-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We have a project to convert a system from cdb to LDAP and because the LDAP 
module
has not had as much attention as some of the other database modules, I figured 
I'd
post to the list with information on things I came across and how it was done.

Firstly, the installation and configuration of vpopmail went almost as smoothly
as the README.ldap script outlines.  The only issue I came across was with 
vpopmail
not setting the 'sn' value.  Easiest way for me to get around this on a system
only using LDAP for vpopmail, was to modify 
/usr/local/etc/openldap/schema/core.schema
to make sn and cn a MAY rather than a MUST:

objectclass ( 2.5.6.6 NAME 'person'
        DESC 'RFC2256: a person'
        SUP top STRUCTURAL
        MUST ( sn $ cn)
        MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )

..to..

objectclass ( 2.5.6.6 NAME 'person'
        DESC 'RFC2256: a person'
        SUP top STRUCTURAL
        MAY ( sn $ cn $ userPassword $ telephoneNumber $ seeAlso $ description 
) )

After that quick modification, slapd started as per the README.ldap 
instructions.

Next, I wrote two scripts to convert the system.  One script, written in perl, 
converts
a single vpasswd file to an LDIF file.  The second, does this for every domain, 
and calls
ldapadd to create the entries in the database.  You can find these scripts at 
the end
of the email.

After doing some testing with this, I realized the current vpopmail LDAP module 
prints
errors to stdout which means if a user authenticates incorrectly, an error 
message will
be outputted into the current protocol stream breaking protocol.

I commented out all lines in vchkpw.c that read: ldap_perror(ld,"Error");

Everything appears to be working.  Hope this helps others out.  Here comes the 
two scripts:

cat > vpasswd-to-ldif.pl << __EOF__
#!/usr/bin/perl
#
# Convert vpasswd to LDIF
# Takes domain being converted as first argument
# <[EMAIL PROTECTED]>
#

$domain=$ARGV[0];

print "dn: ou=$domain,o=vpopmail\n";
print "ou: $domain\n";
print "objectclass: organizationalUnit\n";
print "\n";

while(<STDIN>) {
   chomp;

   @fields = split(/:/);

   $username = $fields[0];
   $password = $fields[1];
   $bits1 = $fields[2];
   $bits2 = $fields[3];
   $gecos = $fields[4];
   $directory = $fields[5];
   $quota = $fields[6];
   $clearpass = $fields[7];

   print "dn: uid=$username, ou=$domain, o=vpopmail\n";
   print "uid: $username\n";
   print "userPassword: $password\n";
   print "qmailUID: $bits1\n";
   print "qmailGID: $bits2\n";
   print "qmaildomain: $gecos\n";
   print "MailMessageStore: $directory\n";
   print "mailQuota: $quota\n";
   print "clearPassword: $clearpass\n";
   print "objectClass: qmailUser\n";
   print "\n";
}
__EOF__

cat > cdb-to-ldap.sh << __EOF__
#!/bin/sh
#
# Run system-wide conversion from cdb to LDAP
# <[EMAIL PROTECTED]>
#

BINDDN="cn=vpopmailuser,o=vpopmail"
BINDPW='password'

LOC=`pwd`

for i in `cat /var/qmail/control/virtualdomains | awk -F ':' ' { print ""$1"" } 
'`; do
        DIR=`~vpopmail/bin/vdominfo -d $i`

        cd $DIR

        #
        # Check for already converted
        #

       if [ -e ./$i.ldif ]; then
                           echo "*** Skipping $i: already converted"
               continue
       fi

        #
        # Make sure there is a vpasswd file
        #

        if [ ! -e ./vpasswd ]; then
                echo "*** Skipping $i: no vpasswd"
                continue
        fi

        #
        # Run vpasswd-to-ldif.pl
        #

        $LOC/vpasswd-to-ldif.pl $i < ./vpasswd > $i.ldif

        #
        # Add to LDAP database
        #

        ldapadd -x -w $BINDPW -D $BINDDN -f $i.ldif
done
__EOF__
- --
/*
    Matt Brookings <[EMAIL PROTECTED]>       GnuPG Key ABA26FE7
    Software developer                     Systems technician
    Inter7 Internet Technologies, Inc.     (815)776-9465
*/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org

iD8DBQFHYDM+Yaj0Mauib+cRAuvzAJ9cApQny5bNw4RM2Zq5pTluCpTmmQCfe2oW
1bPV/RLF4h2o0un2ZLSYnVE=
=H7HN
-----END PGP SIGNATURE-----

Reply via email to