Re: [vchkpw] SHA crypt ldap auth

[Jens Jahr]

Zitat von Rodrigo Pinheiro [EMAIL PROTECTED]:

   I would like that vpopmail supports SHA crypt in ldap database
 
 I'm using Iplanet and I would like to migrate to openldap.
 


Hi Rod,

sorry, vpopmail - ldap-auth does currently only support MD5 and Unix-crypt 
encryption for passwords.

Cheers
Jens

Re: [vchkpw] Re: error:domain already exsits

[Jens Jahr]

Zitat von Tohru Kobayashi [EMAIL PROTECTED]:

 
 I had the same problem with you until I disabled the clear password
 option.  Try
 
 ./configure --enable-lday=y --enable-loggin=y --enable-clear-password=n
 
 However, I am still interested to have clear password working.  Anyone
 with any suggestions?

Hi Toruh,
I already have a patch for that, which also has been refused.

Download it and please give me Feedback...

See my posting:
http://bluedot.net/mail/archive/read.php?f=2i=9479t=9479

It enables clear-text passwords in LDAP-Auth.

Cheers
Jens
 

Re: [vchkpw] Re: error:domain already exsits

[Jens Jahr]

Zitat von lixiang [EMAIL PROTECTED]:

  i don't want to change qmail-pop3d to courier-pop3d because i want to
 ensure the combination of qmail+vpopmail feasible.
 BTW, even i start the slapd with the  -s  debug  parameters, i cann't
 find any information in the syslog ( /var/log/message.*)
 ..
 

Hi lixiang,

so it is probably not an LDAP-issue but an qmail-pop3d issue.
So check if the qmail-pop3d-user is able to execute LINK_TO/vchkpw.

Check if the start-up of qmail-pop3d is set up properly.
( from inetd )

It should be : ( in a single line )

--- snip 
pop3 stream tcp nowait root /var/qmail/bin/qmail-popup qmail-popup 
YOUR_FQDN_OF_POP_HOST /home/vpopmail/bin/vchkpw 
/var/qmail/bin/qmail-pop3d Maildir
--- snap

Cheers
Jens

Re: [vchkpw] Re: New architecture

[Jens Jahr]

Sérgio Manuel Rosa wrote:

Jesse Guardiani writes:

On Monday 28 July 2003 20:05, Sérgio Manuel Rosa wrote:

Hi List,
I've got to build a new server. This server is going to hold a great 
number
of users and a lot of traffic.
My question is: should I use mySQL, ldap or none?


MySQL.  Without a doubt.


Thanks Jesse,
I was guessing that... Well it's never late to learn new stuff.
Regards
srosa
Hi Jesse,

bevor you decide to choose mySQL make your mind clear about the 
follwoing things:

- are you able to replicate your database with mySQL ?
- are these tables tranactional based  in mySQL ?
- are you able to do __consistent__ online backups with mySQL ? ( dont 
bother me with any mysql-dump scripts ... or something like that ... )
- did you ever do a disaster recovery with mySQL ?
- are you able to extend/migrate you database with mySQL ?

so if you really plan to setup a huge server which has to fit these 
point... well, things twice ;-))
There are more database backend's , e.g. oracle with totally fulfill 
these points.
if you are not familiar with these point , than you should choose mySQL.

Cheers
Jens

Re: [vchkpw] Re: error:domain already exsits

[Jens Jahr]

Zitat von lixiang [EMAIL PROTECTED]:

Hi lixiang,

   i  removed the cdb file, then  the problem is solved. thank you . :-)
   then , everything seems normal, except the pop authentication.  if i

Fine ;-)

 telnet localhost 110, and input the correct username and password, it
 reports:
   err aack, child crashed.
 
 

OK, I use courier pop3d which works fine, so you might try this one.
One very important parameter is to tell courier to do vchkpw - - auth

AUTHMODULES=authcustom authvchkpw


So add this line to your courier-pop3d conf-file than it should work.

If this doesn't help, have a look at you syslog if there is any LDAP-query and 
what is the result. So please post your syslog when this error occurs !

Cheers
Jens


P.S:
@LIST OK, next time I will post patches to SF, sorry for that mistake ;-) 

Re: [vchkpw] qmail+vpopmail+openldap+qmailadmin in redhat7.3

[Jens Jahr]

Zitat von lixiang [EMAIL PROTECTED]:

Hi lixiang,

OK, now I see your Prob !!

It is somekind of loop that you configured:

See here:

slapd.conf:

--- snip
 suffix  dc=koal,dc=com
 rootdn  cn=root,ou=people,dc=koal,dc=com  --- WRONG !!
--- snap

vldap.h
--- snip
 #define VLDAP_BASEDN ou=people,dc=koal,dc=com
 #define VLDAP_USER cn=root,ou=people,dc=koal,dc=com  --- WRONG !!
--- snap

###
You solution should look like this:

slapd.conf:

--- snip
 suffix  dc=koal,dc=com
 rootdn  cn=root,dc=koal,dc=com This is the difference
--- snap

vldap.h
--- snip
 #define VLDAP_BASEDN ou=people,dc=koal,dc=com
 #define VLDAP_USER cn=root,dc=koal,dc=com   This is the difference

--- snap


The rootdn must _not_ be a ldap entry that is inside your trie !!! 
It is just an internal User !!

So you might try this.
And remenber ! Your organisation ( dc=koal,dc=com ) and your arganisational Unit
( ou=people, dc=koal, dc=com) must both exist !!

And please make sure yout BASEDN in vldap.h is used. 
E.g. like

#define VLDAP_BASEDN ou=people,dc=koal,dc=com

And delete the #if-def clause

Cheers
Jens

Re: [vchkpw] qmail+vpopmail+openldap+qmailadmin in redhat7.3

[Jens Jahr]

Zitat von lixiang [EMAIL PROTECTED]:

Hi lixiang,

sorry for my late responds, I have been off for holiday ;-))
So if you verified your LDAP-Entries that they look like below ( e.g. with gq ) 
your are fine. 

 dc=koal,dc=com
   |
 -ou=people
|
 - ou=test.com
 |
  -uid=postmaster
  -uid=user1
  -uid=user2
  


It may be an access error, please check your settings in slapd.conf and compare 
them with your compilation in vldap.h

BaseDN and Binddn _must_ be correct, because if vpopmail tries to bind via an 
non existing ldap-user it doesn't see any entries at all.

Here is a sample of a successful auth:
---snip
conn=1047818 fd=7 ACCEPT from IP=::1 32811 (IP=:: 389) 
Jul 15 10:35:09 mail slapd[4671]: conn=1047818 op=0 BIND 
dn=cn=,dc=x,dc=net method=128 
Jul 15 10:35:09 mail slapd[4671]: conn=1047818 op=0 AUTHZ 
dn=cn=,dc=x,dc=net mech=simple ssf=0 
Jul 15 10:35:09 mail slapd[4671]: conn=1047818 op=0 RESULT tag=97 err=0 text= 
Jul 15 10:35:09 mail slapd[21275]: conn=1047818 op=1 SRCH 
base=ou=x.de,ou=people,dc=x,dc=net scope=2 filter=(
(objectClass=qmailUser)(uid=user1)) 
Jul 15 10:35:09 mail slapd[21275]: conn=1047818 op=1 SEARCH RESULT tag=101 
err=0 nentries=1 text= 

--- snap

Make sure your settings in vldap.h are correct:

--- snip
define VLDAP_SERVER localhost
#define VLDAP_PORT LDAP_PORT
#define VLDAP_USER cn=root,dc=,dc=net   This must be equal to 
slapd.conf 
#define VLDAP_PASSWORD password This must be equal to 
slapd.conf 

#define MAX_BUFF 500

#define VLDAP_BASEDN ou=people,dc=x,dc=net

--- snap

 Look at slapd.conf ###

--- snip
rootdn cn=root,dc=,dc=net --- This must be equal to 
vldap.h
rootpwpassword   This must be equal to 
vldap.h

--- snap


I think that is the reason for your probs. 

Have both of the initial LDAP-entries completed ?

snip
dn: dc=xxx,dc=net
objectclass: organization
o: xxx

dn:ou=people,dc=,dc=cn
objectclass: organizationalUnit
ou:people
snap


Please let me know if that doesnt help.

Cheers
Jens

Re: [vchkpw] error: segmentation fault and unable to chdir vpopmail/users directory

[Jens Jahr]

Zitat von lixiang [EMAIL PROTECTED]:

Hi lixiang,

 i have installed vpopmail-5.2.1,qmail-1.0.3, qmail-ldap, openldap-2.0.27,
 qmailadmin-1.0.6 in my Redhat 7.3 box.

Please do not mix qmail-ldap and vpopmail-ldap. These are totally different 
programms that both try to do the same. !!

I 'll give you a short step by step way to use vpopmail-ldap:


1) Edit qmailUser.schema

--- snip
attributetype ( 1.3.6.1.4.1.8868.3.1.2
NAME 'qmailGID'
DESC 'qmail group id'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{100}
SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.8868.3.1.3
NAME 'qmailUID'
DESC 'qmail userid'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{100}
SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.8868.3.1.4
NAME 'qmaildomain'
DESC 'qmail Domain'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{100}
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.8868.3.1.6
NAME 'mailQuota'
DESC 'qmail quota'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{100}
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.8868.3.1.7
NAME 'mailMessageStore'
DESC 'qmail Store'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{100}
SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.8868.3.1.8
NAME 'clearPassword'
DESC 'qmail Clear Password for APOP'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128}
SINGLE-VALUE )

objectclass ( 1.3.6.1.4.1.8868.3.1
NAME 'qmailUser'
DESC 'qmail local mail recipient'
SUP ( top $ person $ organizationalPerson )
MAY ( qmailGID $ qmailUID $ qmaildomain $
mailQuota $ mailMessageStore $ clearPassword $
uid $ name $ sn $ cn ) )

--- snap

2) Modify the definition of  person in core.schema to :

--- snip

 objectclass ( 2.5.6.6 NAME 'person'
 DESC 'RFC2256: a person'
 SUP top STRUCTURAL
 MAY ( sn $ cn $ userPassword $ telephoneNumber $ seeAlso $ description 
 $ mail $
 workphonenumber $ cellphonenumber $ postalAddress $
 title $ telexNumber $street $givenName $registeredAddress 
 $cellphone) )
 
--- snap
 



3) Edit vldap.h

vldap.h

--- snip

#define VLDAP_SERVER localhost
#define VLDAP_PORT LDAP_PORT
#define VLDAP_USER cn=root,dc=xx,dc=net
#define VLDAP_PASSWORD xx
#define MAX_BUFF 500

#define VLDAP_BASEDN ou=people,dc=xxx,dc=net

--- snap


4) Recompile vpopmail --with-ldap
Do not use both mysql and ldap !!!


5)
Setup slapd.conf 

slapd.conf
snip
include   /vmail/etc/openldap/schema/core.schema
include   /vmail/etc/openldap/schema/qmailUser.schema
..
access to attr=userPassword
   by  *  auth

database  bdb
suffix dc=xxx,dc=cn
rootdn dc=admin,dc=,dc=net
rootpwsecret
directory /var/openldap
index  objectclass   pres,eq
index  cn,sn,uid  eq,


6)
Start slapd

7)

Edit dn.ldif
snip
dn: dc=xxx,dc=net
objectclass: organization
o: ynst

dn:ou=people,dc=,dc=cn
objectclass: organizationalUnit
ou:people
snip

8) Add base DN
-
ldapadd -x -w admin -D 'cn=admin,dc=,dc=cn' -f  /tmp/dn.ldif
   adding new entry  dc=,dc=cn

   adding new entry ou=people,dc=,dc=cn
--

9) Test it 
ldapsearch -x -w admin -D 'cn=admin,dc=,dc=cn' -b 'dc=,dc=cn'

10)

Now you should be able to add domains and users using either qmailadmin oder 
commandline.


Note: LDAP support does work !!! And is stable !!! 
Some patches from me are still not included for any reason I do not know, so if 
you have any problems feel free to ask !!! I will do my best ;-)

On first glance this looks a little bit tricky, but when you go ahead living 
with LDAP all steps are getting more and more reasonable to you. After you have 
discovered the advantages of LDAP you do not want to miss it anymore, I 
promise ;-))

And if any error still occur please send the LDAP error message. I included 
this into vldap.c to have much more debugging informations.

Best regards Jens

-- 
Jens Jahr

Re: [vchkpw] RE:Re: [vchkpw] error: segmentation fault and unable to chdir vpopmail/users directory

[Jens Jahr]

Zitat von lixiang [EMAIL PROTECTED]:

Hi lixiang,

 i used your qmailUser.schema;  but make no modification for my
 core.schema, because the modification you provide make the attributetype
 error when start slapd. and because i have had the dc=koal,dc=com entry, so
 my dn.ldif is :

 
   dn:ou=people,dc=,dc=cn
   objectclass: organizationalUnit
   ou:people

Ok, look here:
Each entry you add is now a subtree vom ou=people,dc=,dc=cn
So your domains will be stored:

ou=test1.com,ou=people,dc=,dc=cn
ou=bla.com,ou=people,dc=,dc=cn

etc.

Your users will have entries like:

uid=user1,ou=test1.com,ou=people,dc=,dc=cn
uid=user567,ou=test1.com,ou=people,dc=,dc=cn

etc.

Your basedn is
ou=people,dc=,dc=cn

So you might use vckpw to auth your users!
See the problem you have ?

 Error: No such object
 matched DN: ou=people,dc=koal,dc=com
 -ERR authorization  failed

This is a querry to user: ou=people,dc=koal,dc=com
But as you now know this your Basedn and not a valid user.

Everytime you recompile vpopmail, you have to recompile qmailadmin, because it 
is limked against libvpopmail.a 

So try your commandline tools:
- vaddomain
- vadduser
- vmoduser
- vdeluser

If they work, then try to recompile qmailadmin.
You should have a base user call postmaster, which has been setup on adding the 
domain.

Get a ldapbrowser like gq, connect to your ldapserver and you should see 
something like

 dc=koal,dc=com
  |
   -ou=people
  |
   - ou=test1.com
   |
-uid=postmaster
-uid=user1
-uid=user156

BTW: I wonder that modifiying you core.schema results in an error, because I 
just changed a must-flag to a may-flag.

Best regards
Jens




 
 ldapadd succeed.  and now i add/delete  domain or users is indeed successful
 in command line. :-)  but i still have 2 problems:
 
 1. add user through qmailadmin ,it always report:  Email Account
 [EMAIL PROTECTED] (test1) could not be added, but this user actually has been
 added ,and its entry in ldap has also been added.  
 
 2. i test the send/receive email through OE client and  telnet 
 email-servers'ip 110 , the authentication always error:
 
 Error: No such object
 matched DN: ou=people,dc=koal,dc=com
 -ERR authorization  failed
 
 i ensure the password is correct for that user.
 
-- 
Jens Jahr

Re: [vchkpw] How many inodes is enough?

[Jens Jahr]

Zitat von Andrew Kohlsmith [EMAIL PROTECTED]:

Hi Andrew,

 No SMP here, but no problems so far, either, even under heavy NFS load.  I'd

exaclty that was the point under heavy SMP-load it broke with several error 
messages working as an NFS-Server ( kernel-space ). Ok, I didn't repeat the 
tests know for 15 month, because I decided to use XFS, so why should do these 
work again ?
Maybe they are now fixed. But I really dont care and as I said it was meant to 
be _my_ experience. But you may search the reifers archives where you can find 
a lot of articles about this issue. It is (was) a known problem.

 eventually like to have the mail spool server as a two or three node 
 (geographically distant) cluster, but I may have to move to AFS for that.  

AFS is fast and secure - I agree, but AFAIK volumes are limited to 8 GB

 I was originally looking at various DFSs but CODA and Intermezzo are both 

CODA also broke under heavy SMP-load in my tests.

 also under the impression that XFS was not a suitable FS, but I have to 
 admit I did not look too hard.
 Do you have some resources on XFS and what to look out for?

http://oss.sgi.com/projects/xfs/

You will find a lot of docu.

XFS also supports full POSIX - ACL's.
There are a lot of system tools that come with xfs ( diagnostic, dumps, 
restore, resize ) and which make life very easy and confortable. 
( And of course I am familiar with XFS, because of my IRIX background ;-)) ).

Feel free to use you FS of your choice, so do I.

Cheers
Jens

Re: [vchkpw] How many inodes is enough?

[Jens Jahr]

Zitat von Ajai Khattri [EMAIL PROTECTED]:

Hi Ajai,

 The new mail server is running Linux and qmail+vpopmail+MySQL :-)
 
 All this is great but I need to somehow calculate how many file system 
 inodes I need to move these mailboxes and support 2800 users. Does 
 anyone have any formulas/rules-of-thumb/tips ? Also, what would be an 
 appropriate block size for the fs?
 

You should use a filesystem with dynamic Inode allocation. I use XFS - it is 
incredibel fast and a journaling filesystem. It is even NFS-proof, so you can 
export your vpopmail-home to multiple hosts.

IMHO you should not use ext[23], because hosting 1.500.000 emails, stored in 
Maildirs, you will not see a good performance.

Reifers is also a filesystem with dynamic Inode allocation, but in my stress 
tests it fails under heavy SMP-Load and it has problems with NFS. Last it was 
unusable to be a cluster FS, because the standby host didn't see any file the 
origin hosts sees.

So feel free to make your own tests - this is meant to be my experience.

Cheers
Jens Jahr

Re: [vchkpw] Vpopmail/courier-imap with ldap

[Jens Jahr]

Zitat von Michel Gallant [EMAIL PROTECTED]:

 I'm running vpopmail with a cdb backend and courier-imap with the
 authvchkpw module.  I was wondering if many people are using the ldap
 backend.  I was also wondering if it's possible to use ldap for certain
 domains, and cdb for others.  The reason I'm asking is that I have a
 samba domain running for internal users, and right now their passwords
 are not synced with vpopmails.  I would like to run ldap for our domain,
 and run cdb for domains that we host.  Is this possible?  If so, are
 there any docs that could get me started?  Thanks


Hi,

yes it should be possible, but I didnt test it. But let me show you my 
imaginations: Because when you configure vpopmail you will have to choose 
wether to use LDAP or mysql as an authe´mtification module which end up that

vauth.[ch] is linked/renamed to vldap.[ch] bzw. vmysql.[ch]

The advantage is that each authentification modules uses the same API, so only 
the backend is changed, the disadvantage is that you cannot use both.

But it should work compiling 2 times vpopmail-mail, each with a different 
installation dir. See my example:

/home/vpopmail-ldap/domains/xyz
/home/vpopmail-mysql/domains/abc

so adding a domain to ldap yould use:

/home/vpopmail-ldap/bin/vaddomain 123.de

and vice versa.

I am not 100 % sure, but this seems possible to me. You may try ;-)

Cheers
Jens

Re: [vchkpw] Qmail +pine

[Jens Jahr]

Arquimedes Camacho Delgado wrote:

How can I use pine with qmail? is there a patch or a How to?

 

QUIT THE CRAP !

This is not the right place for that !!

What do you think a mailinglist concerning vpopmail is about ?!?

Jens Jahr

Re: [vchkpw] ldap support

[Jens Jahr]

Zitat von Remo Mattei [EMAIL PROTECTED]:

 I would to know if there is anyone that has successfully configure
 vpopmail with ldap for a global address book. If yes please contact me.

I do !

Cheers
Jens

RE: [vchkpw] SMTP Problems

[Jens Jahr]

Zitat von Clayton Weise [EMAIL PROTECTED]:

 Ok.. why would you post open relay as a suggestion?  Don't ever put
 :allow,RELAYCLIENT=””.  That will make your server open relay, which is BAD.
 Check the archives, I know there have been discussions before about courier
 imap authentication and vpopmail’s “romaing users” option

Hey,

why are you blaming me ?
If you will read my posting _carefully_ you will recognize a sentence like that:

Note that this is absolutely not the recommendes way !!!

Did you see the !!! and the word absolutely ???

What else should I do telling someone that there is a possibilty which is
definitivly not recommended ?

I can tell you to just format you HD and your are save that no one will relay
your server. 

Listen ! 

I do not want to start I flame war at all !!! 
so lets keep on beeing polite!!

It was meant as a hint nothing else 

Cheers
Jens

Re: [vchkpw] SMTP Problems

[Jens Jahr]

Zitat von Nate Davis [EMAIL PROTECTED]:


Hi,

well,
that domain is not in my allowed rcpthosts

means that you are not allowed to relay this host.
Please refer to the tcprules where you adjust your settings
like that:

--- snip
127.0.0.:allow,RELAYCLIENT=
192.168.:allow,RELAYCLIENT=
:allow,REQUIREAUTH=
-smap

which means that all execpt localhost and 192.168.x.x
have to authenticate before sending mail.

If you just all let relay your server just add  simpple:
:allow,RELAYCLIENT=

and you are done.

Note that this is absolutely not the recommendes way !!!

Cheers
Jens

[vchkpw] Re: LDAP working :(

[Jens Jahr]

Zitat von Remo Mattei [EMAIL PROTECTED]:

 I do not thing that my server is working ok since I cannot set quota, I
 cannot see clear passwd (it says null) Thanks for your help.

Hi,

There another issue concering clear passwd.
This is until now not supported by LDAP-backend.
It is on my TODO-List to add this, but it means some
major rewrite of the LDAP-backend.

It is currently in _my_ CVS-Tree, but it needs some more
testing. As soon as it proves stablility and backward
compatiblilty I will let this list know.


Cheers
Jens

 

Re: [vchkpw] Re: LDAP working :(

[Jens Jahr]

Zitat von Sunagawa Koji / $B:=@n(B $B9';y(B [EMAIL PROTECTED]:

 you can use clear passwd with my patch.
 
 Please Try this patch. It is for 5.3.9.
 http://www.ofug.net/~koj/vpopmail-ldap-apop/vpopmail-ldap-apop-20020917.tar.gz

Hi,

good job !

But it wont apply against 5.3.12.

- In my CVS-Tree I thought about dynamically using LDAP-entries, because
  hardcoding a special row for a special entrie makes it worse to add more new 
  LDAP-entries, because you have a bunge of #ifdefs and you will have to 
  doublecheck the whole code where direct access to an LDAP-entry is made

As a result I think it is nice to just address an LDAP-Entrie via pointers.
e.g.
QMAILDOMAIN = 1;
CLEAR_PW = 2;
qmailUID = 3;
etc

which are dynamically setup.

So general access to it would be

#ifdef CLEAR_PW
lm[CLEAR_PW]-mod_values[0] = strdup(password);
#endif

next would be 

lm[QMAILDOMAIN]-mod_values[0] = strdup(password);

no matter if I ifdefed CLEAR_PW or not.
This make code much more easy and readable.

Hope you understand my point and tell me what do you think.

I will release a patch for vpopmail-5.3.12 that uses your way, but I am
of the opinion to have a clear interface to what is used or not is better than 
using static addresses.


Cheers
Jens

 

[vchkpw] Enable Clear test passwords in LDAP

[Jens Jahr]

Bill,

this a patch for vpopmail, which enables the storage of
clear passwords in LDAP. It is against vanilla vpopmail-5.3.12 and
is based on the work from koj ( [EMAIL PROTECTED] )

Fixes includes:
- clear password storage in LDAP operational

I send another patch you - and because I want to do some additional
work that is based on it, please let me know if you like it or if you disagree.

Note that this patch is against vanilla vpopmail-5.3.12.
It also requires a modified qmailUser.schema.

I have basically tested it and it worked for:
vadduser/vsetuserquota/vuserinfo/vpasswd

Download:
Patch:
http://www.tiski.de/linux/patches/vpopmail/patch-vpopmail-clear.gz

qmailUser.schema
http://www.tiski.de/linux/patches/vpopmail/qmailUser.schema

Cheers
Jens

Re: [vchkpw] Qmailadmin + vpopmail + LDAP weird stuff

[Jens Jahr]

Zitat von Remo Mattei [EMAIL PROTECTED]:

 Hi guys, I have vpopmail running with OpenLDAP and everything is ok, I can
 see users from qmailadmin, I can users using the vadduser option no problem,
 but when I try to add user with qmailadmin I get the text saying user could
 not be added but it does get added, I check it with vuserinfo and it's there
 but the text it's just not right, any suggestions.
 

Hi Remo,

are you using my latest LDAP-patches or version 5.3.12, which have them
applied ?

I have fixed several of these problem also the weired 
Can't change to users directory

Cheers
Jens

Re: [vchkpw] Qmailadmin + vpopmail + LDAP weird stuff

[Jens Jahr]

Zitat von Remo Mattei [EMAIL PROTECTED]:

 I am using 5.3.12, 
 
 REMO

Hi,

Did you recompile qmailadmin after compiling vpopmail ?
This is important, because it is linked against libvpopmail.a

I can't reproduce this problem here, so I need more info.

What does the syslog say ?
Any LDAP-errors adding a user from qmailadmin ?
( e.g. error = 49, entries = 0 )

Cheers
Jens

[vchkpw] Re: LDAP working :(

[Jens Jahr]

Zitat von Remo Mattei [EMAIL PROTECTED]:

 I do not thing that my server is working ok since I cannot set quota, I
 cannot see clear passwd (it says null) Thanks for your help.


Ok, I hope this can help.

http://www.tiski.de/linux/patches/vpopmail/patch-vpopmail-jja-1.gz

it is against vpopmail-5.3.12 and should apply
cleanly. I already send it to Bill.
This should improve you debugging cababilities and should be backward compatible.
I have seen an error according to your log: error: Success.
This should be fixed with that patch.

Fixed included:
- calling vadddomain/vdeldomain the auth module call can fail
- fixes for vsetuserquota to say what's going wrong

Remember to recompile qmailadmin after applying !!!

Give it try and tell me.

Cheers
Jens

[vchkpw] vpopmail-patch

[Jens Jahr]

Hi Bill,

I have enclosed a maintenance patch for vpopmail/ldap.
Let me first explain why I did it.

There are several places where auth module is called, but 
not check what happened. This is especially importtant using the
LDAP backend, because an auth module call can fail !
E.g. invalid credentials, cannot connect etc.
Furthermore it is importtant to know why it failed and not just silently
do nothing. So This patch address some points:

- Adding a domain, first setup dirs etc and then call the auth module. So when 
it fails, the assignent and the dirs still resist, which causes the next 
vadddomain call answering That domain already exist
- Same with deleting a domain / just the other way around. Dirs and assignment 
are deleted, but because of the failure of the auth module it still resists in 
LDAP-Tree
- calling vsetuserquota and the username/domainename does not exist does give 
give a clear reason

Fixed included:
- calling vadddomain/vdeldomain the auth module call can fail
- fixes for vsetuserquota to say what's going wrong

You can download it from:
http://www.tiski.de/linux/patches/vpopmail/patch-vpopmail-jja-1.gz
  
It is against vpopmail-5.3.12 and has been successfully tested for backward 
compatibility.

Cheers
Jens




-- 
Jens Jahr

 




patch-vpopmail-jja-1.gz
Description: Binary data

Re: [vchkpw] LDAP setup howto

[Jens Jahr]

Zitat von Remo Mattei [EMAIL PROTECTED]:

 Hi guys, does anyone have an howto on how to setup vpopmail + mysql +
 ldap + qmailadmin? 
 Thanks


Hi,

I have an LDAP-Howto. It is up to date and should
work with latest OpenLDAP.

Read it at:

http://www.tiski.de/linux/patches/vpopmail/LDAP-VPOPMAIL.html

There are also additional patches to make the LDAP-code work.
Download them at:

http://www.tiski.de/linux/patches/vpopmail/patch-ldap-latest.gz

Enjoy ..

Cheers
Jens


 

Re: [vchkpw] LDAP setup howto

[Jens Jahr]

Zitat von Boris Manojlovic [EMAIL PROTECTED]:

 
 As you know I'm (was better to say) a main developer of ldap module for
 vpopmail as that I would ask Bill Shupp to commit these changes into
 vpopmail base (and I send you small patch allready but was never commited)
 
 so anyway  Jens Jahr when you created your howto you expeled MD5 support
 Ok I must confess that my support was not so good for MD5 but anyway with
 tweaking of openldap slapd we can get REAL MD5 hash system `
 Anyway I think job is still not done with LDAP module but first we DO need
 
 Bill Shup to commit your changes to base source tree
 

Hi Boris,

your are right with your slapd tweaks ! I already ajust my how-to ;-)
Because now I have a huge mailsever running vpopmail-ldap i am indeed willing to
improve the vpopmail-LDAP support.
As you may know that many of the M$ guys are using ADS, the only reason to give
this mailserver a chance running linux was definitively : LDAP is supported.

So I have been in big trouble, because I had several problems runing
vpopmail-ldap, including this fancy: unable to change to userdir.

so I began these patches to make LDAP-supporr work for me and include the whole
LDAP-error message.

There is some work to do and I am willing to address it - making vpopmail
support LDAP in a propper way - You did a __great__ job implenting the initial
LDAP-support  !!

I will offer all my patches to be included in mainstream in order to get a get a
complete LDAP-support in vpopmail and I will also maintain my LDAP-Howto

But I am absolutly not familar to whom I should send my patches.

Cheers 
Jens
 
 

Re: [vchkpw] How do I transfer a mail domain safely to another system...

[Jens Jahr]

Zitat von Taylor Dondich [EMAIL PROTECTED]:

 I want to slowly transfer the domains to a dedicated mail server.  What 
 would be the easiest way to transfer the domains over while still 
 attempting to retain password information?

well, 

I suggest you should think about the LDAP way..
BECAUSE that is exactly the point why you should switch to LDAP.

You could have 10 or even more servers sharing the same
LDAP backend.

I know there are people thinking in a different way, but for __me__
LDAP is the future with witch you can avoid such problems by default.

So think about it

Cheers
Jens

[vchkpw] LDAP-Patch-3 incl. ldap-sort-fix

[Jens Jahr]

Hi list,

this is my third drop make the LDAP-code mode robust.
It is a huge code clean incl the unsupported feature
to sort LDAP-Entries returened by the LDAP-Server.

Note this is not an incremental patch, it includes all
my previous patches. It is against vpopmail-5.3.8 but it applies
cleanly against vpopmail-5.3.9 !!

Changelog:

- major code cleanup
- support for ldap-sort-entries

Download it at:

http://www.tiski.de/linux/patches/vpopmail/patch-ldap-3.gz

Have fun because I do
Cheers
Jens

[vchkpw] quotafix-patch ported to qmailadmin-1.06

[Jens Jahr]

Hi list,

I have ported the qmailadmin quotafix-fax to qmailadmin-1.06.
The patch is based on the qmailquotafix for qmailadmin-1.04 by jhopper.

Download it at :

http://www.tiski.de/linux/patches/vpopmail/patch-quotafix-1.06.gz


Enjoy
Jens

[vchkpw] ldap-sort-fix without my LDAP work

[Jens Jahr]

Hi,

for those who want to use the ldap-sort-feature,
but are yet not able to apply my LDAP work,
I diffed it seperately. It is a quite simple patch.

Download it at:

http://www.tiski.de/linux/patches/vpopmail/patch-sort

Enjoy
Jens

Re: [vchkpw] ldap-sort-fix without my LDAP work

[Jens Jahr]

Zitat von Michael Bowe [EMAIL PROTECTED]:

Yep, you are right, but as far as I understand template.c in qmailadmin
vauth_getall in called always using Parameter 0 ( third one ) for not
sort it. So I have the choice between calling vauth_getall with Parameter 0,
which is hardcoded or with Parameter 1, wich is also hardcoded.

So as long as in qmailadmin is no ( eg. checkbox ) to choose wether to sort entries or 
not it make no sense to to a

if ( sort =1 ) { sort; }
   else { do_not_sort; }

because it is always hardcoded in qmailadmin ( template.c ).
Adding this will be no problem and I can do this 
quickly, but I hope you understand why I
didnot implement it until now.

Cheers
Jens



 I am glad to see you took action based on my recent suggestion :-)
 
 I took a look at your patch, and it looks like that sorting is always used
 now?
 
 I think it is meant to be optional based on whether the sortit parameter of
 vauth_getall() is set to 0 or 1. Take a look at the very bottom of this page
 for more info http://inter7.com/vpopmail/vpopmail.html
 
 So I think the ldap_sort_entries command needs to be wrapped with a
 
 if ( sortit == 1 ) {
 }
 
 or similar.

[vchkpw] LDAP-Patch

[Jens Jahr]

Hi,

this is another attempt to make the LDAP code a little more robust.
Included is a patch against vpopmail-5.3.8 which fixes the following things:

- vauth_getpw now returns a struct vqpasswd * ( as defined )
- changed handling of vpw to be a pointer to struct vqpasswd
- check if vauth_getpw in vpopmail.c return a value != NULL ( e.g. when you 
call vsetuserquota and user doesnot exits )

With this patch applied you will be able to use quotas stored in LDAP.
Note, this is not an incremental patch from my last post a few days ago. It 
should apply cleanly against vpopmail-5.3.8.

Cheers
Jens

-- 



This mail sent through Novasoft WWW-Mail



patch-ldap-1.gz
Description: application/gzip-compressed