From 87910cd5f92cdb9d928864e599c905f97e463f2f Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 6 May 2012 15:04:20 +0200 Subject: =?UTF-8?q?RoudCube=20=E2=80=98password=E2=80=99=20plugin.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- fripost-docs.org | 55 +++++++++++++++++++++++++++++++------------------------ 1 file changed, 31 insertions(+), 24 deletions(-) diff --git a/fripost-docs.org b/fripost-docs.org index 2656cf8..f3fecc3 100644 --- a/fripost-docs.org +++ b/fripost-docs.org @@ -1452,8 +1452,8 @@ sudo apt-get install sasl2-bin libsasl2-modules-ldap test our installation.) In the rest of this section, we assume there is a tunnel from the master -LDAP server to the slave (i.e., ldap://127.0.0.1:3890 on the slaves actually -speaks to the master). +LDAP server to the machine that hosts SASLauthd (i.e., ldap://127.0.0.1:3890 on +this machine actually speaks to the master). **** Configure saslauthd @@ -1477,6 +1477,10 @@ speaks to the master). ldap_filter: (&(objectClass=virtualMailbox)(uid=%U)(isActive=TRUE)) ldap_scope: base +We need to bind to `cn=SASLauth,...' here, because SASLauthd performs the search +before binding to the user (unlike Dovecot). Hence it needs to have read access +on the user's entry (except his/her password, of course). + After restarting saslauthd (`/etc/init.d/saslauthd restart'), we can test the authentication: `testsaslauthd -u user@fripost.org -p password'. (The password cannot be prompted, so you may want to create a dummy user.) @@ -1784,33 +1788,36 @@ in **** Allow the users to change their password -We neet to install a plugin http://trac.roundcube.net/browser/trunk/roundcubemail/plugins/password . -It may be in +We neet to install a plugin http://trac.roundcube.net/browser/trunk/roundcubemail/plugins/password , +which you can find in: :: apt-get install roundcube-plugins Depends on PHP's LDAP library: - :: apt-get install php-net-ldap2 - -We now need to modify `.../plugins/password/config/inc.php.dist' as follows [TODO: not tested.] - -$rcmail_config['password_ldap_host'] = '127.0.0.1'; -$rcmail_config['password_ldap_port'] = '389'; -$rcmail_config['password_ldap_starttls'] = false; -$rcmail_config['password_ldap_version'] = '3'; -$rcmail_config['password_ldap_basedn'] = 'ou=virtual,o=mailHosting,dc=fripost,dc=org' -$rcmail_config['password_ldap_method'] = 'user'; -$rcmail_config['password_ldap_adminDN'] = null; -$rcmail_config['password_ldap_adminPW'] = null; -$rcmail_config['password_ldap_userDN_mask'] = 'uid=%name,dc=%domain,ou=virtual,o=mailHosting,dc=fripost,dc=org'; -$rcmail_config['password_ldap_searchDN'] = null -$rcmail_config['password_ldap_searchPW'] = null -$rcmail_config['password_ldap_search_base'] = null -$rcmail_config['password_ldap_search_filter'] = null -$rcmail_config['password_ldap_encodage'] = 'ssha'; -$rcmail_config['password_ldap_pwattr'] = 'userPassword'; -$rcmail_config['password_ldap_force_replace'] = true; + :: apt-get install php5-ldap + +In the rest of this section, we assume there is a tunnel from the master +LDAP server to the machine that hosts the webmail (i.e., ldap://127.0.0.1:3890 +on this machine actually speaks to the master). + + :: /etc/roundcube/plugins/password/config.inc.php + + $rcmail_config['password_driver'] = 'ldap_simple'; + $rcmail_config['password_confirm_current'] = true; + $rcmail_config['password_minimum_length'] = 8; + $rcmail_config['password_require_nonalpha'] = true; + $rcmail_config['password_log'] = false; + $rcmail_config['password_ldap_host'] = '127.0.0.1'; + $rcmail_config['password_ldap_port'] = '3890'; + $rcmail_config['password_ldap_starttls'] = false; + $rcmail_config['password_ldap_version'] = '3'; + $rcmail_config['password_ldap_basedn'] = 'ou=virtual,o=mailHosting,dc=fripost,dc=org' + $rcmail_config['password_ldap_method'] = 'user'; + $rcmail_config['password_ldap_userDN_mask'] = 'uid=%name,dc=%domain,ou=virtual,o=mailHosting,dc=fripost,dc=org'; + $rcmail_config['password_ldap_encodage'] = 'ssha'; + $rcmail_config['password_ldap_pwattr'] = 'userPassword'; + $rcmail_config['password_ldap_force_replace'] = true; *** ikiwiki -- cgit v1.2.3