RoudCube ‘password’ plugin.

1 files changed, 31 insertions, 24 deletions

diff --git a/fripost-docs.org b/fripost-docs.org
index 2656cf8..f3fecc3 100644
--- a/fripost-docs.org
+++ b/fripost-docs.org
@@ -1452,8 +1452,8 @@ sudo apt-get install sasl2-bin libsasl2-modules-ldap
 test our installation.)
 
 In the rest of this section, we assume there is a tunnel from the master
-LDAP server to the slave (i.e., ldap://127.0.0.1:3890 on the slaves actually
-speaks to the master).
+LDAP server to the machine that hosts SASLauthd (i.e., ldap://127.0.0.1:3890 on
+this machine actually speaks to the master).
 
 **** Configure saslauthd
 
@@ -1477,6 +1477,10 @@ speaks to the master).
     ldap_filter: (&(objectClass=virtualMailbox)(uid=%U)(isActive=TRUE))
     ldap_scope: base
 
+We need to bind to `cn=SASLauth,...' here, because SASLauthd performs the search
+before binding to the user (unlike Dovecot). Hence it needs to have read access
+on the user's entry (except his/her password, of course).
+
 After restarting saslauthd (`/etc/init.d/saslauthd restart'), we can test the
 authentication: `testsaslauthd -u user@fripost.org -p password'. (The password
 cannot be prompted, so you may want to create a dummy user.)
@@ -1784,33 +1788,36 @@ in
 
 **** Allow the users to change their password
 
-We neet to install a plugin http://trac.roundcube.net/browser/trunk/roundcubemail/plugins/password .
-It may be in
+We neet to install a plugin http://trac.roundcube.net/browser/trunk/roundcubemail/plugins/password ,
+which you can find in:
 
   :: apt-get install roundcube-plugins
 
 Depends on PHP's LDAP library:
 
-  :: apt-get install php-net-ldap2
-
-We now need to modify `.../plugins/password/config/inc.php.dist' as follows [TODO: not tested.]
-
-$rcmail_config['password_ldap_host']          = '127.0.0.1';
-$rcmail_config['password_ldap_port']          = '389';
-$rcmail_config['password_ldap_starttls']      = false;
-$rcmail_config['password_ldap_version']       = '3';
-$rcmail_config['password_ldap_basedn']        = 'ou=virtual,o=mailHosting,dc=fripost,dc=org'
-$rcmail_config['password_ldap_method']        = 'user';
-$rcmail_config['password_ldap_adminDN']       = null;
-$rcmail_config['password_ldap_adminPW']       = null;
-$rcmail_config['password_ldap_userDN_mask']   = 'uid=%name,dc=%domain,ou=virtual,o=mailHosting,dc=fripost,dc=org';
-$rcmail_config['password_ldap_searchDN']      = null
-$rcmail_config['password_ldap_searchPW']      = null
-$rcmail_config['password_ldap_search_base']   = null
-$rcmail_config['password_ldap_search_filter'] = null
-$rcmail_config['password_ldap_encodage']      = 'ssha';
-$rcmail_config['password_ldap_pwattr']        = 'userPassword';
-$rcmail_config['password_ldap_force_replace'] = true;
+  :: apt-get install php5-ldap
+
+In the rest of this section, we assume there is a tunnel from the master
+LDAP server to the machine that hosts the webmail (i.e., ldap://127.0.0.1:3890
+on this machine actually speaks to the master).
+
+  :: /etc/roundcube/plugins/password/config.inc.php
+
+    $rcmail_config['password_driver']             = 'ldap_simple';
+    $rcmail_config['password_confirm_current']    = true;
+    $rcmail_config['password_minimum_length']     = 8;
+    $rcmail_config['password_require_nonalpha']   = true;
+    $rcmail_config['password_log']                = false;
+    $rcmail_config['password_ldap_host']          = '127.0.0.1';
+    $rcmail_config['password_ldap_port']          = '3890';
+    $rcmail_config['password_ldap_starttls']      = false;
+    $rcmail_config['password_ldap_version']       = '3';
+    $rcmail_config['password_ldap_basedn']        = 'ou=virtual,o=mailHosting,dc=fripost,dc=org'
+    $rcmail_config['password_ldap_method']        = 'user';
+    $rcmail_config['password_ldap_userDN_mask']   = 'uid=%name,dc=%domain,ou=virtual,o=mailHosting,dc=fripost,dc=org';
+    $rcmail_config['password_ldap_encodage']      = 'ssha';
+    $rcmail_config['password_ldap_pwattr']        = 'userPassword';
+    $rcmail_config['password_ldap_force_replace'] = true;
 
 *** ikiwiki