Re: [Vietlug] qmail + vpopmail + openldap authentication/password encryption problem

ctkien Fri, 18 Feb 2005 05:57:20 -0800

Bac co' the gui cho em cai' how to qmail + ldap+vpopmail cho fedora dc ko
????
em ca`n lam'
----- Original Message -----
From: "Thai Duong" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Friday, January 07, 2005 8:21 PM
Subject: Re: [Vietlug] qmail + vpopmail + openldap authentication/password
encryption problem



> > Hi ca'c anh !
> > DDa^y la` mo^.t trong nhu+~ng ca'i topic la`m ddie^n ca'i dda^`u nha^'t
dda^'y !
> > Co' ma^'y thu+' ca^`n quan ta^m khi authenticate user vo+'i ldap ma`
> > em nghi~ la` ca^`n:
> > - Authenticate ba(`ng bind hay bind ba(`ng mo^.t tha(`ng admin ro^`i
> > search ? Ne^'u authenticate user ba(`ng ca'ch bind va`o ldap vo+'i
> > tho^ng tin cu?a user ddo' thi` entry ddo' pha?i thuo^.c mo^.t
> > objectclass nha^'t ddi.nh (em thu+o+`ng du`ng inetorgpersion), ca'c
> > thuo^.c ti'nh kha'c ne^'u co' chi? la` optional. Ne^'u bind va`o
> > ba(`ng mo^.t tha(`ng admin ro^`i ddi search xem co' account na`o cu?a
> > user nhu+ the^' hay kho^ng (match username/password) thi` co' ve? de^~
> > ho+n, nhu+ng u+'ng du.ng ca^`n authenticate pha?i ho^~ tro+..
> > - Ne^'u ma` du`ng squid dde^? authenticate thi` to^'t nha^'t la`
> > vie^'t mo^.t ca'i script dde^? authenticate vo+'i ldap rie^ng (theo 1
> > trong 2 ca'ch tre^n), sau ddo' du`ng script ddo' nhu+ mo^.t external
> > authentication cu?a squid (o+? cty em du`ng POP3 account dde^?
> > authenticate vo+'i squid, ca'i script na`y co' sa(~n tre^n Internet
> > !!)
> >
> > Ne^'u co' the^? ddu+o+.c thi` ba'c post ca'i log file le^n dda^y
> > (cha.y slapd vo+'i option -D 4 dde^? xem debug info, ca'i na`y co'
> > i'ch la('m dda^'y)
> Hie^.n ta.i thi` to^i dda~ bie^'t ro~ la` vpopmail cu~ng nhu+
> egroupware dde^`u su+? du.ng co+ che^' simple bind cu?a openldap, ko
> tha(`ng na`o du`ng SASL he^'t.
> Sau khi xem log file, ca'ch la`m cu?a tha(`ng vpopmail la` no' bind
> ba(`ng ta`i khoa?n admin ro^`i search (lu'c ca^'u hi`nh no' thi` pha?i
> su+?a ca'i vlapd.h dde^? no' co' the^? no'i chuye^.n vo+'i ldap). NO'
> search ba(`ng ca'i filter da.ng nhu+ sau:
> SRCH base="ou=example.com,o=root" scope=2
> filter="(&(objectClass=qmailUser)(uid=test))"
> Sau khi la^'y ddu+o+.c ta^'t ca? tho^ng tin cu?a user, no' mo+'i ba('t
> dda^`u so password ba(`ng ca'ch ma~ ho'a password dda^`u va`o cu?a
> user vo+'i attribute userPassword ma` no' la^'y ddu+o+.c tu+` ldap. Do
> ddo', va^'n dde^` ba^y gio+` la` do ca'ch thu+'c ma~ ho'a cu?a
> vpopmail no' kha'c vo+'i nhu+~ng tha(`ng kha'c (ma(.c du` la` cu`ng
> md5).
> Vi' du. nhu+ cu`ng vo+'i string la` test, tha(`ng vpopmail ma~ ho'a ra
> nhu+ nhu+ sau: {MD5}$1$h31raXwH$RXYsUWpx9ArIbRQwh4bmo1 , trong khi
> ddo' du`ng ca'i co^ng cu. phpldapadmin, vo+'i che^' ddo^. ma~ ho'a md5
> (tha^.t ra go.i la` md5_crypt mo+'i chi'nh xa'c) thi` no' ma~ ho'a co'
> format nhu+ sau {MD5}CY9rzUYh03PK3k6DJie09g==, co`n che^' ddo^. ma~
> ho'a md5crypt thi` no' ra nhu+ sau:
> {CRYPT}$1$746kxGVi$4dUnm75UflMGJkEOVKwqc1. To^i chu+a xem ki~ source
> code nhu+ng co' le~ tha(`ng vpopmail khi authenticate user no' se~
> nhi`n va`o ca'i prefix, ne^'u la` {MD5} (cho che^' ddo^. md5-crypt,
> 12-charaters salt, mo+? dda^`u ba(`ng 1$1) hoa(.c {crypt} (cho che^'
> ddo^. crypt, 2-characters salt) (chu' y' chu+~ thu+o+`ng) thi` no'
> mo+'i process tie^'p, vi` phpldapadmin cu~ng nhu+ ca'c chu+o+ng tri`nh
> kha'c, dde^`u ta.o prefix la` {CRYPT} chu+~ hoa cho ca? che^' ddo^.
> md5-crypt va` crypt bi`nh thu+o+`ng.
> DDo' la` ta^'t ca? nhu+~ng gi` to^i bie^'t dde^'n gio+` na`y, do ho^m
> qua tre^~ qua' ne^n to^i ve^` pha?i ve^` nha`, ho^m nay vo^ la.i cho^~
> la`m to^i se~ tie^'n ha`nh: hoa(.c la` su+?a code cu?a vpopmail la.i,
> hoa(.c la` compile la.i vpopmail bo? che^' ddo^. ma~ ho'a md5-crypt
> ddi. Cha('c la` se~ cho.n ca'ch thu+' hai, ly' do la` vi` ra^'t
> nhie^`u chu+o+ng tri`nh su+? du.ng md5-crypt by default, vi' du. nhu+
> ca'i tool migration cu?a openldap. Khi na`o la`m xong he^'t, tui se~
> thu+? vie^'t mo^.t ca'i HOWTO :D.
>
> --Tha'i.
>
>
> -------------------------------------------------------
> The SF.Net email is sponsored by: Beat the post-holiday blues
> Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
> It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
> _______________________________________________
> VietLUG-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/vietlug-users
>



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
VietLUG-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/vietlug-users

Re: [Vietlug] qmail + vpopmail + openldap authentication/password encryption problem

Trả lời cho