-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We have a project to convert a system from cdb to LDAP and because the LDAP
module
has not had as much attention as some of the other database modules, I figured
I'd
post to the list with information on things I came across and how it was done.
Firstly, the installation and configuration of vpopmail went almost as smoothly
as the README.ldap script outlines. The only issue I came across was with
vpopmail
not setting the 'sn' value. Easiest way for me to get around this on a system
only using LDAP for vpopmail, was to modify
/usr/local/etc/openldap/schema/core.schema
to make sn and cn a MAY rather than a MUST:
objectclass ( 2.5.6.6 NAME 'person'
DESC 'RFC2256: a person'
SUP top STRUCTURAL
MUST ( sn $ cn)
MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
..to..
objectclass ( 2.5.6.6 NAME 'person'
DESC 'RFC2256: a person'
SUP top STRUCTURAL
MAY ( sn $ cn $ userPassword $ telephoneNumber $ seeAlso $ description
) )
After that quick modification, slapd started as per the README.ldap
instructions.
Next, I wrote two scripts to convert the system. One script, written in perl,
converts
a single vpasswd file to an LDIF file. The second, does this for every domain,
and calls
ldapadd to create the entries in the database. You can find these scripts at
the end
of the email.
After doing some testing with this, I realized the current vpopmail LDAP module
prints
errors to stdout which means if a user authenticates incorrectly, an error
message will
be outputted into the current protocol stream breaking protocol.
I commented out all lines in vchkpw.c that read: ldap_perror(ld,"Error");
Everything appears to be working. Hope this helps others out. Here comes the
two scripts:
cat > vpasswd-to-ldif.pl << __EOF__
#!/usr/bin/perl
#
# Convert vpasswd to LDIF
# Takes domain being converted as first argument
# <[EMAIL PROTECTED]>
#
$domain=$ARGV[0];
print "dn: ou=$domain,o=vpopmail\n";
print "ou: $domain\n";
print "objectclass: organizationalUnit\n";
print "\n";
while(<STDIN>) {
chomp;
@fields = split(/:/);
$username = $fields[0];
$password = $fields[1];
$bits1 = $fields[2];
$bits2 = $fields[3];
$gecos = $fields[4];
$directory = $fields[5];
$quota = $fields[6];
$clearpass = $fields[7];
print "dn: uid=$username, ou=$domain, o=vpopmail\n";
print "uid: $username\n";
print "userPassword: $password\n";
print "qmailUID: $bits1\n";
print "qmailGID: $bits2\n";
print "qmaildomain: $gecos\n";
print "MailMessageStore: $directory\n";
print "mailQuota: $quota\n";
print "clearPassword: $clearpass\n";
print "objectClass: qmailUser\n";
print "\n";
}
__EOF__
cat > cdb-to-ldap.sh << __EOF__
#!/bin/sh
#
# Run system-wide conversion from cdb to LDAP
# <[EMAIL PROTECTED]>
#
BINDDN="cn=vpopmailuser,o=vpopmail"
BINDPW='password'
LOC=`pwd`
for i in `cat /var/qmail/control/virtualdomains | awk -F ':' ' { print ""$1"" }
'`; do
DIR=`~vpopmail/bin/vdominfo -d $i`
cd $DIR
#
# Check for already converted
#
if [ -e ./$i.ldif ]; then
echo "*** Skipping $i: already converted"
continue
fi
#
# Make sure there is a vpasswd file
#
if [ ! -e ./vpasswd ]; then
echo "*** Skipping $i: no vpasswd"
continue
fi
#
# Run vpasswd-to-ldif.pl
#
$LOC/vpasswd-to-ldif.pl $i < ./vpasswd > $i.ldif
#
# Add to LDAP database
#
ldapadd -x -w $BINDPW -D $BINDDN -f $i.ldif
done
__EOF__
- --
/*
Matt Brookings <[EMAIL PROTECTED]> GnuPG Key ABA26FE7
Software developer Systems technician
Inter7 Internet Technologies, Inc. (815)776-9465
*/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org
iD8DBQFHYDM+Yaj0Mauib+cRAuvzAJ9cApQny5bNw4RM2Zq5pTluCpTmmQCfe2oW
1bPV/RLF4h2o0un2ZLSYnVE=
=H7HN
-----END PGP SIGNATURE-----
