Postfix Virtual Hosting With LDAP Backend And With Dovecot As IMAP/POP3 Server On Ubuntu Kamic Koala 9.10 - Page 6
This tutorial exists for these OS versions
- Ubuntu 18.04 (Bionic Beaver)
- Ubuntu 14.04 LTS (Trusty Tahr)
- Ubuntu 9.10 (Karmic Koala)
- Ubuntu 8.10 (Intrepid Ibex)
- Ubuntu 8.04 (Hardy Heron)
On this page
Step 8: Install and configure Roundcube webmail
First we create a database called roundcube:
mysqladmin -u root -p create roundcube
Next, we go to the MySQL shell:
mysql -u root -p
On the MySQL shell, we create the user roundcube with the password roundcube_password (replace it with a password of your choice) who has SELECT,INSERT,UPDATE,DELETE privileges on the roundcube database. This user will be used by Postfix and Courier to connect to the roundcube database:
GRANT SELECT, INSERT, UPDATE, DELETE ON roundcube.* TO 'roundcube'@'localhost' IDENTIFIED BY 'roundcube_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON roundcube.* TO 'roundcube'@'localhost.localdomain' IDENTIFIED BY 'roundcube_password';
FLUSH PRIVILEGES;
Now we download and install Roundcube:
cd/usr/src
wget http://downloads.sourceforge.net/project/roundcubemail/roundcubemail/0.3.1/roundcubemail-.3.1.tar.gz?use_mirror=surfnet
tar xvzf roundcubemail-0.3.1.tar.gz
mv roundcubemail-0.3.1 /var/www
cd /var/www/roundcube
Always check for the lastest version of Roundcube and download that one and modify the commands above to the version of Roundcube you downloaded.
Now we load the sql tables in to the database we created before:
mysql -u roundcube -p roundcube < SQL/mysql.initial.sql
Now we edit the Roundcube configuration:
cp config /db.inc.php.dist config/db.inc.php
cp config/main.inc.php.dist config/main.inc.php
Set the database configuration:
vi config/db.inc.php
Change the following line to the database configuration:
$rcmail_config['db_dsnw'] = 'mysql://roundcube:roundcube_password@localhost/roundcube';
Edit the main.inc.php and change the following entries:
vi config/main.inc.php
From:
// List of active plugins (in plugins/ directory) $rcmail_config['plugins'] = array();
To:
// List of active plugins (in plugins/ directory) $rcmail_config['plugins'] = array(password,vacation);
From:
chars.$rcmail_config['des_key'] = 'rcmail-!24ByteDESkey*Str';
To:
chars.$rcmail_config['des_key'] = 'your-own-24-digitkeystring';
From:
$rcmail_config['default_host'] = '';
To:
$rcmail_config['default_host'] = 'localhost';
From:
$rcmail_config['smtp_server'] = '';
To
$rcmail_config['smtp_server'] = 'localhost';
From:
// In order to enable public ldap search, configure an array like the Verisign // example further below. if you would like to test, simply uncomment the example. $rcmail_config['ldap_public'] = array(); // // If you are going to use LDAP for individual address books, you will need to // set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. // // The recommended directory structure for LDAP is to store all the address book entries // under the users main entry, e.g.: // // o=root // ou=people // uid=user@domain // mail=contact@contactdomain // // So the base_dn would be uid=%fu,ou=people,o=root // The bind_dn would be the same as based_dn or some super user login. /* * example config for Verisign directory * $rcmail_config['ldap_public']['Verisign'] = array( 'name' => 'Verisign.com', 'hosts' => array('directory.verisign.com'), 'port' => 389, 'use_tls' => false, 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. // %fu - The full username provided, assumes the username is an email // address, uses the username_domain value if not an email address. // %u - The username prior to the '@'. // %d - The domain name after the '@'. 'base_dn' => '', 'bind_dn' => '', 'bind_pass' => '', 'writable' => false, // Indicates if we can write to the LDAP directory or not. // If writable is true then these fields need to be populated: // LDAP_Object_Classes, required_fields, LDAP_rdn 'LDAP_Object_Classes' => array("top", "inetOrgPerson"), // To create a new contact these are the object classes to specify (or any other classes you wish to use). 'required_fields' => array("cn", "sn", "mail"), // The required fields needed to build a new contact as required by the object classes (can include additional fields not required by the object classes). 'LDAP_rdn' => 'mail', // The RDN field that is used for new entries, this field needs to be one of the search_fields, the base of base_dn is appended to the RDN to insert into the LDAP directory. 'ldap_version' => 3, // using LDAPv3 'search_fields' => array('mail', 'cn'), // fields to search in 'name_field' => 'cn', // this field represents the contact's name 'email_field' => 'mail', // this field represents the contact's e-mail 'surname_field' => 'sn', // this field represents the contact's last name 'firstname_field' => 'gn', // this field represents the contact's first name 'sort' => 'cn', // The field to sort the listing by. 'scope' => 'sub', // search mode: sub|base|list 'filter' => '', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act 'fuzzy_search' => true); // server allows wildcard search */ // An ordered array of the ids of the addressbooks that should be searched // when populating address autocomplete fields server-side. ex: array('sql','Verisign'); $rcmail_config['autocomplete_addressbooks'] = array('sql');
To:
$rcmail_config['ldap_public'] = array(GAL); $rcmail_config['ldap_public']['GAL'] = array( 'name' => 'GAL', 'hosts' => array('localhost'), 'port' => 389, 'use_tls' => false, 'user_specific' => true, 'base_dn' => 'vd=%d,o=hosting,dc=example,dc=tls', 'bind_dn' => 'cn=phamm,o=hosting,dc=example,dc=tld', 'bind_pass' => 'readonly', 'writable' => false, 'LDAP_Object_Classes' => array("top", "inetOrgPerson"), 'required_fields' => array("cn", "sn", "mail"), 'LDAP_rdn' => 'mail', 'ldap_version' => 3, 'search_fields' => array('mail', 'cn'), 'name_field' => 'cn', 'email_field' => 'mail', 'surname_field' => 'sn', 'firstname_field' => 'gn', 'sort' => 'cn', 'scope' => 'sub', 'filter' => '(&(|(objectClass=VirtualMailAccount)objectClass=VirtualMailAlias))(accountActive=TRUE))', 'fuzzy_search' => true); $rcmail_config['autocomplete_addressbooks'] = array('sql',GAL');
This will only allow users defined on the email server (localhost) to login and be created as email user.
The configuration for the password plugin:
cp plugins/password/config.inc.php.dist plugins/password/config.inc.php
Edit the configuration:
vi plugins/password/config.inc.php
Change the following entries
From:
$rcmail_config['password_driver'] = 'sql';
To:
$rcmail_config['password_driver'] = 'ldap';
From:
// LDAP Driver options // ------------------- // LDAP server name to connect to. // You can provide one or several hosts in an array in which case the hosts are tried from left to right. // Exemple: array('ldap1.exemple.com', 'ldap2.exemple.com'); // Default: 'localhost' $rcmail_config['password_ldap_host'] = 'localhost'; // LDAP server port to connect to // Default: '389' $rcmail_config['password_ldap_port'] = '389'; // TLS is started after connecting // Using TLS for password modification is recommanded. // Default: false $rcmail_config['password_ldap_starttls'] = false; // LDAP version // Default: '3' $rcmail_config['password_ldap_version'] = '3'; // LDAP base name (root directory) // Exemple: 'dc=exemple,dc=com' $rcmail_config['password_ldap_basedn'] = 'dc=exemple,dc=com'; // LDAP connection method // There is two connection method for changing a user's LDAP password. // 'user': use user credential (recommanded, require password_confirm_current=true) // 'admin': use admin credential (this mode require password_ldap_adminDN and password_ldap_adminPW) // Default: 'user' $rcmail_config['password_ldap_method'] = 'user'; // LDAP Admin DN // Used only in admin connection mode // Default: null $rcmail_config['password_ldap_adminDN'] = null; // LDAP Admin Password // Used only in admin connection mode // Default: null $rcmail_config['password_ldap_adminPW'] = null; // LDAP user DN mask // The user's DN is mandatory and as we only have his login, // we need to re-create his DN using a mask // '%login' will be replaced by the current roundcube user's login // '%name' will be replaced by the current roundcube user's name part // '%domain' will be replaced by the current roundcube user's domain part // Exemple: 'uid=%login,ou=people,dc=exemple,dc=com' $rcmail_config['password_ldap_userDN_mask'] = 'uid=%login,ou=people,dc=exemple,dc=com'; // LDAP password hash type // Standard LDAP encryption type which must be one of: crypt, // ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear. // Please note that most encodage types require external libraries // to be included in your PHP installation, see function hashPassword in drivers/ldap.php for more info. // Default: 'crypt' $rcmail_config['password_ldap_encodage'] = 'crypt'; // LDAP password attribute // Name of the ldap's attribute used for storing user password // Default: 'userPassword' $rcmail_config['password_ldap_pwattr'] = 'userPassword'; // LDAP password force replace // Force LDAP replace in cases where ACL allows only replace not read // See http://pear.php.net/package/Net_LDAP2/docs/latest/Net_LDAP2/Net_LDAP2_Entry.html#methodreplace // Default: true $rcmail_config['password_ldap_force_replace'] = true;
To:
$rcmail_config['password_ldap_host'] = 'localhost'; $rcmail_config['password_ldap_port'] = '389'; $rcmail_config['password_ldap_starttls'] = false; $rcmail_config['password_ldap_version'] = '3'; $rcmail_config['password_ldap_basedn'] = 'o=hosting,dc=example,dc=tld'; $rcmail_config['password_ldap_method'] = 'user'; $rcmail_config['password_ldap_adminDN'] = null; $rcmail_config['password_ldap_adminPW'] = null; $rcmail_config['password_ldap_userDN_mask'] = 'mail=%login,vd=%domain,o=hosting,dc=example,dc=tld'; $rcmail_config['password_ldap_encodage'] = 'md5'; $rcmail_config['password_ldap_pwattr'] = 'userPassword'; $rcmail_config['password_ldap_force_replace'] = true;
Now we're going to download and install the vacation plugin:
cd /usr/src
wget http://blog.hbis.fr/wp-content/uploads/2009/10/plugin-vacation-0.3-20091008.tar.gz
tar xvzf plugin-vacation-0.3-20091008.tar.gz
mv vacation /var/www/roundcube/plugins/vacation
cd /var/www/roundcube
Now we edit the configuration and change:
vi plugins/vacation/config.inc.php
From:
$rcmail_config['vacation_gui_vacationsubject'] = TRUE;
To:
$rcmail_config['vacation_gui_vacationsubject'] = FALSE;
From:
$rcmail_config['vacation_driver'] = 'sql';
To:
$rcmail_config['vacation_driver'] = 'ldap';
From:
// Base DN $rcmail_config['vacation_ldap_base'] = 'dc=ldap,dc=my,dc=domain'; // Bind DN $rcmail_config['vacation_ldap_binddn'] = 'cn=user,dc=ldap,dc=my,dc=domain'; // Bind password $rcmail_config['vacation_ldap_bindpw'] = 'pa$$w0rd';
To:
// Base DN $rcmail_config['vacation_ldap_base'] = 'o=hosting,dc=example,dc=tld'; // Bind DN $rcmail_config['vacation_ldap_binddn'] = 'cn=admin,dc=example,dc=tld'; // Bind password $rcmail_config['vacation_ldap_bindpw'] = 'yourpassword';
From:
// Search filter to read data $rcmail_config['vacation_ldap_search_filter'] = '(objectClass=mailAccount)'; // Search attributes to read data $rcmail_config['vacation_ldap_search_attrs'] = array ('vacationActive', 'vacationInfo'); // array of DN to use for modify operations required to write data. $rcmail_config['vacation_ldap_modify_dns'] = array ( 'cn=%email_local,ou=Mailboxes,dc=%email_domain,ou=MailServer,dc=ldap,dc=my,dc=domain' );
To:
// Search base to read data $rcmail_config['vacation_ldap_search_base'] = 'mail=%username,vd=%email_domain,o=hosting,dc=example,dc=tld'; // Search filter to read data $rcmail_config['vacation_ldap_search_filter'] = '(objectClass=VirtualMailAccount)'; // Search attributes to read data $rcmail_config['vacation_ldap_search_attrs'] = array ('vacationActive', 'vacationInfo'); // array of DN to use for modify operations required to write data. $rcmail_config['vacation_ldap_modify_dns'] = array ( 'mail=%username,vd=%email_domain,o=hosting,dc=example,dc=tld' );
This concludes the configuration for Roundcube.
You can now go to http://yourdomain.tld/roundcube and login with your email username and password. Under preferences you can now change your password and vacation settings.