Hi peoples,
I make one simple howto and patch to install and configure qmail-ldap
authenticate in AD.
its attached the Howto and patch.
excuse by my english
good luck
Carlos
========================================
QMAIL-LDAP + AD INTEGRATE
========================================
* Objective
Authenticate Windows AD Server with qmail-ldap.
* System tested
Windows 2003 Server with SP2
OpenSuse Linux-10.2 and Ubuntu 6.10
qmail-ldap-1.03-20060201.patch
* Install process
First install Windows 2003 Server, and after finish installation,
install SFU (MS Services for Unix) with NIS support.
After this add new user in AD and in new tab "Unix Attributtes" choose
the domain and click in OK.
Change again the user password.
FINISH :-)
Now in you linux system, see the steps of site
http://www.qmail-ldap.org/wiki/Full_Installation_Guide.
In step "Basic Qmail Installation"
After apply qmail-ldap patch.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
cd /usr/local/src
wget http://200.4.48.8/pub/mail-tools/qmail/dist/qmail-1.03.tar.gz
wget http://www.nrg4u.com/qmail/qmail-ldap-1.03-20060201.patch.gz
tar xvfz qmail-1.03.tar.gz
cd qmail-1.03
zcat ../qmail-ldap-1.03-20060201.patch.gz | patch -p1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Apply my patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
cd /usr/local/src/qmail-1.03
patch -p1 < /var/src/qmail-ad.patch
patching file Makefile
patching file qmail-ldap.h
patching file qmail-ldaplookup.c
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
And continue the steps from site.
Finish :D
-----------------------------------------------------------
My control files (my domain is test.com)
ldapbasednldapdefaultdotmode
cn=Users,dc=test,dc=com
ldapdefaultdotmode
both
ldaplogin
cn=Administrador,cn=Users,dc=test,dc=com
ldapmessagestore
/home/vmail
ldapobjectclass
User
ldappassword
mypass
ldapserver (Ip address of AD)
192.168.2.11
ldapuid
11184
ldapgid
2110
---------------------------------------------------------
good luck
Carlos Cesario
[EMAIL PROTECTED]
diff -uNr qmail-1.03.Ori/Makefile /var/src/qmail-1.03.ORI/Makefile
--- qmail-1.03.Ori/Makefile 2007-04-05 06:19:17.000000000 -0300
+++ /var/src/qmail-1.03.ORI/Makefile 2007-03-07 15:46:34.000000000 -0300
@@ -19,7 +19,7 @@
# -DQMQP_COMPRESS to use the QMQP on the fly compression (for clusters)
# -DQUOTATRASH to include the Trash in the quota calculation (normaly it is not)
# -DSMTPEXECCHECK to enable smtp DOS/Windows executable detection
-#LDAPFLAGS=-DQLDAP_CLUSTER -DEXTERNAL_TODO -DDASH_EXT -DDATA_COMPRESS -DQMQP_COMPRESS -DSMTPEXECCHECK
+LDAPFLAGS=-DQLDAP_CLUSTER -DEXTERNAL_TODO -DDASH_EXT -DDATA_COMPRESS -DQMQP_COMPRESS -DSMTPEXECCHECK -DALTQUEUE
# Perhaps you have different ldap libraries, change them here
LDAPLIBS=-L/usr/local/lib -lldap -llber
@@ -33,7 +33,7 @@
#LDAPINCLUDES=-I/opt/OpenLDAP/include
# ZLIB needed for -DDATA_COMPRESS and -DQMQP_COMPRESS
-#ZLIB=-lz
+ZLIB=-lz
# or you installed zlib in a different path you can use something like this
#ZLIB=-L/opt/zlib/lib -lz
#ZINCLUDES=-I/opt/zlib/include
@@ -43,13 +43,13 @@
# use -DTLS_REMOTE to enable tls support in qmail-remote
# use -DTLS_SMTPD to enable tls support in qmail-smtpd
# use -DTLSDEBUG to enable additional tls debug information in qmail-remote
-#TLS=-DTLS_REMOTE -DTLS_SMTPD
+TLS=-DTLS_REMOTE -DTLS_SMTPD
# Path to OpenSSL includes
-#TLSINCLUDES=-I/usr/local/include
+TLSINCLUDES=-I/usr/local/include
# Path to OpenSSL libraries
-#TLSLIBS=-L/usr/local/lib -lssl -lcrypto
+TLSLIBS=-L/usr/local/lib -lssl -lcrypto
# Path to OpenSSL binary
-#OPENSSLBIN=/usr/local/bin/openssl
+OPENSSLBIN=/usr/bin/openssl
#OPENSSLBIN=openssl
# to make the Netscape download progress bar work with qmail-pop3d
@@ -57,13 +57,13 @@
MNW=-DMAKE_NETSCAPE_WORK
# to enable the auto-maildir-make feature uncomment the next line
-#MDIRMAKE=-DAUTOMAILDIRMAKE
+MDIRMAKE=-DAUTOMAILDIRMAKE
# to enable the auto-homedir-make feature uncomment the next line
-#HDIRMAKE=-DAUTOHOMEDIRMAKE
+HDIRMAKE=-DAUTOHOMEDIRMAKE
# on most systems we need this to make auth_pop and auth_imap
-#SHADOWLIBS=-lcrypt
+SHADOWLIBS=-lcrypt
# OpenBSD and other Systems do not have libcrypt, so comment the line out
# if you get linking problems.
# To use shadow passwords under some Linux OS, uncomment the next two lines.
@@ -73,7 +73,7 @@
# to enable the possibility to log and debug imap and pop uncoment the
# next line
-#DEBUG=-DDEBUG
+DEBUG=-DDEBUG
# WARNING: you need a NONE DEBUG auth_* to run with inetd
# for profiling ...
diff -uNr qmail-1.03.Ori/qmail-ldap.h /var/src/qmail-1.03.ORI/qmail-ldap.h
--- qmail-1.03.Ori/qmail-ldap.h 2007-04-05 06:19:17.000000000 -0300
+++ /var/src/qmail-1.03.ORI/qmail-ldap.h 2007-03-07 15:46:32.000000000 -0300
@@ -93,11 +93,11 @@
ldap variables used in qmail-lspawn and auth_*
*********************************************************************/
#define LDAP_MAIL "mail"
-#define LDAP_MAILALTERNATE "mailAlternateAddress"
+#define LDAP_MAILALTERNATE "otherMailbox"
#define LDAP_QMAILUID "qmailUID"
#define LDAP_QMAILGID "qmailGID"
-#define LDAP_MAILSTORE "mailMessageStore"
-#define LDAP_HOMEDIR "homeDirectory"
+#define LDAP_MAILSTORE "sAMAccountName"
+#define LDAP_HOMEDIR "NOhomeDirectory"
#define LDAP_QUOTA "mailQuota"
#define LDAP_QUOTA_SIZE "mailQuotaSize"
#define LDAP_QUOTA_COUNT "mailQuotaCount"
@@ -108,10 +108,10 @@
#define LDAP_MODE "deliveryMode"
#define LDAP_REPLYTEXT "mailReplyText"
#define LDAP_DOTMODE "qmailDotMode"
-#define LDAP_UID "uid"
-#define LDAP_PASSWD "userPassword"
+#define LDAP_UID "mail"
+#define LDAP_PASSWD "msSFU30Password"
#define LDAP_OBJECTCLASS "objectClass"
-#define LDAP_ISACTIVE "accountStatus"
+#define LDAP_ISACTIVE "userAccountControl"
#define LDAP_PURGE "qmailAccountPurge"
#define DOTMODE_LDAPONLY "ldaponly"
@@ -132,10 +132,11 @@
#define MODE_PROG "program"
#define MODE_NOREPLY "noreply"
-#define ISACTIVE_BOUNCE "disabled"
+#define ISACTIVE_BOUNCE "514"
#define ISACTIVE_DELETE "deleted"
#define ISACTIVE_NOACCESS "noaccess"
-#define ISACTIVE_ACTIVE "active"
+#define ISACTIVE_ACTIVE "512"
+#define ISACTIVE_ACTIVE_AD "66048"
/*********************************************************************
ldap variables used in qmail-group
diff -uNr qmail-1.03.Ori/qmail-ldaplookup.c /var/src/qmail-1.03.ORI/qmail-ldaplookup.c
--- qmail-1.03.Ori/qmail-ldaplookup.c 2007-04-05 06:19:17.000000000 -0300
+++ /var/src/qmail-1.03.ORI/qmail-ldaplookup.c 2007-03-07 15:46:33.000000000 -0300
@@ -321,16 +321,16 @@
if (r != OK) fail(q, "qldap_get_status", r);
switch (status) {
case STATUS_BOUNCE:
- output(subfdout, "%s: %s\n",
- LDAP_ISACTIVE, ISACTIVE_BOUNCE);
+ output(subfdout, "%s: %s %s\n",
+ LDAP_ISACTIVE, ISACTIVE_BOUNCE, "=> disabled");
break;
case STATUS_NOACCESS:
output(subfdout, "%s: %s\n",
LDAP_ISACTIVE, ISACTIVE_NOACCESS);
break;
case STATUS_OK:
- output(subfdout, "%s: %s\n",
- LDAP_ISACTIVE, ISACTIVE_ACTIVE);
+ output(subfdout, "%s: %s %s\n",
+ LDAP_ISACTIVE, ISACTIVE_ACTIVE, "=>active");
break;
case STATUS_UNDEF:
output(subfdout, "%s: %s\n", LDAP_ISACTIVE,
