There is a new version of this tutorial available for Ubuntu 18.04 (Bionic Beaver).

Postfix Virtual Hosting With LDAP Backend And With Dovecot As IMAP/POP3 Server On Ubuntu Kamic Koala 9.10 - Page 6

Step 8: Install and configure Roundcube webmail

First we create a database called roundcube:

mysqladmin -u root -p create roundcube

Next, we go to the MySQL shell:

mysql -u root -p

On the MySQL shell, we create the user roundcube with the password roundcube_password (replace it with a password of your choice) who has SELECT,INSERT,UPDATE,DELETE privileges on the roundcube database. This user will be used by Postfix and Courier to connect to the roundcube database:

GRANT SELECT, INSERT, UPDATE, DELETE ON roundcube.* TO 'roundcube'@'localhost' IDENTIFIED BY 'roundcube_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON roundcube.* TO 'roundcube'@'localhost.localdomain' IDENTIFIED BY 'roundcube_password';

Now we download and install Roundcube:

tar xvzf roundcubemail-0.3.1.tar.gz
mv roundcubemail-0.3.1 /var/www
cd /var/www/roundcube

Always check for the lastest version of Roundcube and download that one and modify the commands above to the version of Roundcube you downloaded.

Now we load the sql tables in to the database we created before:

mysql -u roundcube -p roundcube <  SQL/mysql.initial.sql

Now we edit the Roundcube configuration:

cp config / config/
cp config/ config/

Set the database configuration:

vi config/

Change the following line to the database configuration:

$rcmail_config['db_dsnw'] = 'mysql://roundcube:roundcube_password@localhost/roundcube';

Edit the and change the following entries:

vi config/


// List of active plugins (in plugins/ directory)
$rcmail_config['plugins'] = array();


// List of active plugins (in plugins/ directory)
$rcmail_config['plugins'] = array(password,vacation);


chars.$rcmail_config['des_key'] = 'rcmail-!24ByteDESkey*Str';


chars.$rcmail_config['des_key'] = 'your-own-24-digitkeystring';


$rcmail_config['default_host'] = '';


$rcmail_config['default_host'] = 'localhost'; 


$rcmail_config['smtp_server'] = ''; 


$rcmail_config['smtp_server'] = 'localhost'; 


// In order to enable public ldap search, configure an array like the Verisign
// example further below. if you would like to test, simply uncomment the example.
$rcmail_config['ldap_public'] = array();

// If you are going to use LDAP for individual address books, you will need to
// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it.
// The recommended directory structure for LDAP is to store all the address book entries
// under the users main entry, e.g.:
// o=root
// ou=people
// uid=user@domain
// mail=contact@contactdomain
// So the base_dn would be uid=%fu,ou=people,o=root
// The bind_dn would be the same as based_dn or some super user login.
* example config for Verisign directory
$rcmail_config['ldap_public']['Verisign'] = array(
'name' => '',
'hosts' => array(''),
'port' => 389,
'use_tls' => false,
'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login.
// %fu - The full username provided, assumes the username is an email
// address, uses the username_domain value if not an email address.
// %u - The username prior to the '@'.
// %d - The domain name after the '@'.
'base_dn' => '',
'bind_dn' => '',
'bind_pass' => '',
'writable' => false, // Indicates if we can write to the LDAP directory or not.
// If writable is true then these fields need to be populated:
// LDAP_Object_Classes, required_fields, LDAP_rdn
'LDAP_Object_Classes' => array("top", "inetOrgPerson"), // To create a new contact these are the object classes to specify (or any other classes you wish to use).
'required_fields' => array("cn", "sn", "mail"), // The required fields needed to build a new contact as required by the object classes (can include additional fields not required by the object classes).
'LDAP_rdn' => 'mail', // The RDN field that is used for new entries, this field needs to be one of the search_fields, the base of base_dn is appended to the RDN to insert into the LDAP directory.
'ldap_version' => 3, // using LDAPv3
'search_fields' => array('mail', 'cn'), // fields to search in
'name_field' => 'cn', // this field represents the contact's name
'email_field' => 'mail', // this field represents the contact's e-mail
'surname_field' => 'sn', // this field represents the contact's last name
'firstname_field' => 'gn', // this field represents the contact's first name
'sort' => 'cn', // The field to sort the listing by.
'scope' => 'sub', // search mode: sub|base|list
'filter' => '', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act
'fuzzy_search' => true); // server allows wildcard search

// An ordered array of the ids of the addressbooks that should be searched
// when populating address autocomplete fields server-side. ex: array('sql','Verisign');
$rcmail_config['autocomplete_addressbooks'] = array('sql');


$rcmail_config['ldap_public'] = array(GAL);
$rcmail_config['ldap_public']['GAL'] = array(
'name' => 'GAL',
'hosts' => array('localhost'),
'port' => 389,
'use_tls' => false,
'user_specific' => true,
'base_dn' => 'vd=%d,o=hosting,dc=example,dc=tls',
'bind_dn' => 'cn=phamm,o=hosting,dc=example,dc=tld',
'bind_pass' => 'readonly',
'writable' => false,
'LDAP_Object_Classes' => array("top", "inetOrgPerson"),
'required_fields' => array("cn", "sn", "mail"),
'LDAP_rdn' => 'mail',
'ldap_version' => 3,
'search_fields' => array('mail', 'cn'),
'name_field' => 'cn',
'email_field' => 'mail',
'surname_field' => 'sn',
'firstname_field' => 'gn',
'sort' => 'cn',
'scope' => 'sub',
'filter' => '(&(|(objectClass=VirtualMailAccount)objectClass=VirtualMailAlias))(accountActive=TRUE))',
'fuzzy_search' => true);
$rcmail_config['autocomplete_addressbooks'] = array('sql',GAL');

This will only allow users defined on the email server (localhost) to login and be created as email user.

The configuration for the password plugin:

cp plugins/password/ plugins/password/

Edit the configuration:

vi plugins/password/

Change the following entries


$rcmail_config['password_driver'] = 'sql';


$rcmail_config['password_driver'] = 'ldap'; 


// LDAP Driver options
// -------------------
// LDAP server name to connect to.
// You can provide one or several hosts in an array in which case the hosts are tried from left to right.
// Exemple: array('', '');
// Default: 'localhost'
$rcmail_config['password_ldap_host'] = 'localhost';

// LDAP server port to connect to
// Default: '389'
$rcmail_config['password_ldap_port'] = '389';

// TLS is started after connecting
// Using TLS for password modification is recommanded.
// Default: false
$rcmail_config['password_ldap_starttls'] = false;

// LDAP version
// Default: '3'
$rcmail_config['password_ldap_version'] = '3';

// LDAP base name (root directory)
// Exemple: 'dc=exemple,dc=com'
$rcmail_config['password_ldap_basedn'] = 'dc=exemple,dc=com';

// LDAP connection method
// There is two connection method for changing a user's LDAP password.
// 'user': use user credential (recommanded, require password_confirm_current=true)
// 'admin': use admin credential (this mode require password_ldap_adminDN and password_ldap_adminPW)
// Default: 'user'
$rcmail_config['password_ldap_method'] = 'user';

// LDAP Admin DN
// Used only in admin connection mode
// Default: null
$rcmail_config['password_ldap_adminDN'] = null;

// LDAP Admin Password
// Used only in admin connection mode
// Default: null
$rcmail_config['password_ldap_adminPW'] = null;

// LDAP user DN mask
// The user's DN is mandatory and as we only have his login,
// we need to re-create his DN using a mask
// '%login' will be replaced by the current roundcube user's login
// '%name' will be replaced by the current roundcube user's name part
// '%domain' will be replaced by the current roundcube user's domain part
// Exemple: 'uid=%login,ou=people,dc=exemple,dc=com'
$rcmail_config['password_ldap_userDN_mask'] = 'uid=%login,ou=people,dc=exemple,dc=com';

// LDAP password hash type
// Standard LDAP encryption type which must be one of: crypt,
// ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear.
// Please note that most encodage types require external libraries
// to be included in your PHP installation, see function hashPassword in drivers/ldap.php for more info.
// Default: 'crypt'
$rcmail_config['password_ldap_encodage'] = 'crypt';

// LDAP password attribute
// Name of the ldap's attribute used for storing user password
// Default: 'userPassword'
$rcmail_config['password_ldap_pwattr'] = 'userPassword';

// LDAP password force replace
// Force LDAP replace in cases where ACL allows only replace not read
// See
// Default: true
$rcmail_config['password_ldap_force_replace'] = true;


$rcmail_config['password_ldap_host'] = 'localhost';
$rcmail_config['password_ldap_port'] = '389';
$rcmail_config['password_ldap_starttls'] = false;
$rcmail_config['password_ldap_version'] = '3';
$rcmail_config['password_ldap_basedn'] = 'o=hosting,dc=example,dc=tld';

$rcmail_config['password_ldap_method'] = 'user';
$rcmail_config['password_ldap_adminDN'] = null;
$rcmail_config['password_ldap_adminPW'] = null;

$rcmail_config['password_ldap_userDN_mask'] = 'mail=%login,vd=%domain,o=hosting,dc=example,dc=tld';

$rcmail_config['password_ldap_encodage'] = 'md5';
$rcmail_config['password_ldap_pwattr'] = 'userPassword';

$rcmail_config['password_ldap_force_replace'] = true;

Now we're going to download and install the vacation plugin:

cd /usr/src
tar xvzf plugin-vacation-0.3-20091008.tar.gz
mv vacation /var/www/roundcube/plugins/vacation
cd /var/www/roundcube

Now we edit the configuration and change:

vi plugins/vacation/


$rcmail_config['vacation_gui_vacationsubject'] = TRUE;


$rcmail_config['vacation_gui_vacationsubject'] = FALSE;


$rcmail_config['vacation_driver'] = 'sql'; 


$rcmail_config['vacation_driver'] = 'ldap';


// Base DN
$rcmail_config['vacation_ldap_base'] = 'dc=ldap,dc=my,dc=domain';

// Bind DN
$rcmail_config['vacation_ldap_binddn'] =

// Bind password
$rcmail_config['vacation_ldap_bindpw'] = 'pa$$w0rd';


// Base DN
$rcmail_config['vacation_ldap_base'] = 'o=hosting,dc=example,dc=tld';

// Bind DN
$rcmail_config['vacation_ldap_binddn'] = 'cn=admin,dc=example,dc=tld';

// Bind password
$rcmail_config['vacation_ldap_bindpw'] = 'yourpassword';


// Search filter to read data
$rcmail_config['vacation_ldap_search_filter'] = '(objectClass=mailAccount)';

// Search attributes to read data
$rcmail_config['vacation_ldap_search_attrs'] = array ('vacationActive', 'vacationInfo');

// array of DN to use for modify operations required to write data.
$rcmail_config['vacation_ldap_modify_dns'] = array (


// Search base to read data
$rcmail_config['vacation_ldap_search_base'] =

// Search filter to read data
$rcmail_config['vacation_ldap_search_filter'] = '(objectClass=VirtualMailAccount)';

// Search attributes to read data
$rcmail_config['vacation_ldap_search_attrs'] = array ('vacationActive', 'vacationInfo');

// array of DN to use for modify operations required to write data.
$rcmail_config['vacation_ldap_modify_dns'] = array (

This concludes the configuration for Roundcube.

You can now go to http://yourdomain.tld/roundcube and login with your email username and password. Under preferences you can now change your password and vacation settings.

Share this page:

0 Comment(s)