How to login OpenWebMail through Openldap to Authenticate

If you have already built up your own LDAP and OpenWebMail server. Please follow to change these settings to make your webmail authentication through LDAP.

And make sure that you have installed the following packages:
-----
1. openldap (just for refer)
2. nss_ldap (just for refer)
3. PAM-devel (just for refer)
4. Authen-PAM (just for refer)
5. PAM-LDAP (just for refer)
6. Openwebmail (just for refer)
-----

1. you must confirm your server have already installed perl-Authen-PAM(my version is perl-Authen-PAM-0.16-8.el5.i386)

2. Edit openwebmail configuration file, use 'pam' be your authentication method:
-->vi /var/www/cgi-bin/openwebmail/etc/openwebmail.conf
-->change "auth_module auth_unix.pl" to "auth_module auth_pam.pl"
--> add this line "create_syshomedir yes" to let your server will be able to create new login user folder and related files automatically(when user first time login)

3. Inside the file "auth_pam.pl", change "login" to "openwebmail":
-->vi /var/www/cgi-bin/openwebmail/auth/auth_pam.pl
--> change to "my $srevicename = $conf{'servicename'} || "openwebmail";

4. Copy "auth_pam.conf" to the main location
--> cp /var/www/cgi-bin/openwebmail/etc/defaults/auth_pam.conf /var/www/cgi-bin/openwebmail/etc/auth_pam.conf

5. Edit the parameter inside the file "auth_pam.conf", change "servicename" to "openwebmail"
--> vi /var/www/cgi-bin/openwebmail/etc/auth_pam.conf
--> servicename openwebmail
--> passwdfile_plaintext /etc/passwd
--> check_nologin no
--> check_shell no
--> check_cobaltuser no

6. Create a new file(openwebmail) inside "/etc/pam.d"
--> vi /etc/pam.d/openwebmail
--> add "auth include system-auth"
--> add "account include system-auth"
--> add "password include system-auth"
--> add " session include system-auth"

7. Edit "auth_ldap.conf"
--> vi /var/www/cgi-bin/openwebmail/etc/defaults/auth_ldap.conf
--> change to " ldaphost 192.168.1.1 # LDAP SERVER IP"
--> change to " ou user # LDAP ORGANIZATIONAL UNIT "
--> change to " cn Manager # LDAP USER "
--> change to " dc1 domain "
--> change to " dc2 abc "
--> change to " dc3 edu "
--> change to " dc4 tw "
--> change to " password secret "

8. Edit "nsswitch.conf"
--> vi /etc/nsswitch.conf
--> change to" passwd: files ldap "
--> change to" shadow: files ldap"
--> change to" group: files ldap "

9. Restart openwebmail
--> run this line "/var/www/cgi-bin/openwebmail/openwebmail-tool.pl --init"

10. If user login say that password is incorrect, please make sure you have do the following setting:

10.1 Edit "/etc/ldap.conf"
--> host 127.0.0.1
--> base dc=abc,dc=abc,dc=abc
--> ldap_version 3
--> binddn cn=Manager,dc=abc,dc=abc,dc=abc
--> bindpw secret
--> port 389
--> scope sub
--> pam_crypt local
--> pam_password crypt

11. Done.


Reference websites:
1. http://ha.shsps.kh.edu.tw/web/centos/ldap.html
2. http://www.xxlinux.com/bbs/viewthread.php?tid=389