Postfix Virtual Hosting With LDAP Backend And With Dovecot As IMAP/POP3 Server On Ubuntu Kamic Koala 9.10 - Page 6

Step 8: Install and configure Roundcube webmail

First we create a database called roundcube:

mysqladmin -u root -p create roundcube

Next, we go to the MySQL shell:

mysql -u root -p

On the MySQL shell, we create the user roundcube with the password roundcube_password (replace it with a password of your choice) who has SELECT,INSERT,UPDATE,DELETE privileges on the roundcube database. This user will be used by Postfix and Courier to connect to the roundcube database:

GRANT SELECT, INSERT, UPDATE, DELETE ON roundcube.* TO 'roundcube'@'localhost' IDENTIFIED BY 'roundcube_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON roundcube.* TO 'roundcube'@'localhost.localdomain' IDENTIFIED BY 'roundcube_password';
FLUSH PRIVILEGES;

Now we download and install Roundcube:

cd/usr/src
wget http://downloads.sourceforge.net/project/roundcubemail/roundcubemail/0.3.1/roundcubemail-.3.1.tar.gz?use_mirror=surfnet
tar xvzf roundcubemail-0.3.1.tar.gz
mv roundcubemail-0.3.1 /var/www
cd /var/www/roundcube

Always check for the lastest version of Roundcube and download that one and modify the commands above to the version of Roundcube you downloaded.

Now we load the sql tables in to the database we created before:

mysql -u roundcube -p roundcube <  SQL/mysql.initial.sql

Now we edit the Roundcube configuration:

cp config /db.inc.php.dist config/db.inc.php
cp config/main.inc.php.dist config/main.inc.php

Set the database configuration:

vi config/db.inc.php

Change the following line to the database configuration:

$rcmail_config['db_dsnw'] = 'mysql://roundcube:roundcube_password@localhost/roundcube';

Edit the main.inc.php and change the following entries:

vi config/main.inc.php

From:

// List of active plugins (in plugins/ directory)
$rcmail_config['plugins'] = array();

To:

// List of active plugins (in plugins/ directory)
$rcmail_config['plugins'] = array(password,vacation);

From:

chars.$rcmail_config['des_key'] = 'rcmail-!24ByteDESkey*Str';

To:

chars.$rcmail_config['des_key'] = 'your-own-24-digitkeystring';

From:

$rcmail_config['default_host'] = '';

To:

$rcmail_config['default_host'] = 'localhost'; 

From:

$rcmail_config['smtp_server'] = ''; 

To

$rcmail_config['smtp_server'] = 'localhost'; 

From:

// In order to enable public ldap search, configure an array like the Verisign
// example further below. if you would like to test, simply uncomment the example.
$rcmail_config['ldap_public'] = array();

//
// If you are going to use LDAP for individual address books, you will need to
// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it.
//
// The recommended directory structure for LDAP is to store all the address book entries
// under the users main entry, e.g.:
//
// o=root
// ou=people
// uid=user@domain
// mail=contact@contactdomain
//
// So the base_dn would be uid=%fu,ou=people,o=root
// The bind_dn would be the same as based_dn or some super user login.
/*
* example config for Verisign directory
*
$rcmail_config['ldap_public']['Verisign'] = array(
'name' => 'Verisign.com',
'hosts' => array('directory.verisign.com'),
'port' => 389,
'use_tls' => false,
'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login.
// %fu - The full username provided, assumes the username is an email
// address, uses the username_domain value if not an email address.
// %u - The username prior to the '@'.
// %d - The domain name after the '@'.
'base_dn' => '',
'bind_dn' => '',
'bind_pass' => '',
'writable' => false, // Indicates if we can write to the LDAP directory or not.
// If writable is true then these fields need to be populated:
// LDAP_Object_Classes, required_fields, LDAP_rdn
'LDAP_Object_Classes' => array("top", "inetOrgPerson"), // To create a new contact these are the object classes to specify (or any other classes you wish to use).
'required_fields' => array("cn", "sn", "mail"), // The required fields needed to build a new contact as required by the object classes (can include additional fields not required by the object classes).
'LDAP_rdn' => 'mail', // The RDN field that is used for new entries, this field needs to be one of the search_fields, the base of base_dn is appended to the RDN to insert into the LDAP directory.
'ldap_version' => 3, // using LDAPv3
'search_fields' => array('mail', 'cn'), // fields to search in
'name_field' => 'cn', // this field represents the contact's name
'email_field' => 'mail', // this field represents the contact's e-mail
'surname_field' => 'sn', // this field represents the contact's last name
'firstname_field' => 'gn', // this field represents the contact's first name
'sort' => 'cn', // The field to sort the listing by.
'scope' => 'sub', // search mode: sub|base|list
'filter' => '', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act
'fuzzy_search' => true); // server allows wildcard search
*/

// An ordered array of the ids of the addressbooks that should be searched
// when populating address autocomplete fields server-side. ex: array('sql','Verisign');
$rcmail_config['autocomplete_addressbooks'] = array('sql');

To:

$rcmail_config['ldap_public'] = array(GAL);
$rcmail_config['ldap_public']['GAL'] = array(
'name' => 'GAL',
'hosts' => array('localhost'),
'port' => 389,
'use_tls' => false,
'user_specific' => true,
'base_dn' => 'vd=%d,o=hosting,dc=example,dc=tls',
'bind_dn' => 'cn=phamm,o=hosting,dc=example,dc=tld',
'bind_pass' => 'readonly',
'writable' => false,
'LDAP_Object_Classes' => array("top", "inetOrgPerson"),
'required_fields' => array("cn", "sn", "mail"),
'LDAP_rdn' => 'mail',
'ldap_version' => 3,
'search_fields' => array('mail', 'cn'),
'name_field' => 'cn',
'email_field' => 'mail',
'surname_field' => 'sn',
'firstname_field' => 'gn',
'sort' => 'cn',
'scope' => 'sub',
'filter' => '(&(|(objectClass=VirtualMailAccount)objectClass=VirtualMailAlias))(accountActive=TRUE))',
'fuzzy_search' => true);
$rcmail_config['autocomplete_addressbooks'] = array('sql',GAL');

This will only allow users defined on the email server (localhost) to login and be created as email user.

The configuration for the password plugin:

cp plugins/password/config.inc.php.dist plugins/password/config.inc.php

Edit the configuration:

vi plugins/password/config.inc.php

Change the following entries

From:

$rcmail_config['password_driver'] = 'sql';

To:

$rcmail_config['password_driver'] = 'ldap'; 

From:

// LDAP Driver options
// -------------------
// LDAP server name to connect to.
// You can provide one or several hosts in an array in which case the hosts are tried from left to right.
// Exemple: array('ldap1.exemple.com', 'ldap2.exemple.com');
// Default: 'localhost'
$rcmail_config['password_ldap_host'] = 'localhost';

// LDAP server port to connect to
// Default: '389'
$rcmail_config['password_ldap_port'] = '389';

// TLS is started after connecting
// Using TLS for password modification is recommanded.
// Default: false
$rcmail_config['password_ldap_starttls'] = false;

// LDAP version
// Default: '3'
$rcmail_config['password_ldap_version'] = '3';

// LDAP base name (root directory)
// Exemple: 'dc=exemple,dc=com'
$rcmail_config['password_ldap_basedn'] = 'dc=exemple,dc=com';

// LDAP connection method
// There is two connection method for changing a user's LDAP password.
// 'user': use user credential (recommanded, require password_confirm_current=true)
// 'admin': use admin credential (this mode require password_ldap_adminDN and password_ldap_adminPW)
// Default: 'user'
$rcmail_config['password_ldap_method'] = 'user';

// LDAP Admin DN
// Used only in admin connection mode
// Default: null
$rcmail_config['password_ldap_adminDN'] = null;

// LDAP Admin Password
// Used only in admin connection mode
// Default: null
$rcmail_config['password_ldap_adminPW'] = null;

// LDAP user DN mask
// The user's DN is mandatory and as we only have his login,
// we need to re-create his DN using a mask
// '%login' will be replaced by the current roundcube user's login
// '%name' will be replaced by the current roundcube user's name part
// '%domain' will be replaced by the current roundcube user's domain part
// Exemple: 'uid=%login,ou=people,dc=exemple,dc=com'
$rcmail_config['password_ldap_userDN_mask'] = 'uid=%login,ou=people,dc=exemple,dc=com';

// LDAP password hash type
// Standard LDAP encryption type which must be one of: crypt,
// ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear.
// Please note that most encodage types require external libraries
// to be included in your PHP installation, see function hashPassword in drivers/ldap.php for more info.
// Default: 'crypt'
$rcmail_config['password_ldap_encodage'] = 'crypt';

// LDAP password attribute
// Name of the ldap's attribute used for storing user password
// Default: 'userPassword'
$rcmail_config['password_ldap_pwattr'] = 'userPassword';

// LDAP password force replace
// Force LDAP replace in cases where ACL allows only replace not read
// See http://pear.php.net/package/Net_LDAP2/docs/latest/Net_LDAP2/Net_LDAP2_Entry.html#methodreplace
// Default: true
$rcmail_config['password_ldap_force_replace'] = true;

To:

$rcmail_config['password_ldap_host'] = 'localhost';
$rcmail_config['password_ldap_port'] = '389';
$rcmail_config['password_ldap_starttls'] = false;
$rcmail_config['password_ldap_version'] = '3';
$rcmail_config['password_ldap_basedn'] = 'o=hosting,dc=example,dc=tld';

$rcmail_config['password_ldap_method'] = 'user';
$rcmail_config['password_ldap_adminDN'] = null;
$rcmail_config['password_ldap_adminPW'] = null;

$rcmail_config['password_ldap_userDN_mask'] = 'mail=%login,vd=%domain,o=hosting,dc=example,dc=tld';

$rcmail_config['password_ldap_encodage'] = 'md5';
$rcmail_config['password_ldap_pwattr'] = 'userPassword';

$rcmail_config['password_ldap_force_replace'] = true;

Now we're going to download and install the vacation plugin:

cd /usr/src
wget http://blog.hbis.fr/wp-content/uploads/2009/10/plugin-vacation-0.3-20091008.tar.gz
tar xvzf plugin-vacation-0.3-20091008.tar.gz
mv vacation /var/www/roundcube/plugins/vacation
cd /var/www/roundcube

Now we edit the configuration and change:

vi plugins/vacation/config.inc.php

From:

$rcmail_config['vacation_gui_vacationsubject'] = TRUE;

To:

$rcmail_config['vacation_gui_vacationsubject'] = FALSE;

From:

$rcmail_config['vacation_driver'] = 'sql'; 

To:

$rcmail_config['vacation_driver'] = 'ldap';

From:

// Base DN
$rcmail_config['vacation_ldap_base'] = 'dc=ldap,dc=my,dc=domain';

// Bind DN
$rcmail_config['vacation_ldap_binddn'] =
'cn=user,dc=ldap,dc=my,dc=domain';

// Bind password
$rcmail_config['vacation_ldap_bindpw'] = 'pa$$w0rd';

To:

// Base DN
$rcmail_config['vacation_ldap_base'] = 'o=hosting,dc=example,dc=tld';

// Bind DN
$rcmail_config['vacation_ldap_binddn'] = 'cn=admin,dc=example,dc=tld';

// Bind password
$rcmail_config['vacation_ldap_bindpw'] = 'yourpassword';

From:

// Search filter to read data
$rcmail_config['vacation_ldap_search_filter'] = '(objectClass=mailAccount)';

// Search attributes to read data
$rcmail_config['vacation_ldap_search_attrs'] = array ('vacationActive', 'vacationInfo');

// array of DN to use for modify operations required to write data.
$rcmail_config['vacation_ldap_modify_dns'] = array (
'cn=%email_local,ou=Mailboxes,dc=%email_domain,ou=MailServer,dc=ldap,dc=my,dc=domain'
);

To:

// Search base to read data
$rcmail_config['vacation_ldap_search_base'] =
'mail=%username,vd=%email_domain,o=hosting,dc=example,dc=tld';

// Search filter to read data
$rcmail_config['vacation_ldap_search_filter'] = '(objectClass=VirtualMailAccount)';

// Search attributes to read data
$rcmail_config['vacation_ldap_search_attrs'] = array ('vacationActive', 'vacationInfo');

// array of DN to use for modify operations required to write data.
$rcmail_config['vacation_ldap_modify_dns'] = array (
'mail=%username,vd=%email_domain,o=hosting,dc=example,dc=tld'
);

This concludes the configuration for Roundcube.

You can now go to http://yourdomain.tld/roundcube and login with your email username and password. Under preferences you can now change your password and vacation settings.

Share this page:

7 Comment(s)

Add comment

Comments

From: Zabidin at: 2009-12-30 06:44:01

Hi,

 I stuck at this part.

 

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/phamm.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ISPEnv2.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/amavis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/pureftpd.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/perversia.ldif 

 It said about permission. I don't know which permission. I install as root, should be no problem.

From: Anonymous at: 2009-12-15 21:28:46

Several months ago I followed a similar guide on 9.1

http://www.howtoforge.com/postfix-virtual-hosting-with-ldap-backend-and-with-dovecot-pop3-imap-on-ubuntu-8.10

I have been upgrading since but lacked the ability for users to change their own passwords.   Phamm 5.15 issue permissions issue.

 

I'm thinking about trying to do an in place upgrade on a very busy mail server.   

 Are there any "gotcha's" to lookout for when I Try to upgrade the schema?

Is this even possible?

From: Matteo at: 2011-03-17 21:01:29

server:/etc/ldap/slapd.d/cn=config/cn=schema# ldapadd -Y EXTERNAL -H ldapi:// -f /etc/ldap/schema/db.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module{0},cn=config"
ldap_add: Naming violation (64)

From: Alexandre Moraes at: 2010-08-27 16:51:13

Trouble with maildrop:

(user unknown. Command output: ERR: authdaemon: s_connect() failed: No such file or directory Invalid user specified. )

Fix:

touch /etc/postfix/maildroprc and add:

DEFAULT="/home/vmail/domains/$1/$2"

vim /etc/postfix/master.cf and modify:

maildrop  unix  -       n       n       -       -       pipe

   flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}

to:

maildrop  unix  -       n       n       -       -       pipe

  flags=DRhu user=vmail argv=/usr/bin/maildrop /etc/postfix/maildroprc ${nexthop} ${recipient}

From: Dominik at: 2011-03-24 09:43:11

I had the same error message, but, I don't want to use maildrop, I prefere dovecot. my problem was the postfixTransport attribute on the virtual domain. I forgot to change the plugins/mail.xml of phamm, so every new domain had maildrop in the postfixTransport attribute of the ldap. with phpldapadmin, navigate to hosting, select view childs, as table, select all, edit, paste dovecot: into the postfixTransport attribute and update all. Cheers Dominik

From: kewlrichie at: 2009-12-21 17:33:32

If you want your mail to end up in /home/vmail/domains so the full path of an email mailbox looks like this /home/vmail/domains/example.tld/bob@example.tld, which phamm and ldap is expecting it to be, you would need to change.

mail_location = maildir:/home/vmail/%d/%u

to

mail_location = maildir:/home/vmail/domains/%d/%u

From: Pavel Sebek at: 2010-06-24 08:20:50

Hi,

i would like correct a mistake in guide:

FROM:

----------------------------------------------------

 the file main.php:

 

Change (line 308):

$entry["maildrop"] = "postmaster";

To

$entry["mail"] = "dummy@".$domain_new;

-------------------------------------

TO:

-------------------------------------------------------

the file main.php:

 

Change (line 308):

$entry["maildrop"] = "postmaster";

To

$entry["maildrop"] = "dummy@".$domain_new;

----------------------------------------