Zhang Huangbin avatar Zhang Huangbin committed fe0583e

Working on OpenBSD ldapd(8) support.

Comments (0)

Files changed (6)

iRedMail/conf/global

 export ENABLE_BACKEND_OPENLDAP='YES'
 export ENABLE_BACKEND_MYSQL='YES'
 export ENABLE_BACKEND_PGSQL='NO'
+# OpenBSD built-in LDAP daemon
+export ENABLE_BACKEND_LDAPD='NO'
 
 # Enabled components.
 export DIALOG_SELECTABLE_AWSTATS='YES'
 
 elif [ X"${DISTRO}" == X'OPENBSD' ]; then
     export ENABLE_BACKEND_PGSQL='YES'
+    export ENABLE_BACKEND_LDAPD='YES'
 
     # System user: root.
     export SYS_ROOT_USER='root'

iRedMail/dialog/config_via_dialog.sh

 " 20 76 "${VMAIL_USER_HOME_DIR}" 2>/tmp/vmail_user_home_dir
 
 export VMAIL_USER_HOME_DIR="$(cat /tmp/vmail_user_home_dir)"
-rm -f /tmp/vmail_user_home_dir
+rm -f /tmp/vmail_user_home_dir &>/dev/null
 
 export STORAGE_BASE_DIR="${VMAIL_USER_HOME_DIR}"
 export STORAGE_MAILBOX_DIR="${STORAGE_BASE_DIR}/${STORAGE_NODE}"
 echo "export BACKUP_SCRIPT_PGSQL='${BACKUP_SCRIPT_PGSQL}'" >>${CONFIG_FILE}
 
 # --------------------------------------------------
-# --------------------- Backend --------------------
+# --------------------- Backends --------------------
 # --------------------------------------------------
-# PGSQL is available on Ubuntu 11.04, 11.10.
+export DIALOG_AVAILABLE_BACKENDS=''
+if [ X"${ENABLE_BACKEND_LDAPD}" == X"YES" ]; then
+    export DIALOG_AVAILABLE_BACKENDS="${DIALOG_AVAILABLE_BACKENDS} ldapd The_OpenBSD_built-in_LDAP_server off"
+fi
+if [ X"${ENABLE_BACKEND_OPENLDAP}" == X"YES" ]; then
+    export DIALOG_AVAILABLE_BACKENDS="${DIALOG_AVAILABLE_BACKENDS} OpenLDAP An_open_source_implementation_of_LDAP_protocol off"
+fi
+
+if [ X"${ENABLE_BACKEND_MYSQL}" == X"YES" ]; then
+    export DIALOG_AVAILABLE_BACKENDS="${DIALOG_AVAILABLE_BACKENDS} MySQL Most_popular_open_source_database off"
+fi
+
 if [ X"${ENABLE_BACKEND_PGSQL}" == X"YES" ]; then
+    export DIALOG_AVAILABLE_BACKENDS="${DIALOG_AVAILABLE_BACKENDS} PostgreSQL Powerful,_open_source_database_system off"
+fi
+
+while : ; do
     ${DIALOG} \
     --title "Choose your preferred backend used to store mail accounts" \
     --radiolist "\
-We provide two backends and the homologous webmail programs:
-+------------+---------------+---------------------------+
-| Backend    | Web Mail      | Web-based management tool |
-+------------+---------------+---------------------------+
-| OpenLDAP   |               | iRedAdmin, phpLDAPadmin   |
-+------------+               +---------------------------+
-| MySQL      | Roundcube     | iRedAdmin, phpMyAdmin     |
-+------------+               +---------------------------+
-| PostgreSQL |               | iRedAdmin, phpPgAdmin     |
-+------------+---------------+---------------------------+
++-----------------+---------------+---------------------------+
+| Backend         | Web Mail      | Web-based management tool |
++-----------------+---------------+---------------------------+
+| OpenLDAP, ldapd |               | iRedAdmin, phpLDAPadmin   |
++-----------------+               +---------------------------+
+| MySQL           | Roundcube     | iRedAdmin, phpMyAdmin     |
++-----------------+               +---------------------------+
+| PostgreSQL      |               | iRedAdmin, phpPgAdmin     |
++-----------------+---------------+---------------------------+
 TIP: Use SPACE key to select item.
-" 20 76 3 \
-    'OpenLDAP' 'An open source implementation of LDAP protocol' 'on' \
-    'MySQL' "The world's most popular open source database" 'off' \
-    'PostgreSQL' 'Powerful, open source database system' 'off' \
-    2>/tmp/backend
+" 20 76 4 ${DIALOG_AVAILABLE_BACKENDS} 2>/tmp/backend
 
-else
-    ${DIALOG} \
-    --title "Choose your preferred backend used to store mail accounts" \
-    --radiolist "\
-We provide two backends and the homologous webmail programs:
-+------------+---------------+---------------------------+
-| Backend    | Web Mail      | Web-based management tool |
-+------------+---------------+---------------------------+
-| OpenLDAP   |               | iRedAdmin, phpLDAPadmin   |
-+------------+ Roundcube     +---------------------------+
-| MySQL      |               | iRedAdmin, phpMyAdmin     |
-+------------+---------------+---------------------------+
+    BACKEND_ORIG="$(cat /tmp/backend | tr '[a-z]' '[A-Z]')"
+    [ X"${BACKEND_ORIG}" != X"" ] && break
+done
 
-TIP: Use SPACE key to select item.
-" 20 76 3 \
-    'OpenLDAP' 'An open source implementation of LDAP protocol' 'on' \
-    'MySQL' "The world's most popular open source database" 'off' \
-    2>/tmp/backend
+if [ X"${BACKEND_ORIG}" == X'LDAPD' ]; then
+    export BACKEND='OPENLDAP'
+elif [ X"${BACKEND_ORIG}" == X'OPENLDAP' ]; then
+    export BACKEND='OPENLDAP'
+elif [ X"${BACKEND_ORIG}" == X'MYSQL' ]; then
+    export BACKEND='MYSQL'
+elif [ X"${BACKEND_ORIG}" == X'POSTGRESQL' ]; then
+    export BACKEND='PGSQL'
+    export BACKEND_ORIG='PGSQL'
 fi
-
-BACKEND_ORIG="$(cat /tmp/backend)"
-if [ X"${BACKEND_ORIG}" == X'OpenLDAP' ]; then
-    export BACKEND='OPENLDAP'
-elif [ X"${BACKEND_ORIG}" == X'MySQL' ]; then
-    export BACKEND='MYSQL'
-elif [ X"${BACKEND_ORIG}" == X'PostgreSQL' ]; then
-    export BACKEND='PGSQL'
-fi
+echo "export BACKEND_ORIG='${BACKEND_ORIG}'" >> ${CONFIG_FILE}
 echo "export BACKEND='${BACKEND}'" >> ${CONFIG_FILE}
-rm -f /tmp/backend
+rm -f /tmp/backend &>/dev/null
 
 # Read-only SQL user/role, used to query mail accounts in Postfix, Dovecot.
 export VMAIL_DB_BIND_PASSWD="$(${RANDOM_STRING})"

iRedMail/dialog/optional_components.sh

     # Apache module mod_auth_pgsql is not available
     [ X"${BACKEND}" == X'PGSQL' ] && export DIALOG_SELECTABLE_AWSTATS='NO'
 elif [ X"${DISTRO}" == X'OPENBSD' ]; then
-    # Binary/port Awstats is not available
+    # Binary/port Awstats is not available in 5.2 and earlier releases
     export DIALOG_SELECTABLE_AWSTATS='NO'
 fi
 
 # Note: item_descrition must be concatenated by '_'.
 export LIST_OF_OPTIONAL_COMPONENTS=''
 
+if [ X"${BACKEND}" == X'OPENLDAP' ]; then
+    LIST_OF_OPTIONAL_COMPONENTS="${LIST_OF_OPTIONAL_COMPONENTS} phpLDAPadmin Web-based_LDAP_management_tool on"
+    LIST_OF_OPTIONAL_COMPONENTS="${LIST_OF_OPTIONAL_COMPONENTS} phpMyAdmin Web-based_MySQL_management_tool on"
+elif [ X"${BACKEND}" == X'MYSQL' ]; then
+    LIST_OF_OPTIONAL_COMPONENTS="${LIST_OF_OPTIONAL_COMPONENTS} phpMyAdmin Web-based_MySQL_management_tool on"
+elif [ X"${BACKEND}" == X'PGSQL' ]; then
+    LIST_OF_OPTIONAL_COMPONENTS="${LIST_OF_OPTIONAL_COMPONENTS} phpMyAdmin Web-based_MySQL_management_tool on"
+fi
+
 if [ X"${DIALOG_SELECTABLE_AWSTATS}" == X'YES' ]; then
-    LIST_OF_OPTIONAL_COMPONENTS="${LIST_OF_OPTIONAL_COMPONENTS} Awstats Advanced_web_and_mail_log_analyzer on"
+    LIST_OF_OPTIONAL_COMPONENTS="${LIST_OF_OPTIONAL_COMPONENTS} phpPgAdmin Web-based_PostgreSQL_management_tool on"
 fi
 
+# Fail2ban
+LIST_OF_OPTIONAL_COMPONENTS="${LIST_OF_OPTIONAL_COMPONENTS} Fail2ban Ban_IP_with_too_many_password_failures on"
+
 export tmp_config_optional_components="${ROOTDIR}/.optional_components"
 
-if [ X"${BACKEND}" == X"OPENLDAP" ]; then
-    ${DIALOG} \
-    --title "Optional Components for ${BACKEND_ORIG} backend" \
-    --checklist "\
+${DIALOG} \
+--title "Optional components" \
+--checklist "\
 Note:
     * DKIM is recommended.
     * SPF validation (Sender Policy Framework) is enabled by default.
     * Refer to file for more detail after installation:
       ${TIP_FILE}
 " 20 76 8 \
-    "DKIM signing/verification" "DomainKeys Identified Mail" "on" \
-    "iRedAdmin" "Official web-based Admin Panel" "on" \
-    "Roundcubemail" "WebMail program (PHP, AJAX)" "on" \
-    "phpLDAPadmin" "Web-based OpenLDAP management tool" "on" \
-    "phpMyAdmin" "Web-based MySQL management tool" "on" \
-    ${LIST_OF_OPTIONAL_COMPONENTS} \
-    "Fail2ban" "Ban IP with too many password failures" "on" \
-    2>${tmp_config_optional_components}
-
-elif [ X"${BACKEND}" == X"MYSQL" ]; then
-    ${DIALOG} \
-    --title "Optional Components for ${BACKEND_ORIG} backend" \
-    --checklist "\
-Note:
-    * DKIM is recommended.
-    * SPF validation (Sender Policy Framework) is enabled by default.
-    * DNS record (TXT type) are required for both SPF and DKIM.
-    * Please refer to file for more detail after installation:
-      ${TIP_FILE}
-" 20 76 8 \
-    "DKIM signing/verification" "DomainKeys Identified Mail" "on" \
-    "Roundcubemail" "WebMail program (PHP, AJAX)" "on" \
-    "phpMyAdmin" "Web-based MySQL management tool" "on" \
-    "iRedAdmin" "Official web-based Admin Panel" "on" \
-    ${LIST_OF_OPTIONAL_COMPONENTS} \
-    "Fail2ban" "Ban IP with too many password failures" "on" \
-    2>${tmp_config_optional_components}
-
-elif [ X"${BACKEND}" == X"PGSQL" ]; then
-    ${DIALOG} \
-    --title "Optional Components for ${BACKEND_ORIG} backend" \
-    --checklist "\
-Note:
-    * DKIM is recommended.
-    * SPF validation (Sender Policy Framework) is enabled by default.
-    * DNS record (TXT type) are required for both SPF and DKIM.
-    * Please refer to file for more detail after installation:
-      ${TIP_FILE}
-" 20 76 8 \
-    "DKIM signing/verification" "DomainKeys Identified Mail" "on" \
-    "Roundcubemail" "WebMail program (PHP, AJAX)" "on" \
-    "iRedAdmin" "Official web-based Admin Panel" "on" \
-    "phpPgAdmin" "Web-based MySQL management tool" "on" \
-    ${LIST_OF_OPTIONAL_COMPONENTS} \
-    "Fail2ban" "Ban IP with too many password failures" "on" \
-    2>${tmp_config_optional_components}
-fi
+"DKIM signing/verification" "DomainKeys Identified Mail" "on" \
+"iRedAdmin" "Official web-based Admin Panel" "on" \
+"Roundcubemail" "WebMail program (PHP, AJAX)" "on" \
+${LIST_OF_OPTIONAL_COMPONENTS} \
+2>${tmp_config_optional_components}
 
 OPTIONAL_COMPONENTS="$(cat ${tmp_config_optional_components})"
 rm -f ${tmp_config_optional_components} &>/dev/null

iRedMail/functions/openldap.sh

 index uidNumber,gidNumber,uid,memberUid,loginShell  eq,pres
 index homeDirectory,mailMessageStore                eq,pres
 index ou,cn,mail,surname,givenname,telephoneNumber  eq,pres,sub
-index nisMapName,nisMapEntry                        eq,pres,sub
+#index nisMapName,nisMapEntry                        eq,pres,sub
 index shadowLastChange                              eq,pres
 
 #

iRedMail/samples/iredmail.schema

 attributetype ( 1.3.6.1.4.1.32349.1.2.2.15 NAME 'lastLoginDate'
     DESC 'Last login date.'
     EQUALITY generalizedTimeMatch
-    SUBSTR caseIgnoreSubstringsMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
     SINGLE-VALUE )
 attributetype ( 1.3.6.1.4.1.32349.1.2.2.16 NAME 'lastLoginIP'

iRedMail/samples/ldapd.conf

+schema "/etc/ldap/core.schema"
+schema "/etc/ldap/inetorgperson.schema"
+schema "/etc/ldap/nis.schema"
+schema "/etc/ldap/iredmail.schema"
+
+listen on lo0
+listen on "/var/run/ldapi"
+
+namespace "PH_LDAP_SUFFIX" {
+    rootdn  "PH_LDAP_ROOTDN"
+    rootpw  "PH_LDAP_ROOTPW"
+
+    index   objectClass
+    index   accountStatus
+
+    index   sn
+    index   givenName
+    index   cn
+    index   mail
+    index   uid
+    index   shadowLastChange
+    index   userSenderBccAddress
+    index   userRecipientBccAddress
+
+    index   domainName
+    index   domainAliasName
+    index   domainAdmin
+    index   domainGlobalAdmin
+    index   domainBackupMX
+    index   domainSenderBccAddress
+    index   domainRecipientBccAddress
+
+    index   accessPolicy
+    index   memberOfGroup
+
+    # TODO: access policy
+}
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.