Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 20th March 2009, 04:27
gring gring is offline
Member
 
Join Date: Mar 2009
Posts: 53
Thanks: 2
Thanked 3 Times in 3 Posts
Default Ubuntu 8.10 - openLDAP and Phamm for Postfix - dovecot

Hi, I've tried this howto: Postfix Virtual Hosting With LDAP Backend And With Dovecot As IMAP/POP3 Server On Ubuntu Intrepid Ibex Server 8.10

I've got the same issues than some of the people who commented the page about installing openLDAP:

- when trying to set the ACL's (what is an ACL by the way?) with the command: ldapmodify -x -D cn=admin,cn=config -W -f acl-del.ldif

I get the following error message: ldapmodify: wrong attributeType at line 3, entry "olcDatabase={1}hdb,cn=config"

should something be configured first in the server?

- when I try to add the phamm hosting organisation, I just get a "bad credentials" error.

Should the database (dn=hosting,dc=example,dc=tld
) be created first?

By the way, how can we define the database location in the filesystem? When looking for tutorials, it is shown that it was set within the slapd.conf file, which doesn't exist in openldap latest version.

Thanks for helping, the old server I'm migrating from is already down and my user's mails are falling nowhere, so I'm getting a little nervous ... LDAP is not really beginner friendly so your help would REALLY be welcome.
Reply With Quote
Sponsored Links
  #2  
Old 23rd March 2009, 01:19
gring gring is offline
Member
 
Join Date: Mar 2009
Posts: 53
Thanks: 2
Thanked 3 Times in 3 Posts
Default

Hi,

I wrote a private message to the howto's author, Miguel, who told me he also had the same problem:

Quote:
Originally Posted by Miguel
I'm sorry that I can't help you.

It worked when I wrote the How To.

It does work without the ACL's, but then postmasters cannot create email adresses, only the 'admin' (Openldap account can).

The syntax is correct, but there seems to be a truncated entry in the latest Openldap version. Even when trying to delete (ACL) with the line number option the error occurs (which shouldn't).

I haven't found a solution myself for the problem.

Miguel.
It seems there are some changes in the latest versions of openLDAP, configuration is no more made through the slapd.conf file (like it is shown in many documentations on the web), but directly in the config database.

Here is the openLDAP page about ldap browsers (useful to edit it): http://www.openldap.org/faq/data/cache/270.html
Reply With Quote
The Following User Says Thank You to gring For This Useful Post:
falko (23rd March 2009)
  #3  
Old 26th March 2009, 22:28
gring gring is offline
Member
 
Join Date: Mar 2009
Posts: 53
Thanks: 2
Thanked 3 Times in 3 Posts
Default

OpenLdap used to be configured with the file slapd.conf. With the latest Ubuntu packages, it is no more the case, and the server is configured with and internal ldap database, as it is explained here.

When you install slapd with apt-get, it creates the main configuration database (dc=config), and a default database.

Now, to edit the slapd configuration, take a ldap browser.
I used ldapAdmin

connect to the database: dc=config
with the user: cn=admin,cn=config
and the password you set during slapd installation.

As you can see, there are several entries:

- cn=schema, that should contain the default schema's and the 4 you added during the howto.

- olcDatabase={0}config, an occurence of the olcDatabaseConfig class, that holds the configuration of slapd's internal configuration database.

- olcDatabase={1}hdb, an occurence of olcDatabaseConfig AND olcHdbConfig, which holds the configuration of a database that is automatically created upon slapd installation.

(olcHdbConfig makes the entry hold configuration data like the path of the database, which is useless for the internal configuration db)

* I didn't manage to create a new database by adding an occurence of olcDatabaseConfig and olcHdbConfig, I keep having error messages saying the server can't initialise the db -> I cant' find any documentation about creating a db

* I didn't manage to change the suffix attribute, so I used dpkg-reconfigure slapd to set it during hdb's creation.

* I changed the database's location, to do that, copy the files in /var/lib/ldap to your directory, then change the olcDbDirectory attribute to match it. then restart your slapd server. I think it's a dirty way to do it, but it works

With your ldap browser, erase the olcAccess lines. (I'm not sure it works with all browsers). Then continue to follow the howto's instructions and add the acl's.

* the database contains a cn=admin entry, it seems to contain the admin's account data for the database

I go through the entire howto, but phamm keeps telling me "invalid credentials", though I can connect to the database with the ldap browser...

Any ideas?
Reply With Quote
  #4  
Old 4th April 2009, 21:00
gring gring is offline
Member
 
Join Date: Mar 2009
Posts: 53
Thanks: 2
Thanked 3 Times in 3 Posts
Default

There's a bug in the ubuntu phamm - apt-get package.

(The main program file does not look for the configuration file in /etc/phamm/config.php, you have to change it)
Reply With Quote
  #5  
Old 4th April 2009, 21:06
gring gring is offline
Member
 
Join Date: Mar 2009
Posts: 53
Thanks: 2
Thanked 3 Times in 3 Posts
Default

(the main program file is here: /usr/share/phamm/www-data/main.php
)
Reply With Quote
  #6  
Old 8th April 2009, 13:12
maczkal maczkal is offline
Junior Member
 
Join Date: Mar 2009
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi, thanks a lot for this.
But please explain it step by step.
What change where.
In my configuration there's no /etc/phamm/config.php file. I even don't have /etc/phamm folder.

I hope you will help. Thanks one more time.
Reply With Quote
  #7  
Old 15th April 2009, 23:50
interrobang interrobang is offline
Junior Member
 
Join Date: Apr 2009
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by maczkal View Post
Hi, thanks a lot for this.
But please explain it step by step.
What change where.
In my configuration there's no /etc/phamm/config.php file. I even don't have /etc/phamm folder.

I hope you will help. Thanks one more time.
the config.php file should be in the "phamm - apt-get package". but why use
gring the phamm package? the Howto does not contain any "phamm - apt-get package" - only a compressed "phamm-0.5.15.tar.gz". strange...

.. i am not able to complete my installation under this incomplete totorial
Reply With Quote
  #8  
Old 16th April 2009, 16:55
Miguel Miguel is offline
HowtoForge Supporter
 
Join Date: Sep 2007
Location: Maasmechelen - Belgium
Posts: 18
Thanks: 0
Thanked 2 Times in 2 Posts
Thumbs down

Why is there no apt-get install of the phamm package: two reasons

1. The pham package was outdated at the time when this How to was written
2. Even if you did install the apt package you would still have to do all of the configuration manually. It does not configure phamm, nor OpenLDAP.

I'm currently overloaded by a project for the governement so I cannot devote the time needed in order to resolve the issues with regard to the ACL.

However when this how to was written, I used it to install an configure the environment and it worked. There is now an update / upgrade available from Ubuntu for the Openldap package but I don't have the time to test it in regard to the how to.

Apart from the ACL issue the how to works, and without the ACL phamm works. Downside is that without the ACL, postmasters cannot add / change users, only the admin (Openldap admin) account can.

One of the issues I'm raising with the phamm developers is to hve the security (read ACL) in the package and not being dependant on Openldap.

For one:

If you add / change / modify ACL's, there is a major issue that phamm won't work or act strangely if the ACL's impose on Openldap by phamm aren't in the correct order (this just as a side note).

I'll try to do my best, but as I said I almost don't have any time except for work for the last 4 months and it isn't looking any better in the near future.

Resolving this is also important to me since my own (18 domains) are running on this setup.

I'm very sorry not being able to provide more assistance at this moment.
Reply With Quote
  #9  
Old 2nd May 2009, 19:35
feydin feydin is offline
Junior Member
 
Join Date: May 2009
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Are there any updates on the ACL issues? It really limit's the features phamm offers (f.e. Users are not able to set Vacation messages and so on).
Reply With Quote
  #10  
Old 1st June 2009, 15:08
Afanen Afanen is offline
Junior Member
 
Join Date: Jun 2009
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default Change the order of entries

I simply changed the order of the entries in add-del.ldif. My file looks like this:
Code:
dn: olcDatabase={1}hdb,cn=config
delete: olcAccess
olcAccess: to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=orca-central,dc=de" write by anonymous auth by self write by * none
olcAccess: to * by dn="cn=admin,dc=orca-central,dc=de" write by * read
olcAccess: to dn.base="" by * read
You will see, that I simply swapped the last two lines. That solved the problem for me. Using linenumbers didn't do the trick.

I used slapcat to find out the actual order of the acls in the database. It seems the delete command needs them in the same order, as they were entered.

Regards,
Zo
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 19:53.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.