Zhang Huangbin avatar Zhang Huangbin committed aa230e4

Install and configure Policyd-2 (cluebringer) webui on Ubuntu 11.10 by default.

Comments (0)

Files changed (4)

iRedMail/conf/cluebringer

 export CLUEBRINGER_USER='cluebringer'
 export CLUEBRINGER_GROUP='cluebringer'
 export CLUEBRINGER_USER_HOME='/etc/cluebringer'
+export CLUEBRINGER_HTTPD_CONF="${HTTPD_CONF_DIR}/cluebringer.conf"
 
 #
 # Syslog setting.
     export CLUEBRINGER_CONF='/etc/cluebringer/cluebringer.conf'
     export CLUEBRINGER_INIT_SCRIPT="${DIR_RC_SCRIPTS}/postfix-policyd"
     export CLUEBRINGER_PID_FILE='var/run/cluebringer/cbpolicyd.pid'
+    export CLUEBRINGER_HTTPD_ROOT='/usr/share/postfix-cluebringer-webui/webui'
 
     # Path of policyd-clean
     export CLUEBRINGER_CLEANUP_BIN='/usr/lib/postfix-policyd/cleanup'

iRedMail/functions/cluebringer.sh

     echo 'export status_cluebringer_config="DONE"' >> ${STATUS_FILE}
 }
 
+cluebringer_webui_config()
+{
+    ECHO_DEBUG "Configure cluebringer webui."
+
+    backup_file ${CLUEBRINGER_CONF}
+
+    if [ X"${DISTRO}" == X"UBUNTU" ]; then
+        if [ X"${DISTRO_CODENAME}" == X"oneiric" ]; then
+            cat > ${CLUEBRINGER_HTTPD_CONF} <<EOF
+${CONF_MSG}
+# Note: Please refer to ${HTTPD_SSL_CONF} for SSL/TLS setting.
+#Alias /cluebringer ${CLUEBRINGER_HTTPD_ROOT}/
+
+<Directory ${CLUEBRINGER_HTTPD_ROOT}/>
+    DirectoryIndex index.php
+    Options ExecCGI
+    Order allow,deny
+    allow from all
+    #allow from 127.0.0.1
+
+    AuthName "Authorization Required"
+EOF
+
+            ECHO_DEBUG "Setup user auth for cluebringer webui: ${CLUEBRINGER_HTTPD_CONF}."
+            if [ X"${BACKEND}" == X"OpenLDAP" ]; then
+                # Use LDAP auth.
+                cat >> ${CLUEBRINGER_HTTPD_CONF} <<EOF
+    AuthType Basic
+
+    AuthBasicProvider ldap
+    AuthzLDAPAuthoritative   Off
+
+    AuthLDAPUrl   ldap://${LDAP_SERVER_HOST}:${LDAP_SERVER_PORT}/${LDAP_ADMIN_BASEDN}?${LDAP_ATTR_USER_RDN}?sub?(&(objectclass=${LDAP_OBJECTCLASS_MAILADMIN})(${LDAP_ATTR_ACCOUNT_STATUS}=${LDAP_STATUS_ACTIVE}))
+
+    AuthLDAPBindDN "${LDAP_BINDDN}"
+    AuthLDAPBindPassword "${LDAP_BINDPW}"
+EOF
+
+                [ X"${LDAP_USE_TLS}" == X"YES" ] && \
+                    perl -pi -e 's#(AuthLDAPUrl.*)(ldap://)(.*)#${1}ldaps://${3}#' ${CLUEBRINGER_HTTPD_CONF}
+
+            elif [ X"${BACKEND}" == X"MySQL" ]; then
+                # Use mod_auth_mysql.
+                if [ X"${DISTRO}" == X"RHEL" -o X"${DISTRO}" == X"SUSE" -o X"${DISTRO}" == X"FREEBSD" ]; then
+                    cat >> ${CLUEBRINGER_HTTPD_CONF} <<EOF
+    AuthType Basic
+
+    AuthMYSQLEnable On
+    AuthMySQLHost ${MYSQL_SERVER}
+    AuthMySQLPort ${MYSQL_PORT}
+    AuthMySQLUser ${MYSQL_BIND_USER}
+    AuthMySQLPassword ${MYSQL_BIND_PW}
+    AuthMySQLDB ${VMAIL_DB}
+    AuthMySQLUserTable admin
+    AuthMySQLNameField username
+    AuthMySQLPasswordField password
+EOF
+                    # FreeBSD special.
+                    if [ X"${DISTRO}" == X"FREEBSD" ]; then
+                        # Enable mod_auth_mysql module in httpd.conf.
+                        perl -pi -e 's/^#(LoadModule.*mod_auth_mysql.*)/${1}/' ${HTTPD_CONF}
+                    fi
+
+                    # OpenSuSE & FreeBSD special.
+                    if [ X"${DISTRO}" == X"SUSE" -o X"${DISTRO}" == X"FREEBSD" ]; then
+                        echo "AuthBasicAuthoritative Off" >> ${CLUEBRINGER_HTTPD_CONF}
+                    fi
+
+                elif [ X"${DISTRO}" == X"DEBIAN" -o X"${DISTRO}" == X"UBUNTU" ]; then
+                    cat >> ${CLUEBRINGER_HTTPD_CONF} <<EOF
+    AuthType Basic
+
+    AuthMYSQL on
+    AuthBasicAuthoritative Off
+    AuthUserFile /dev/null
+
+    # Database related.
+    AuthMySQL_Password_Table admin
+    Auth_MySQL_Username_Field username
+    Auth_MySQL_Password_Field password
+
+    # Password related.
+    AuthMySQL_Empty_Passwords off
+    AuthMySQL_Encryption_Types Crypt_MD5
+    Auth_MySQL_Authoritative On
+EOF
+
+                    # Set file permission.
+                    chmod 0600 ${CLUEBRINGER_HTTPD_CONF}
+
+                    cat >> ${HTTPD_CONF} <<EOF
+# MySQL auth (libapache2-mod-auth-apache2).
+# Global config of MySQL server, username, password.
+Auth_MySQL_Info ${MYSQL_SERVER} ${MYSQL_BIND_USER} ${MYSQL_BIND_PW}
+Auth_MySQL_General_DB ${VMAIL_DB}
+EOF
+                else
+                    :
+                fi
+
+                # Close <Directory> container.
+                cat >> ${CLUEBRINGER_HTTPD_CONF} <<EOF
+
+    Require valid-user
+</Directory>
+EOF
+            fi
+
+        fi
+    fi
+
+    echo 'export status_cluebringer_webui_config="DONE"' >> ${STATUS_FILE}
+}

iRedMail/functions/packages.sh

     elif [ X"${DISTRO}" == X"DEBIAN" -o X"${DISTRO}" == X"UBUNTU" ]; then
         if [ X"${DISTRO_CODENAME}" == X"oneiric" ]; then
             # Policyd-2.x, code name "cluebringer".
-            ALL_PKGS="${ALL_PKGS} postfix-cluebringer"
+            ALL_PKGS="${ALL_PKGS} postfix-cluebringer postfix-cluebringer-webui"
             ENABLED_SERVICES="${ENABLED_SERVICES} postfix-cluebringer"
 
             if [ X"${BACKEND}" == X"OpenLDAP" -o X"${BACKEND}" == X"MySQL" ]; then

iRedMail/functions/policy_server.sh

     if [ X"${DISTRO_CODENAME}" != X"oneiric" ]; then
         . ${FUNCTIONS_DIR}/policyd.sh
 
-        ECHO_INFO "Configure Policyd (postfix policy daemon)."
+        ECHO_INFO "Configure Policyd (postfix policy server, version 1.x)."
         check_status_before_run policyd_user
         check_status_before_run policyd_config
     else
         . ${FUNCTIONS_DIR}/cluebringer.sh
 
-        ECHO_INFO "Configure Policyd (postfix policy daemon, code name 'cluebringer')."
+        ECHO_INFO "Configure Policyd (postfix policy server, code name cluebringer)."
         check_status_before_run cluebringer_user
         check_status_before_run cluebringer_config
+        check_status_before_run cluebringer_webui_config
     fi
 
     # FreeBSD: Start policyd when system start up.
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.