Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

s

Table of Contents



HideElements
metastrue
commentstrue
breadcrumbtrue
childpagestrue
watchtrue
sharetrue
favoritetrue
likestrue

Introduction

A quick guide to get you up to speed regarding kopano with the (open)LDAP backend.

Tested

This guide has been tested on Debian 7, 8 and Ubuntu 14.04 LTS, 

Installation

Please note : slapd uses the hostname to "guess" the organisation name for the LDAP.

...

For your setup you probably want to change this to something more useful.

Install mysql and apache / php


 

Code Block
languagebash
$ sudo apt-get install mysql-server libapache2-mod-php5

...

Enter the mysql password twice and write it down.

Install OpenLDAP


Code Block
languagebash
themeMidnight
$ sudo apt-get install slapd ldap-utils

...

Code Block
languagebash
themeMidnight
$ sudo slapcat
dn: dc=example,dc=local
objectClass: top
objectClass: dcObject
objectClass: organization
o: example.local
dc: example
structuralObjectClass: organization
entryUUID: 907f25dc-91f2-1032-97fa-b34646bf14f6
creatorsName: cn=admin,dc=example,dc=local
createTimestamp: 20130805081250Z
entryCSN: 20130805081250.289774Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=local
modifyTimestamp: 20130805081250Z
 
dn: cn=admin,dc=example,dc=local
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9dm1rV21GdmVPbVBXTnI4blhSbE5oeVVmTTVSWm4vV2U=
structuralObjectClass: organizationalRole
entryUUID: 907fc91a-91f2-1032-97fb-b34646bf14f6
creatorsName: cn=admin,dc=example,dc=local
createTimestamp: 20130805081250Z
entryCSN: 20130805081250.293957Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=local
modifyTimestamp: 20130805081250Z




 

 

Create the placeholder for our users.

Create a file called org.ldif containing:

...

Code Block
languagebash
themeMidnight
$ sudo ldapsearch -x -D cn=admin,dc=example,dc=local -W -b dc=example,dc=local

 

Download and install kopano

Choose the version for your distribution from https://download.kopano.io/supported/core:/final//

We will be using https://download.kopano.io/supported/core:/final/Debian_8.0//

Note: The user and password are those of your Kopano portal account.

 

Code Block
languagebash
themeMidnight
$ sudo echo 'deb https://downloadserial:<ENTERYOURSERIALHERE>@download.kopano.io/supported/core:/final/Debian_8.0/ ./' > /etc/apt/sources.list.d/kopano.list
 
$ sudo curl https://downloadserial:<ENTERYOURSERIALHERE>@download.kopano.io/supported/core:/final/Debian_8.0/Release.key | apt-key add -
 
$ sudo apt update
$ sudo apt install kopano-server-packages

...

Code Block
languagebash
themeMidnight
$ sudo zcat /usr/share/doc/kopano/kopano.ldif.gz | ldapadd -H ldapi:/// -Y EXTERNAL

 

Add an kopano user to our ldap

Create a new ldif file called user.ldif containing the following. This user will have kopano admin rights:

Code Block
languagebash
themeMidnight
dn: uid=john,ou=People,dc=example,dc=local
objectClass: posixAccount
objectClass: top
objectClass: kopano-user
objectClass: inetOrgPerson
gidNumber: 1000
cn: John Doe
homeDirectory: /home/john
mail: john@example.local
uidNumber: 1000
kopanoAliases: j.doe@example.local
kopanoUserServer: kopano
uid: john
kopanoAccount: 1
kopanoAdmin: 1
sn: Doe
userPassword: john
kopanoQuotaOverride: 1
kopanoEnabledFeatures: imap
kopanoDisabledFeatures: pop3
kopanoQuotaWarn: 1000000000
kopanoQuotaSoft: 1100000000
kopanoQuotaHard: 1200000000
Code Block
languagebash
themeMidnight
$ sudo ldapadd -x -D cn=admin,dc=example,dc=local -W -f user.ldif

 

Verify the user anonymously.

...

Code Block
languagebash
themeMidnight
user_plugin             = ldap

 

|

Setup the ldap.cfg

Depending on the Kopano version (8.2.0 and higher) :

Code Block
languagebash
themeMidnight
$ sudo cd /etc/kopano/
$ sudo cp /usr/share/doc/kopano/example-config/ldap.cfg ldap.cfg


And include the correct ldap template and change the other required fields.

Code Block
!include /usr/share/kopano/ldap.openldap.cfg
#!include /usr/share/kopano/ldap.active-directory.cfg

 

 

Or on Kopano versions < 8.2:

Code Block
languagebash
themeMidnight
$ sudo cd /etc/kopano/
$ sudo cp ldap.openldap.cfg ldap.cfg

 

 

 

 

For this howto to we will be using anonymous binding

Edit /etc/kopano/ldap.cfgChange the line ldap_bind_user = cn=admin,cn=users,dc=kopano,dc=com into the following.

Add your LDAP bind user and password if you do not use anonymous bind;

Code Block
languagebash
themeMidnight
ldap_bind_user =
ldap_bind_password = 
Change the search base so it matches our organisation.

...

Code Block
languagebash
themeMidnight
$ sudo kopano-admin --details john

Username:		john
Fullname:		John Doe
Emailaddress:		john@example.local
Active:			yes
Administrator:		yes
Address book:		Visible
Auto-accept meeting req:no
Mapped properties:
	PR_SURNAME		Doe	
	PR_EC_ENABLED_FEATURES	imap	
	PR_EC_DISABLED_FEATURES	pop3	
Current user store quota settings:
 Quota overrides:	yes
 Warning level:		953.67 MB
 Soft level:		1049.04 MB
 Hard level:		1144.41 MB
Current store size:	0.00 MB
Groups (1):
	Everyone

 

 

Ldap optimization

Create a file called optimize-index.ldif containing:

Code Block
languagebash
themeMidnight
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: cn eq,sub
olcDbIndex: gidNumber eq
olcDbIndex: mail eq
olcDbIndex: memberUid eq
olcDbIndex: ou eq
olcDbIndex: uid eq
olcDbIndex: uidNumber eq
olcDbIndex: uniqueMember eq
olcDbIndex: kopanoAccount eq,pres
olcDbIndex: kopanoAliases eq
olcDbIndex: kopanoViewPrivilege eq

...


olcDbIndex: sn eq,sub
olcDbIndex: givenName eq,sub

*note depending on your choice during installation the hdb could be mdb,

 

Add the ldif to add the new indexes.

...

Code Block
languagebash
themeMidnight
$ sudo slapcat -b cn=config | grep olcDbIndex:

olcDbIndex: objectClass eq
olcDbIndex: cn eq,sub
olcDbIndex: gidNumber eq
olcDbIndex: mail eq
olcDbIndex: memberUid eq
olcDbIndex: ou eq
olcDbIndex: uid eq
olcDbIndex: uidNumber eq
olcDbIndex: uniqueMember eq
olcDbIndex: kopanoAccount eq,pres
olcDbIndex: kopanoAliases eq
olcDbIndex: kopanoViewPrivilege eq
olcDbIndex: sn eq,sub
olcDbIndex: givenName eq,sub

 

You could check your slapd logging for suggestion of additional candidates for indexation.

...

Ldap backup and restore using slapcat / slapadd

Backup

For the configuration use the the 0 since it is the first database.

...

Code Block
languagebash
themeMidnight
$ sudo slapcat -n 1 -l example.local.ldif

 

Restore

Make sure you have stopped slapd before doing this.

...

The owner should be openldap:openldap and the permissions 0600

Disable anonymous binding

If required you can disable anonymous binding.

Taken from http://serverfault.com/questions/325912/disallow-global-anonymous-bind-with-cn-config

Changing the default behaviour

Create a file disable_anon_backend.ldif

Code Block
languagebash
themeMidnight
dn: olcDatabase={1}hdb,cn=config
add: olcRequires
olcRequires: authc

*note depending on your choice during installation the hdb could be mdb.

Create a file disable_anon_frontend.ldif

...

Code Block
languagebash
themeMidnight
$ sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f disable_anon_frontend.ldif
$ sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f disable_anon_backend.ldif

Testing if it works

After this the following should not be possible anymore.

...

Page properties
hiddentrue


Related issues 



Code Block
languagebash
themeMidnight
$ sudo ldapadd -x -D cn=admin,dc=example,dc=local -W -f user.ldif