aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--fripost-docs.org55
1 files changed, 31 insertions, 24 deletions
diff --git a/fripost-docs.org b/fripost-docs.org
index 2656cf8..f3fecc3 100644
--- a/fripost-docs.org
+++ b/fripost-docs.org
@@ -1452,8 +1452,8 @@ sudo apt-get install sasl2-bin libsasl2-modules-ldap
test our installation.)
In the rest of this section, we assume there is a tunnel from the master
-LDAP server to the slave (i.e., ldap://127.0.0.1:3890 on the slaves actually
-speaks to the master).
+LDAP server to the machine that hosts SASLauthd (i.e., ldap://127.0.0.1:3890 on
+this machine actually speaks to the master).
**** Configure saslauthd
@@ -1477,6 +1477,10 @@ speaks to the master).
ldap_filter: (&(objectClass=virtualMailbox)(uid=%U)(isActive=TRUE))
ldap_scope: base
+We need to bind to `cn=SASLauth,...' here, because SASLauthd performs the search
+before binding to the user (unlike Dovecot). Hence it needs to have read access
+on the user's entry (except his/her password, of course).
+
After restarting saslauthd (`/etc/init.d/saslauthd restart'), we can test the
authentication: `testsaslauthd -u user@fripost.org -p password'. (The password
cannot be prompted, so you may want to create a dummy user.)
@@ -1784,33 +1788,36 @@ in
**** Allow the users to change their password
-We neet to install a plugin http://trac.roundcube.net/browser/trunk/roundcubemail/plugins/password .
-It may be in
+We neet to install a plugin http://trac.roundcube.net/browser/trunk/roundcubemail/plugins/password ,
+which you can find in:
:: apt-get install roundcube-plugins
Depends on PHP's LDAP library:
- :: apt-get install php-net-ldap2
-
-We now need to modify `.../plugins/password/config/inc.php.dist' as follows [TODO: not tested.]
-
-$rcmail_config['password_ldap_host'] = '127.0.0.1';
-$rcmail_config['password_ldap_port'] = '389';
-$rcmail_config['password_ldap_starttls'] = false;
-$rcmail_config['password_ldap_version'] = '3';
-$rcmail_config['password_ldap_basedn'] = 'ou=virtual,o=mailHosting,dc=fripost,dc=org'
-$rcmail_config['password_ldap_method'] = 'user';
-$rcmail_config['password_ldap_adminDN'] = null;
-$rcmail_config['password_ldap_adminPW'] = null;
-$rcmail_config['password_ldap_userDN_mask'] = 'uid=%name,dc=%domain,ou=virtual,o=mailHosting,dc=fripost,dc=org';
-$rcmail_config['password_ldap_searchDN'] = null
-$rcmail_config['password_ldap_searchPW'] = null
-$rcmail_config['password_ldap_search_base'] = null
-$rcmail_config['password_ldap_search_filter'] = null
-$rcmail_config['password_ldap_encodage'] = 'ssha';
-$rcmail_config['password_ldap_pwattr'] = 'userPassword';
-$rcmail_config['password_ldap_force_replace'] = true;
+ :: apt-get install php5-ldap
+
+In the rest of this section, we assume there is a tunnel from the master
+LDAP server to the machine that hosts the webmail (i.e., ldap://127.0.0.1:3890
+on this machine actually speaks to the master).
+
+ :: /etc/roundcube/plugins/password/config.inc.php
+
+ $rcmail_config['password_driver'] = 'ldap_simple';
+ $rcmail_config['password_confirm_current'] = true;
+ $rcmail_config['password_minimum_length'] = 8;
+ $rcmail_config['password_require_nonalpha'] = true;
+ $rcmail_config['password_log'] = false;
+ $rcmail_config['password_ldap_host'] = '127.0.0.1';
+ $rcmail_config['password_ldap_port'] = '3890';
+ $rcmail_config['password_ldap_starttls'] = false;
+ $rcmail_config['password_ldap_version'] = '3';
+ $rcmail_config['password_ldap_basedn'] = 'ou=virtual,o=mailHosting,dc=fripost,dc=org'
+ $rcmail_config['password_ldap_method'] = 'user';
+ $rcmail_config['password_ldap_userDN_mask'] = 'uid=%name,dc=%domain,ou=virtual,o=mailHosting,dc=fripost,dc=org';
+ $rcmail_config['password_ldap_encodage'] = 'ssha';
+ $rcmail_config['password_ldap_pwattr'] = 'userPassword';
+ $rcmail_config['password_ldap_force_replace'] = true;
*** ikiwiki