEautoresponder : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist users : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist moderators: ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEdomain quota : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEdefault quota : ALLOW_CREATE ALLOW_MODIFY You can also implement domain level restrictions. To disable POP3 for all users in example.com% vlimit -g p example.com% vlimit -s example.comDomain Expiry Date : Never ExpiresPassword Expiry Date : Never ExpiresMax Domain Quota : -1Max Domain Messages : -1Default User Quota : 52428800Default User Messages: -1Max Pop Accounts : -1Max Aliases : -1Max Forwards : -1Max Autoresponders : -1Max Mailinglists : -1GID Flags:NO_POPFlags for non postmaster accounts:pop account : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEalias : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEforward : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEautoresponder : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist users : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist moderators: ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEdomain quota : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEdefault quota : ALLOW_CREATE ALLOW_MODIFYYou can download IndiMail athttp://sourceforge.net/projects/indimail/The RPM can be downloaded fromhttp://download.opensuse.org/repositories/home:/indimail/Subscribe to indimailEmail: Visit this group [Less]
Setting Limits for your Virtual Domain
Posted almost 14 years ago by [email protected] (Cprogrammer)
IndiMail comes with a program vlimit(1), which allows you to set global limits for your domain.% vlimit -s example.comDomain Expiry Date : Never ExpiresPassword Expiry Date : Never ExpiresMax Domain Quota : -1Max Domain Messages : -1Default ... [More] User Quota : -1Default User Messages: -1Max Pop Accounts : -1Max Aliases : -1Max Forwards : -1Max Autoresponders : -1Max Mailinglists : -1GID Flags:Flags for non postmaster accounts: pop account : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE alias : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE forward : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE autoresponder : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE mailinglist : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE mailinglist users : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE mailinglist moderators: ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE domain quota : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE default quota : ALLOW_CREATE ALLOW_MODIFYUsing vlimit you can set various limits or defaults for a domain. One of my favourite use of vlimit is setting default quota for users created in a domain. The default quota compiled in IndiMail is 5Mb which is not good enough for today's users. So if you want to have a default quota of 50 Mb for your users when you add them using the vadduser(1) command -% vlimit -q 52428800 example.com% vlimit -s example.comDomain Expiry Date : Never ExpiresPassword Expiry Date : Never ExpiresMax Domain Quota : -1Max Domain Messages : -1Default User Quota : 52428800Default User Messages: -1Max Pop Accounts : -1Max Aliases : -1Max Forwards : -1Max Autoresponders : -1Max Mailinglists : -1GID Flags:Flags for non postmaster accounts: pop account : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE alias : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE forward : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE autoresponder : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE mailinglist : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE mailinglist users : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE mailinglist moderators: ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE domain quota : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE default quota : ALLOW_CREATE ALLOW_MODIFY You can also implement domain level restrictions. To disable POP3 for all users in example.com% vlimit -g p example.com% vlimit -s example.comDomain Expiry Date : Never ExpiresPassword Expiry Date : Never ExpiresMax Domain Quota : -1Max Domain Messages : -1Default User Quota : 52428800Default User Messages: -1Max Pop Accounts : -1Max Aliases : -1Max Forwards : -1Max Autoresponders : -1Max Mailinglists : -1GID Flags: NO_POPFlags for non postmaster accounts: pop account : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE alias : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE forward : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE autoresponder : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE mailinglist : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE mailinglist users : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE mailinglist moderators: ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE domain quota : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETE default quota : ALLOW_CREATE ALLOW_MODIFYYou can download IndiMail athttp://sourceforge.net/projects/indimail/The RPM can be downloaded fromhttp://download.opensuse.org/repositories/home:/indimail/ Subscribe to indimail Visit this group [Less]
Setting Limits for your Virtual Domain
Posted almost 14 years ago by [email protected] (Manvendra Bhangui)
IndiMail comes with a program vlimit(1), which allows you to set global limits for your domain. Before using vlimit, you need to enable domain limits for a domain using vmoddomain(1).% vmoddomain -l 1 example.comOnce you have done the above, you can ... [More] start using vlimit for the domain example.com% vlimit -s example.comDomain Expiry Date : Never ExpiresPassword Expiry Date : Never ExpiresMax Domain Quota : -1Max Domain Messages : -1Default User Quota : -1Default User Messages: -1Max Pop Accounts : -1Max Aliases : -1Max Forwards : -1Max Autoresponders : -1Max Mailinglists : -1GID Flags:Flags for non postmaster accounts:pop account : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEalias : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEforward : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEautoresponder : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist users : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist moderators: ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEdomain quota : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEdefault quota : ALLOW_CREATE ALLOW_MODIFYUsing vlimit you can set various limits or defaults for a domain. One of my favourite use of vlimit is setting default quota for users created in a domain. The default quota compiled in IndiMail is 5Mb which is not good enough for today's users. So if you want to have a default quota of 50 Mb for your users when you add them using the vadduser(1) command -% vlimit -q 52428800 example.com% vlimit -s example.comDomain Expiry Date : Never ExpiresPassword Expiry Date : Never ExpiresMax Domain Quota : -1Max Domain Messages : -1Default User Quota : 52428800Default User Messages: -1Max Pop Accounts : -1Max Aliases : -1Max Forwards : -1Max Autoresponders : -1Max Mailinglists : -1GID Flags:Flags for non postmaster accounts:pop account : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEalias : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEforward : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEautoresponder : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist users : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist moderators: ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEdomain quota : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEdefault quota : ALLOW_CREATE ALLOW_MODIFY You can also implement domain level restrictions. To disable POP3 for all users in example.com% vlimit -g p example.com% vlimit -s example.comDomain Expiry Date : Never ExpiresPassword Expiry Date : Never ExpiresMax Domain Quota : -1Max Domain Messages : -1Default User Quota : 52428800Default User Messages: -1Max Pop Accounts : -1Max Aliases : -1Max Forwards : -1Max Autoresponders : -1Max Mailinglists : -1GID Flags:NO_POPFlags for non postmaster accounts:pop account : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEalias : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEforward : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEautoresponder : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist users : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEmailinglist moderators: ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEdomain quota : ALLOW_CREATE ALLOW_MODIFY ALLOW_DELETEdefault quota : ALLOW_CREATE ALLOW_MODIFYYou can download IndiMail athttp://sourceforge.net/projects/indimail/The RPM can be downloaded fromhttp://download.opensuse.org/repositories/home:/indimail/ Subscribe to indimail Email: Visit this group [Less]
using openLDAP for addressbook
Posted almost 14 years ago by [email protected] (Cprogrammer)
By now I have got exhausted answering folks 'Why IndiMail does not have a shared addressbook'IndiMail is a pure messaging platform. It does not attempt to do things which can be done better by other software like openLDAP etc.However, things can get ... [More] bit tricky setting up an address book using openLDAP. This tutorial should make it easy for you to install your own shared address book. The commands below have worked for me on my linux laptop which is proudly powered by Fedora 12. The commands / configuration may slightly vary for your Linux distro / openLDAP version.Install openldap% sudo yum install openldap openldap-servers openldap-clientsConfigure openldapYou need to start slapd to implement openldap. slapd uses configurionfile /etc/openldap/slapd.confThe following slapd.conf file contains the basic configurations required to establish a shared address book on a secure network, however there are no access controls yet defined; security is covered later on. The encrypted root password (rootpw) should be substituted where necessary. You can use slappasswd to generate the password% slappasswd -s secret{SSHA}gDPX3cS87+B31mAF5zHCGtEJBYSuqrN/## See slapd.conf(5) for details on configuration options.# This file should NOT be world readable.#include /etc/openldap/schema/corba.schemainclude /etc/openldap/schema/core.schemainclude /etc/openldap/schema/cosine.schemainclude /etc/openldap/schema/duaconf.schemainclude /etc/openldap/schema/dyngroup.schemainclude /etc/openldap/schema/inetorgperson.schemainclude /etc/openldap/schema/java.schemainclude /etc/openldap/schema/misc.schemainclude /etc/openldap/schema/nis.schemainclude /etc/openldap/schema/openldap.schemainclude /etc/openldap/schema/ppolicy.schemainclude /etc/openldap/schema/collective.schema######################################################################## ldbm and/or bdb database definitions#######################################################################database bdbsuffix "dc=indimail,dc=org"checkpoint 1024 15rootdn "cn=Manager,dc=indimail,dc=org"rootpw {SSHA}gDPX3cS87+B31mAF5zHCGtEJBYSuqrN/# The database directory MUST exist prior to running slapd AND# should only be accessible by the slapd and slap tools.# Mode 700 recommended.directory /var/lib/ldap# Sample access control policy:# Root DSE: allow anyone to read it# Subschema (sub)entry DSE: allow anyone to read it# Other DSEs:# Allow self write access# Allow authenticated users read access# Allow anonymous users to authenticate# Directives needed to implement policy:# access to dn.base="" by * read# access to dn.base="cn=Subschema" by * read# access to *# by self write# by users read# by anonymous auth## if no access controls are present, the default policy# allows anyone and everyone to read anything but restricts# updates to rootdn. (e.g., "access to * by * read")## rootdn can always read and write EVERYTHING!access to dn.subtree="ou=addressbook,dc=indimail,dc=org" by anonymous auth by self write by users readaccess to * by anonymous auth by self read by users read# Indices to maintain for this databaseindex objectClass eq,pres#index ou,cn,mail,surname,givenname eq,pres,sub#index uidNumber,gidNumber,loginShell eq,pres#index uid,memberUid eq,pres,sub#index nisMapName,nisMapEntry eq,pres,subMake user that /etc/openldap/slapd.conf is owned by ldap and has write permissions for ldap user.As of now I prefer openldap using slapd.conf and not slapd.d for configuration.% sudo /bin/rm -r /etc/openldap/slapd.dslapd StartupMy favourite method happens to be using djb's supervise and hence is one of the core compoment of the IndiMail package% cat > /tmp/run1#!/bin/shexec /usr/sbin/slapd -u ldap -f /etc/openldap/slapd.conf -d 0 2>&1cntrl-d% cat > /tmp/run2#!/bin/shexec /var/indimail/bin/setuidgid qmaill \/var/indimail/bin/multilog t /var/log/indimail/slapd.389cntrl-d# create /service/.slapd.389 so that svscan does not discover this new service yet% sudo mkdir -p /service/.slapd.389/log% sudo mv /tmp/run2 /service/.slapd.389/log/run% sudo mv /tmp/run1 /service/.slapd.389/run% sudo chmod +x /service/.slapd.389/run /service/.slapd.389/log/run# rename .slapd.389 to slapd.389 for svscan to discover and start slapd% sudo mv /service/.slapd.389 /service/slapd.389% svstat /service/slapd.389/service/slapd.389/: up (pid 4069) 4 secondsAddressBook EntriesInformation can be imported and exported into an LDAP directory service using the LDAP Data Interchange Format (LDIF) as defined in RFC2849. An LDIF file specifies the contents of a directory entry in a human readable text format, this allows quick manipulation of a file to re-import similar entries into the directory.Now that the LDAP server has been configured and is running, we can conduct a simple search of the naming context to see our directory information before we start to import our entries.The "namingContexts" should be similar to the example below.% ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts# extended LDIF## LDAPv3# base <> with scope base# filter: (objectclass=*)# requesting: namingContextsdn:namingContexts: dc=indimail,dc=org# search resultsearch: 2result: 0 Success# numResponses: 2# numEntries: 1The following LDIF file will create the hierarchical directory service structure that we will be using for indimail's address book. The first entry is that of the base directory and the second entry is for the Manager's (administrator) account. The last two entries are the two organisational units that we will use to store the authorised users (for adding security later) and the address book entries.The bolded entries should be changed to suit your configuration requirements.% cat > addressbook.ldif# Domain entrydn: dc=indimail,dc=orgo: IndiMail LDAP Serverdc: indimailobjectclass: dcObjectobjectclass: organization# Manager entrydn: cn=Manager,dc=indimail,dc=orgcn: Managerobjectclass: organizationalRole# Usersdn: ou=users,dc=indimail,dc=orgou: usersobjectClass: topobjectClass: organizationalUnit# Addressbook entrydn: ou=AddressBook,dc=indimail,dc=orgou: AddressBookobjectClass: topobjectClass: organizationalUnitcntrl-d% ldapadd -x -D 'cn=Manager,dc=indimail,dc=org' -W -f addressbook.ldifEnter LDAP Password:adding new entry "dc=indimail,dc=org"adding new entry "cn=Manager,dc=indimail,dc=org"adding new entry "ou=users,dc=indimail,dc=org"adding new entry "ou=addressbook,dc=indimail,dc=org"The following LDAP search is requesting a listing of all entries starting from the base "dc=indimail,dc=org". This should return all of the entries that where added in the previous step.% ldapsearch -x -b 'dc=indimail,dc=org' '(objectclass=*)'# indimail.comdn: dc=indimail,dc=orgobjectClass: topobjectClass: dcObjectobjectClass: organizationo: Home LDAP Networkdc: indimail# Manager, indimail.comdn: cn=Manager,dc=indimail,dc=orgobjectClass: organizationalRolecn: Manager# users, indimail.comdn: ou=users,dc=indimail,dc=orgou: usersobjectClass: topobjectClass: organizationalUnit# addressbook, indimail.comdn: ou=addressbook,dc=indimail,dc=orgou: addressbookobjectClass: topobjectClass: organizationalUnitNow that we have defined and imported our directory scheme, we are able to create user entries to populate the addressbook. The following is a simple example LDIF entry for a contact.You can gain use slappasswd to generate a user password% slappasswd -h {MD5} -s manny{MD5}j+eKwOqr8vR0sN46lo4WXg==The first line (dn:) designates where about in the directory the entry will belong when its imported, this should be changed to suit your needs.% cat > newcontact.ldifdn:uid=mbhangui,ou=addressbook,dc=indimail,dc=orguid: mbhanguicn: Manvendra Bhanguign: Manvendrasn: Bhanguio: Consim Info Pvt. Ltd.l: Mandaivellistreet: #94 Coconut Republicst: TNpostalCode: 600028pager: +91 44 5555 1111homePhone: +91 44 5555 1234telephoneNumber: +91 44 5555 1235facsimileTelephoneNumber: +91 44 5555 1236mobile: +91 99401xxxxxmail: [email protected]: topobjectClass: inetOrgPersonuserPassword: {MD5}j+eKwOqr8vR0sN46lo4WXg==cntrl-dThe contents of the LDIF file can be added into the directory service using the "ldapadd" command below.% ldapadd -x -D 'cn=Manager,dc=indimail,dc=org' -W -f newcontact.ldifEnter LDAP Password:adding new entry "uid=mbhangui,ou=addressbook,dc=indimail,dc=org"If you do not require an address book and just require a basic user object to use for authenticaton, a basic user object can be created and imported into the LDAP server. This file uses the "UID" (User ID) string to distinguish the object and the contents are all that we need to create a basic authentication mechanism.It should also be noted that this object is stored in the "users" organisational unit, which is located outside of the address book directory.=% cat > useraccount.ldifdn:uid=postmaster,ou=users,dc=indimail,dc=orguid: postmasteruserPassword: {MD5}j+eKwOqr8vR0sN46lo4WXg==objectClass: topobjectClass: accountobjectClass: simpleSecurityObjectcntrl-d% ldapadd -x -D 'cn=Manager,dc=indimail,dc=org' -W -f useraccount.ldifEnter LDAP Password:adding new entry "uid=postmaster,ou=users,dc=indimail,dc=org"For mbhangui to authenticate to the server, one needs to pass"uid=mbhangui,ou=users,dc=indimail,dc=org" as username along with the the plain text value of password, the hashed value is only for storage purposes.% ldapsearch -x -b 'ou=AddressBook,dc=indimail,dc=org' \-D "uid=mbhangui,ou=users,dc=indimail,dc=org" '(objectclass=*)' \-s sub -w mannyBacking up LDAP DatabaseTo export% sudo /var/indimail/bin/svc -d /service/slapd.389% slapcat -vl /etc/openldap/backup_slapd.ldif% sudo /var/indimail/bin/svc -u /service/slapd.389To import% sudo /var/indimail/bin/svc -d /service/slapd.389% slapadd -vl /etc/openldap/backup_slapd.ldif% chown ldap.ldap /var/lib/ldap/*% sudo /var/indimail/bin/svc -u /service/slapd.389Email Client SettingsThe last steps in setting up the shared address book is to configure the users email clients to access the LDAP server.The following table contains some of the information needed to configure the client applications. Note the username will need to be written as the complete "distinguished name" value so the server knows which object to authenticate.LDAP Server : your_host_IP:389Search Base : ou=addressbook,dc=indimail,dc=orgLogin Method : use distinguished name (if listed)Username : uid=user,ou=addressbook,dc=indimail,dc=orgPassword : As entered in newcontact.ldif file (plain text version)Secure Connection: Never (unless encryption has been configured)In the above 'user' is the actual user created in ldap by using ldapaddReferenceshttp://www.brennan.id.au/20-Shared_Address_Book_LDAP.htmlhttp://www.wains.be/mirrors/feldt.com/http://linsec.ca/Using_OpenLDAP_as_an_Address_Book [Less]
using openLDAP for addressbook
Posted almost 14 years ago by [email protected] (Cprogrammer)
By now I have got exhausted answering folks 'Why IndiMail does not have a shared addressbook'IndiMail is a pure messaging platform. It does not attempt to do things which can be done better by other software like openLDAP etc.However, things can get ... [More] bit tricky setting up an address book using openLDAP. This tutorial should make it easy for you to install your own shared address book. The commands below have worked for me on my linux laptop which is proudly powered by Fedora 12. The commands / configuration may slightly vary for your Linux distro / openLDAP version.Install openldap% sudo yum install openldap openldap-servers openldap-clientsConfigure openldapYou need to start slapd to implement openldap. slapd uses configurionfile /etc/openldap/slapd.confThe following slapd.conf file contains the basic configurations required to establish a shared address book on a secure network, however there are no access controls yet defined; security is covered later on. The encrypted root password (rootpw) should be substituted where necessary. You can use slappasswd to generate the password% slappasswd -s secret{SSHA}gDPX3cS87+B31mAF5zHCGtEJBYSuqrN/## See slapd.conf(5) for details on configuration options.# This file should NOT be world readable.#include /etc/openldap/schema/corba.schemainclude /etc/openldap/schema/core.schemainclude /etc/openldap/schema/cosine.schemainclude /etc/openldap/schema/duaconf.schemainclude /etc/openldap/schema/dyngroup.schemainclude /etc/openldap/schema/inetorgperson.schemainclude /etc/openldap/schema/java.schemainclude /etc/openldap/schema/misc.schemainclude /etc/openldap/schema/nis.schemainclude /etc/openldap/schema/openldap.schemainclude /etc/openldap/schema/ppolicy.schemainclude /etc/openldap/schema/collective.schema######################################################################## ldbm and/or bdb database definitions#######################################################################database bdbsuffix "dc=indimail,dc=org"checkpoint 1024 15rootdn "cn=Manager,dc=indimail,dc=org"rootpw {SSHA}gDPX3cS87+B31mAF5zHCGtEJBYSuqrN/# The database directory MUST exist prior to running slapd AND# should only be accessible by the slapd and slap tools.# Mode 700 recommended.directory /var/lib/ldap# Sample access control policy:# Root DSE: allow anyone to read it# Subschema (sub)entry DSE: allow anyone to read it# Other DSEs:# Allow self write access# Allow authenticated users read access# Allow anonymous users to authenticate# Directives needed to implement policy:# access to dn.base="" by * read# access to dn.base="cn=Subschema" by * read# access to *# by self write# by users read# by anonymous auth## if no access controls are present, the default policy# allows anyone and everyone to read anything but restricts# updates to rootdn. (e.g., "access to * by * read")## rootdn can always read and write EVERYTHING!access to dn.subtree="ou=addressbook,dc=indimail,dc=org" by anonymous auth by self write by users readaccess to * by anonymous auth by self read by users read# Indices to maintain for this databaseindex objectClass eq,pres#index ou,cn,mail,surname,givenname eq,pres,sub#index uidNumber,gidNumber,loginShell eq,pres#index uid,memberUid eq,pres,sub#index nisMapName,nisMapEntry eq,pres,subMake user that /etc/openldap/slapd.conf is owned by ldap and has write permissions for ldap user.As of now I prefer openldap using slapd.conf and not slapd.d for configuration.% sudo /bin/rm -r /etc/openldap/slapd.dslapd StartupMy favourite method happens to be using djb's supervise and hence is one of the core compoment of the IndiMail package% cat > /tmp/run1#!/bin/shexec /usr/sbin/slapd -u ldap -f /etc/openldap/slapd.conf -d 0 2>&1cntrl-d% cat > /tmp/run2#!/bin/shexec /var/indimail/bin/setuidgid qmaill \/var/indimail/bin/multilog t /var/log/indimail/slapd.389cntrl-d# create /service/.slapd.389 so that svscan does not discover this new service yet% sudo mkdir -p /service/.slapd.389/log% sudo mv /tmp/run2 /service/.slapd.389/log/run% sudo mv /tmp/run1 /service/.slapd.389/run% sudo chmod +x /service/.slapd.389/run /service/.slapd.389/log/run# rename .slapd.389 to slapd.389 for svscan to discover and start slapd% sudo mv /service/.slapd.389 /service/slapd.389% svstat /service/slapd.389/service/slapd.389/: up (pid 4069) 4 secondsAddressBook EntriesInformation can be imported and exported into an LDAP directory service using the LDAP Data Interchange Format (LDIF) as defined in RFC2849. An LDIF file specifies the contents of a directory entry in a human readable text format, this allows quick manipulation of a file to re-import similar entries into the directory.Now that the LDAP server has been configured and is running, we can conduct a simple search of the naming context to see our directory information before we start to import our entries.The "namingContexts" should be similar to the example below.% ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts# extended LDIF## LDAPv3# base <> with scope base# filter: (objectclass=*)# requesting: namingContextsdn:namingContexts: dc=indimail,dc=org# search resultsearch: 2result: 0 Success# numResponses: 2# numEntries: 1The following LDIF file will create the hierarchical directory service structure that we will be using for indimail's address book. The first entry is that of the base directory and the second entry is for the Manager's (administrator) account. The last two entries are the two organisational units that we will use to store the authorised users (for adding security later) and the address book entries.The bolded entries should be changed to suit your configuration requirements.% cat > addressbook.ldif# Domain entrydn: dc=indimail,dc=orgo: IndiMail LDAP Serverdc: indimailobjectclass: dcObjectobjectclass: organization# Manager entrydn: cn=Manager,dc=indimail,dc=orgcn: Managerobjectclass: organizationalRole# Usersdn: ou=users,dc=indimail,dc=orgou: usersobjectClass: topobjectClass: organizationalUnit# Addressbook entrydn: ou=AddressBook,dc=indimail,dc=orgou: AddressBookobjectClass: topobjectClass: organizationalUnitcntrl-d% ldapadd -x -D 'cn=Manager,dc=indimail,dc=org' -W -f addressbook.ldifEnter LDAP Password:adding new entry "dc=indimail,dc=org"adding new entry "cn=Manager,dc=indimail,dc=org"adding new entry "ou=users,dc=indimail,dc=org"adding new entry "ou=addressbook,dc=indimail,dc=org"The following LDAP search is requesting a listing of all entries starting from the base "dc=indimail,dc=org". This should return all of the entries that where added in the previous step.% ldapsearch -x -b 'dc=indimail,dc=org' '(objectclass=*)'# indimail.comdn: dc=indimail,dc=orgobjectClass: topobjectClass: dcObjectobjectClass: organizationo: Home LDAP Networkdc: indimail# Manager, indimail.comdn: cn=Manager,dc=indimail,dc=orgobjectClass: organizationalRolecn: Manager# users, indimail.comdn: ou=users,dc=indimail,dc=orgou: usersobjectClass: topobjectClass: organizationalUnit# addressbook, indimail.comdn: ou=addressbook,dc=indimail,dc=orgou: addressbookobjectClass: topobjectClass: organizationalUnitNow that we have defined and imported our directory scheme, we are able to create user entries to populate the addressbook. The following is a simple example LDIF entry for a contact.You can gain use slappasswd to generate a user password% slappasswd -h {MD5} -s manny{MD5}j+eKwOqr8vR0sN46lo4WXg==The first line (dn:) designates where about in the directory the entry will belong when its imported, this should be changed to suit your needs.% cat > newcontact.ldifdn:uid=mbhangui,ou=addressbook,dc=indimail,dc=orguid: mbhanguicn: Manvendra Bhanguign: Manvendrasn: Bhanguio: Consim Info Pvt. Ltd.l: Mandaivellistreet: #94 Coconut Republicst: TNpostalCode: 600028pager: +91 44 5555 1111homePhone: +91 44 5555 1234telephoneNumber: +91 44 5555 1235facsimileTelephoneNumber: +91 44 5555 1236mobile: +91 99401xxxxxmail: [email protected]: topobjectClass: inetOrgPersonuserPassword: {MD5}j+eKwOqr8vR0sN46lo4WXg==cntrl-dThe contents of the LDIF file can be added into the directory service using the "ldapadd" command below.% ldapadd -x -D 'cn=Manager,dc=indimail,dc=org' -W -f newcontact.ldifEnter LDAP Password:adding new entry "uid=mbhangui,ou=addressbook,dc=indimail,dc=org"If you do not require an address book and just require a basic user object to use for authenticaton, a basic user object can be created and imported into the LDAP server. This file uses the "UID" (User ID) string to distinguish the object and the contents are all that we need to create a basic authentication mechanism.It should also be noted that this object is stored in the "users" organisational unit, which is located outside of the address book directory.=% cat > useraccount.ldifdn:uid=postmaster,ou=users,dc=indimail,dc=orguid: postmasteruserPassword: {MD5}j+eKwOqr8vR0sN46lo4WXg==objectClass: topobjectClass: accountobjectClass: simpleSecurityObjectcntrl-d% ldapadd -x -D 'cn=Manager,dc=indimail,dc=org' -W -f useraccount.ldifEnter LDAP Password:adding new entry "uid=postmaster,ou=users,dc=indimail,dc=org"For mbhangui to authenticate to the server, one needs to pass"uid=mbhangui,ou=users,dc=indimail,dc=org" as username along with the the plain text value of password, the hashed value is only for storage purposes.% ldapsearch -x -b 'ou=AddressBook,dc=indimail,dc=org' \-D "uid=mbhangui,ou=users,dc=indimail,dc=org" '(objectclass=*)' \-s sub -w mannyBacking up LDAP DatabaseTo export% sudo /var/indimail/bin/svc -d /service/slapd.389% slapcat -vl /etc/openldap/backup_slapd.ldif% sudo /var/indimail/bin/svc -u /service/slapd.389To import% sudo /var/indimail/bin/svc -d /service/slapd.389% slapadd -vl /etc/openldap/backup_slapd.ldif% chown ldap.ldap /var/lib/ldap/*% sudo /var/indimail/bin/svc -u /service/slapd.389Email Client SettingsThe last steps in setting up the shared address book is to configure the users email clients to access the LDAP server.The following table contains some of the information needed to configure the client applications. Note the username will need to be written as the complete "distinguished name" value so the server knows which object to authenticate.LDAP Server : your_host_IP:389Search Base : ou=addressbook,dc=indimail,dc=orgLogin Method : use distinguished name (if listed)Username : uid=user,ou=addressbook,dc=indimail,dc=orgPassword : As entered in newcontact.ldif file (plain text version)Secure Connection: Never (unless encryption has been configured)In the above 'user' is the actual user created in ldap by using ldapaddReferenceshttp://www.brennan.id.au/20-Shared_Address_Book_LDAP.htmlhttp://www.wains.be/mirrors/feldt.com/http://linsec.ca/Using_OpenLDAP_as_an_Address_Book [Less]
using openLDAP for addressbook
Posted almost 14 years ago by [email protected] (Manvendra Bhangui)
By now I have got exhausted answering folks 'Why IndiMail does not have a shared addressbook'IndiMail is a pure messaging platform. It does not attempt to do things which can be done better by other software like openLDAP etc.However, things can get ... [More] bit tricky setting up an address book using openLDAP. This tutorial should make it easy for you to install your own shared address book. The commands below have worked for me on my linux laptop which is proudly powered by Fedora 12. The commands / configuration may slightly vary for your Linux distro / openLDAP version.Install openldap% sudo yum install openldap openldap-servers openldap-clientsConfigure openldapYou need to start slapd to implement openldap. slapd uses configurionfile /etc/openldap/slapd.confThe following slapd.conf file contains the basic configurations required to establish a shared address book on a secure network, however there are no access controls yet defined; security is covered later on. The encrypted root password (rootpw) should be substituted where necessary. You can use slappasswd to generate the password% slappasswd -s secret{SSHA}gDPX3cS87+B31mAF5zHCGtEJBYSuqrN/## See slapd.conf(5) for details on configuration options.# This file should NOT be world readable.#include /etc/openldap/schema/corba.schemainclude /etc/openldap/schema/core.schemainclude /etc/openldap/schema/cosine.schemainclude /etc/openldap/schema/duaconf.schemainclude /etc/openldap/schema/dyngroup.schemainclude /etc/openldap/schema/inetorgperson.schemainclude /etc/openldap/schema/java.schemainclude /etc/openldap/schema/misc.schemainclude /etc/openldap/schema/nis.schemainclude /etc/openldap/schema/openldap.schemainclude /etc/openldap/schema/ppolicy.schemainclude /etc/openldap/schema/collective.schema######################################################################## ldbm and/or bdb database definitions#######################################################################database bdbsuffix "dc=indimail,dc=org"checkpoint 1024 15rootdn "cn=Manager,dc=indimail,dc=org"rootpw {SSHA}gDPX3cS87+B31mAF5zHCGtEJBYSuqrN/# The database directory MUST exist prior to running slapd AND# should only be accessible by the slapd and slap tools.# Mode 700 recommended.directory /var/lib/ldap# Sample access control policy:# Root DSE: allow anyone to read it# Subschema (sub)entry DSE: allow anyone to read it# Other DSEs:# Allow self write access# Allow authenticated users read access# Allow anonymous users to authenticate# Directives needed to implement policy:# access to dn.base="" by * read# access to dn.base="cn=Subschema" by * read# access to *# by self write# by users read# by anonymous auth## if no access controls are present, the default policy# allows anyone and everyone to read anything but restricts# updates to rootdn. (e.g., "access to * by * read")## rootdn can always read and write EVERYTHING!access to dn.subtree="ou=addressbook,dc=indimail,dc=org" by anonymous auth by self write by users readaccess to * by anonymous auth by self read by users read# Indices to maintain for this databaseindex objectClass eq,pres#index ou,cn,mail,surname,givenname eq,pres,sub#index uidNumber,gidNumber,loginShell eq,pres#index uid,memberUid eq,pres,sub#index nisMapName,nisMapEntry eq,pres,subMake user that /etc/openldap/slapd.conf is owned by ldap and has write permissions for ldap user.As of now I prefer openldap using slapd.conf and not slapd.d for configuration.% sudo /bin/rm -r /etc/openldap/slapd.dslapd StartupMy favourite method happens to be using djb's supervise and hence is one of the core compoment of the IndiMail package% cat > /tmp/run1#!/bin/shexec /usr/sbin/slapd -u ldap -f /etc/openldap/slapd.conf -d 0 2>&1cntrl-d% cat > /tmp/run2#!/bin/shexec /var/indimail/bin/setuidgid qmaill \/var/indimail/bin/multilog t /var/log/indimail/slapd.389cntrl-d# create /service/.slapd.389 so that svscan does not discover this new service yet% sudo mkdir -p /service/.slapd.389/log% sudo mv /tmp/run2 /service/.slapd.389/log/run% sudo mv /tmp/run1 /service/.slapd.389/run% sudo chmod +x /service/.slapd.389/run /service/.slapd.389/log/run# rename .slapd.389 to slapd.389 for svscan to discover and start slapd% sudo mv /service/.slapd.389 /service/slapd.389% svstat /service/slapd.389/service/slapd.389/: up (pid 4069) 4 seconds http://www.brennan.id.au/20-Shared_Address_Book_LDAP.html http://www.wains.be/mirrors/feldt.com/ http://linsec.ca/Using_OpenLDAP_as_an_Address_Book [Less]