subject:"Re\: Qmail\-LDAP and AD Howto"

Re: Qmail-LDAP and AD Howto

2007-04-20 Thread Zdravko Stoychev


Hey all!

I think your HOWTO is way too complicated! One don't have to install SFU 
- all you need is to set *control/ldaprebind* to '1' and users can login 
with their AD password as well. Here are all the changes needed to run 
qmail-ldap with AD vanilla scheme:

$ cat ~/qmail-1.03-mps/qmail-ldap.h
...
#define LDAP_MAIL mail
#define LDAP_MAILSTOREmail
#define LDAP_UID  mail
...
$ cat /var/qmail/control/ldapmessagestore
/home/vmail
I also prefer using 'mail' as LDAP_UID, thus users will login using 
their full email address and AD password. Also setting LDAP_MAILSTORE to 
'mail' (remember this value can be relative to Message Store) and 
*control/ldapmessagestore* to '/home/vmail' will generate virtual users 
folders like this:

$ ll /home/vmail/
total 488
drwx--  3 vmail vmail 4096 Apr  2 13:18 anastasia.ne...mps.bg
drwx--  4 vmail vmail 4096 Apr  2 13:18 andrei.atana...mps.bg
drwx--  3 vmail vmail 4096 Apr  2 13:18 andrey.geo...mps.bg
drwx--  3 vmail vmail 4096 Apr  2 13:18 angel.dimi...mps.bg
drwx--  3 vmail vmail 4096 Apr  2 13:18 antoaneta.rad...mps.bg

drwx--  3 vmail vmail 4096 Apr  2 13:18 youliy.ni...mps.bg
drwx--  3 vmail vmail 4096 Apr  2 13:18 zdravko.hleb...mps.bg
drwx--  3 vmail vmail 4096 Apr  2 13:18 zdravko.stoy...mps.bg

One could test if it's ok by running both:

$ cd ~/qmail-1.03-mps/
$ ./qmail-ldaplookup -u user's_email_address
$ ./qmail-ldaplookup -m user's_email_address
The results should be for the same person in both cases (switches -u and 
-m) and both should find 1 result. This configuration will allow users 
to use AUTH_SMTP (with TLS) with full email address as username and AD 
password, as well.


As for the 'userAccountControl' usage, I think your implementation need 
some tailoring (see bellow why).


First, some information. The 'userAccountControl' attribute in AD is a 
set of flags. The flags are cumulative. Right, to disable a user's 
account, set the UserAccountControl attribute to 0x0202 (0x002 + 
0x0200). In decimal, this is 514 (2 + 512) where:

Property flag  Value in hexadecimal   Value in decimal
ACCOUNTDISABLE 0x0002 2
LOCKOUT0x0010 16
PASSWD_CANT_CHANGE 0x0040 64
NORMAL_ACCOUNT 0x0200 512
DONT_EXPIRE_PASSWORD   0x165536

These are the default UserAccountControl values for the certain objects:

   * Typical user : 0x200 (512)
   * Domain controller : 0x82000 (532480)
   * Workstation/server: 0x1000 (4096)

For full list of possible flags visit: 
http://support.microsoft.com/kb/305144.


You're using values 512 and 514 but some accounts might have set 
PASSWD_CANT_CHANGE or DONT_EXPIRE_PASSWORD flags, so these values will 
not match. You have to mask it before case:



if (r != OK) fail(q, qldap_get_status, r);
switch (status  0x202) {
case STATUS_BOUNCE:
...
  
It's going to be a nice HOWTO anyway and we should put it in Wiki 
documentation as well ! :)


Regards,
Zdravko

Carlos wrote:

Hi peoples,

I make one simple howto and patch to install and configure qmail-ldap
authenticate in AD.

its attached the Howto and patch.

excuse by my english

good luck


Carlos
  


--
 Zdravko Stoychev
 System Software and Support
 MPS Ltd.
 [EMAIL PROTECTED]
 +359-2-491-1827 (ext.271)

Ако не отговарям на писмата Ви - погледнете тук: http://6lyokavitza.org/mail

This e-mail is intended only for the addressee(s) and may contain privileged 
and confidential information. It should not be disseminated, distributed, or 
copied. If you have received this e-mail message by mistake, please inform the 
sender, and delete it from your system.



smime.p7s
Description: S/MIME Cryptographic Signature

Re: Qmail-LDAP and AD Howto

2007-04-20 Thread Zdravko Stoychev


OK, just realised that next is incorrect:

Zdravko Stoychev wrote:

You have to mask it before case:

if (r != OK) fail(q, qldap_get_status, r);
switch (status  0x202) {
case STATUS_BOUNCE:
...

Actually the file *qldap.c* should be modified (see qldap_get_status() 
function implementation).


--
 Zdravko Stoychev
 System Software and Support
 MPS Ltd.
 [EMAIL PROTECTED]
 +359-2-491-1827 (ext.271)

Ако не отговарям на писмата Ви - погледнете тук: http://6lyokavitza.org/mail

This e-mail is intended only for the addressee(s) and may contain privileged 
and confidential information. It should not be disseminated, distributed, or 
copied. If you have received this e-mail message by mistake, please inform the 
sender, and delete it from your system.



smime.p7s
Description: S/MIME Cryptographic Signature

Re: Qmail-LDAP and AD Howto

2007-04-06 Thread ccesario


I think that no Mario, 

The patch is complete. 

I tested and is working 

Test and tell me the result 

[]'s 
Carlos 


Em 05 Apr 2007, Mário_Gamito escreveu: 

Hi, 
 
I think the patch is incomplete. 
Maybe your e-mail exceeded the message size limit of the list. 
Or some mistake ? 
 
[In portuguese] 
Parece que o teu patch está incompleto. 
Será que o teu mail excedeu o limite permitido pela lista, ou tu te 
enganas-te nalguma coisa ? 
[/In Portuguese] 
 
Best Regards, 
Mário Gamito

Re: Qmail-LDAP and AD Howto

2007-04-05 Thread Mário Gamito

Hi,

I think the patch is incomplete.
Maybe your e-mail exceeded the message size limit of the list.
Or some mistake ?

[In portuguese]
Parece que o teu patch está incompleto.
Será que o teu mail excedeu o limite permitido pela lista, ou tu te
enganas-te nalguma coisa ?
[/In Portuguese]

Best Regards,
Mário Gamito
Carlos wrote:
 Hi peoples,
 
 I make one simple howto and patch to install and configure qmail-ldap
 authenticate in AD.
 
 its attached the Howto and patch.
 
 excuse by my english
 
 good luck
 
 
 Carlos
 
 
 
 
 
  QMAIL-LDAP + AD INTEGRATE
 
 
 * Objective
 
   Authenticate Windows AD Server with qmail-ldap.
 
 * System tested
 
   Windows 2003 Server with SP2
   OpenSuse Linux-10.2 and Ubuntu 6.10 
   qmail-ldap-1.03-20060201.patch
 
 * Install process
 
   First install Windows 2003 Server, and after finish installation, 
 install SFU (MS Services for Unix) with NIS support.
   After this add new user in AD and in new tab Unix Attributtes choose 
 the domain and click in OK.
   Change again the user password.
 
   FINISH :-)
 
 
   Now in you linux system, see the steps of site 
 http://www.qmail-ldap.org/wiki/Full_Installation_Guide.
   In step Basic Qmail Installation
 
   After apply qmail-ldap patch. 
 
   ++
   cd /usr/local/src
   wget http://200.4.48.8/pub/mail-tools/qmail/dist/qmail-1.03.tar.gz 
   wget http://www.nrg4u.com/qmail/qmail-ldap-1.03-20060201.patch.gz
   tar xvfz qmail-1.03.tar.gz 
   cd qmail-1.03 
   zcat ../qmail-ldap-1.03-20060201.patch.gz | patch -p1
   ++
 
   Apply my patch
 
   ++
   cd /usr/local/src/qmail-1.03
   patch -p1  /var/src/qmail-ad.patch
   patching file Makefile
   patching file qmail-ldap.h
   patching file qmail-ldaplookup.c
   ++
 
 
   And continue the steps from site.
 
   Finish :D
 
 
   ---
   My control files (my domain is test.com)
 
   ldapbasednldapdefaultdotmode
   cn=Users,dc=test,dc=com
 
   ldapdefaultdotmode
   both
 
   ldaplogin
   cn=Administrador,cn=Users,dc=test,dc=com
 
   ldapmessagestore
   /home/vmail
 
   ldapobjectclass
   User
 
   ldappassword
   mypass
 
   ldapserver  (Ip address of AD)
   192.168.2.11
 
   ldapuid
   11184
   
   ldapgid
   2110
   -
 
 
 good luck
 
 
 
 
 
 Carlos Cesario
 [EMAIL PROTECTED]
 
 
 
 
 diff -uNr qmail-1.03.Ori/Makefile /var/src/qmail-1.03.ORI/Makefile
 --- qmail-1.03.Ori/Makefile   2007-04-05 06:19:17.0 -0300
 +++ /var/src/qmail-1.03.ORI/Makefile  2007-03-07 15:46:34.0 -0300
 @@ -19,7 +19,7 @@
  # -DQMQP_COMPRESS to use the QMQP on the fly compression (for clusters)
  # -DQUOTATRASH to include the Trash in the quota calculation (normaly it is 
 not)
  # -DSMTPEXECCHECK to enable smtp DOS/Windows executable detection
 -#LDAPFLAGS=-DQLDAP_CLUSTER -DEXTERNAL_TODO -DDASH_EXT -DDATA_COMPRESS 
 -DQMQP_COMPRESS -DSMTPEXECCHECK
 +LDAPFLAGS=-DQLDAP_CLUSTER -DEXTERNAL_TODO -DDASH_EXT -DDATA_COMPRESS 
 -DQMQP_COMPRESS -DSMTPEXECCHECK -DALTQUEUE
  
  # Perhaps you have different ldap libraries, change them here
  LDAPLIBS=-L/usr/local/lib -lldap -llber
 @@ -33,7 +33,7 @@
  #LDAPINCLUDES=-I/opt/OpenLDAP/include
  
  # ZLIB needed for -DDATA_COMPRESS and -DQMQP_COMPRESS
 -#ZLIB=-lz
 +ZLIB=-lz
  # or you installed zlib in a different path you can use something like this
  #ZLIB=-L/opt/zlib/lib -lz
  #ZINCLUDES=-I/opt/zlib/include
 @@ -43,13 +43,13 @@
  # use -DTLS_REMOTE to enable tls support in qmail-remote
  # use -DTLS_SMTPD to enable tls support in qmail-smtpd
  # use -DTLSDEBUG to enable additional tls debug information in qmail-remote
 -#TLS=-DTLS_REMOTE -DTLS_SMTPD
 +TLS=-DTLS_REMOTE -DTLS_SMTPD
  # Path to OpenSSL includes
 -#TLSINCLUDES=-I/usr/local/include
 +TLSINCLUDES=-I/usr/local/include
  # Path to OpenSSL libraries
 -#TLSLIBS=-L/usr/local/lib -lssl -lcrypto
 +TLSLIBS=-L/usr/local/lib -lssl -lcrypto
  # Path to OpenSSL binary
 -#OPENSSLBIN=/usr/local/bin/openssl
 +OPENSSLBIN=/usr/bin/openssl
  #OPENSSLBIN=openssl
  
  # to make the Netscape download progress bar work with qmail-pop3d
 @@ -57,13 +57,13 @@
  MNW=-DMAKE_NETSCAPE_WORK 
  
  # to enable the auto-maildir-make feature uncomment the next line
 -#MDIRMAKE=-DAUTOMAILDIRMAKE
 +MDIRMAKE=-DAUTOMAILDIRMAKE
  
  # to

Re: Qmail-LDAP and AD Howto

Re: Qmail-LDAP and AD Howto

Re: Qmail-LDAP and AD Howto

Re: Qmail-LDAP and AD Howto

4 matches

Site Navigation

Mail list logo

Footer information