Your openwebmail version must be at least 5.22 or 5.23
1. First you must confirm you have installed the following package:
Main -
1.1. perl-LDAP 1:0.33-3.fc6
Installing for dependencies:
1.2. perl-XML-NamespaceSupport 1.09-1.2.1
1.3. perl-XML-SAX 0.14-8
2. Add the following lines to the "openwebmail.conf:
-----------------
vi /var/www/cgi-bin/openwebmail/etc/openwebmail.conf
enable_ldap_abook yes
ldap_abook_host 192.168.1.1 #or the ip address
ldap_abook_user uid=ldapuser,ou=People,dc=example,dc=com #create the user account you need in ldap or leave in blank.
ldap_abook_password ldapuserexample #create the user account you need in ldap or leave in blank.
ldap_abook_base dc=xxxxxxxx.com # Or the path you need for seek the user account data.
ldap_abook_prefix ou # In this example, the openwebmail-abook extract the information of every ldap tree.
ldap_abook_cache 60# 1 minute for refresh the data.
Sunday, March 20, 2011
Friday, March 18, 2011
How to login OpenWebMail through Openldap to Authenticate
If you have already built up your own LDAP and OpenWebMail server. Please follow to change these settings to make your webmail authentication through LDAP.
And make sure that you have installed the following packages:
-----
1. openldap (just for refer)
2. nss_ldap (just for refer)
3. PAM-devel (just for refer)
4. Authen-PAM (just for refer)
5. PAM-LDAP (just for refer)
6. Openwebmail (just for refer)
-----
1. you must confirm your server have already installed perl-Authen-PAM(my version is perl-Authen-PAM-0.16-8.el5.i386)
2. Edit openwebmail configuration file, use 'pam' be your authentication method:
-->vi /var/www/cgi-bin/openwebmail/etc/openwebmail.conf
-->change "auth_module auth_unix.pl" to "auth_module auth_pam.pl"
--> add this line "create_syshomedir yes" to let your server will be able to create new login user folder and related files automatically(when user first time login)
3. Inside the file "auth_pam.pl", change "login" to "openwebmail":
-->vi /var/www/cgi-bin/openwebmail/auth/auth_pam.pl
--> change to "my $srevicename = $conf{'servicename'} || "openwebmail";
4. Copy "auth_pam.conf" to the main location
--> cp /var/www/cgi-bin/openwebmail/etc/defaults/auth_pam.conf /var/www/cgi-bin/openwebmail/etc/auth_pam.conf
5. Edit the parameter inside the file "auth_pam.conf", change "servicename" to "openwebmail"
--> vi /var/www/cgi-bin/openwebmail/etc/auth_pam.conf
--> servicename openwebmail
--> passwdfile_plaintext /etc/passwd
--> check_nologin no
--> check_shell no
--> check_cobaltuser no
6. Create a new file(openwebmail) inside "/etc/pam.d"
--> vi /etc/pam.d/openwebmail
--> add "auth include system-auth"
--> add "account include system-auth"
--> add "password include system-auth"
--> add " session include system-auth"
7. Edit "auth_ldap.conf"
--> vi /var/www/cgi-bin/openwebmail/etc/defaults/auth_ldap.conf
--> change to " ldaphost 192.168.1.1 # LDAP SERVER IP"
--> change to " ou user # LDAP ORGANIZATIONAL UNIT "
--> change to " cn Manager # LDAP USER "
--> change to " dc1 domain "
--> change to " dc2 abc "
--> change to " dc3 edu "
--> change to " dc4 tw "
--> change to " password secret "
8. Edit "nsswitch.conf"
--> vi /etc/nsswitch.conf
--> change to" passwd: files ldap "
--> change to" shadow: files ldap"
--> change to" group: files ldap "
9. Restart openwebmail
--> run this line "/var/www/cgi-bin/openwebmail/openwebmail-tool.pl --init"
10. If user login say that password is incorrect, please make sure you have do the following setting:
10.1 Edit "/etc/ldap.conf"
--> host 127.0.0.1
--> base dc=abc,dc=abc,dc=abc
--> ldap_version 3
--> binddn cn=Manager,dc=abc,dc=abc,dc=abc
--> bindpw secret
--> port 389
--> scope sub
--> pam_crypt local
--> pam_password crypt
11. Done.
Reference websites:
1. http://ha.shsps.kh.edu.tw/web/centos/ldap.html
2. http://www.xxlinux.com/bbs/viewthread.php?tid=389
And make sure that you have installed the following packages:
-----
1. openldap (just for refer)
2. nss_ldap (just for refer)
3. PAM-devel (just for refer)
4. Authen-PAM (just for refer)
5. PAM-LDAP (just for refer)
6. Openwebmail (just for refer)
-----
1. you must confirm your server have already installed perl-Authen-PAM(my version is perl-Authen-PAM-0.16-8.el5.i386)
2. Edit openwebmail configuration file, use 'pam' be your authentication method:
-->vi /var/www/cgi-bin/openwebmail/etc/openwebmail.conf
-->change "auth_module auth_unix.pl" to "auth_module auth_pam.pl"
--> add this line "create_syshomedir yes" to let your server will be able to create new login user folder and related files automatically(when user first time login)
3. Inside the file "auth_pam.pl", change "login" to "openwebmail":
-->vi /var/www/cgi-bin/openwebmail/auth/auth_pam.pl
--> change to "my $srevicename = $conf{'servicename'} || "openwebmail";
4. Copy "auth_pam.conf" to the main location
--> cp /var/www/cgi-bin/openwebmail/etc/defaults/auth_pam.conf /var/www/cgi-bin/openwebmail/etc/auth_pam.conf
5. Edit the parameter inside the file "auth_pam.conf", change "servicename" to "openwebmail"
--> vi /var/www/cgi-bin/openwebmail/etc/auth_pam.conf
--> servicename openwebmail
--> passwdfile_plaintext /etc/passwd
--> check_nologin no
--> check_shell no
--> check_cobaltuser no
6. Create a new file(openwebmail) inside "/etc/pam.d"
--> vi /etc/pam.d/openwebmail
--> add "auth include system-auth"
--> add "account include system-auth"
--> add "password include system-auth"
--> add " session include system-auth"
7. Edit "auth_ldap.conf"
--> vi /var/www/cgi-bin/openwebmail/etc/defaults/auth_ldap.conf
--> change to " ldaphost 192.168.1.1 # LDAP SERVER IP"
--> change to " ou user # LDAP ORGANIZATIONAL UNIT "
--> change to " cn Manager # LDAP USER "
--> change to " dc1 domain "
--> change to " dc2 abc "
--> change to " dc3 edu "
--> change to " dc4 tw "
--> change to " password secret "
8. Edit "nsswitch.conf"
--> vi /etc/nsswitch.conf
--> change to" passwd: files ldap "
--> change to" shadow: files ldap"
--> change to" group: files ldap "
9. Restart openwebmail
--> run this line "/var/www/cgi-bin/openwebmail/openwebmail-tool.pl --init"
10. If user login say that password is incorrect, please make sure you have do the following setting:
10.1 Edit "/etc/ldap.conf"
--> host 127.0.0.1
--> base dc=abc,dc=abc,dc=abc
--> ldap_version 3
--> binddn cn=Manager,dc=abc,dc=abc,dc=abc
--> bindpw secret
--> port 389
--> scope sub
--> pam_crypt local
--> pam_password crypt
11. Done.
Reference websites:
1. http://ha.shsps.kh.edu.tw/web/centos/ldap.html
2. http://www.xxlinux.com/bbs/viewthread.php?tid=389
Subscribe to:
Posts (Atom)