[es] - iRed mail - Podesavanje LDAP adresara

jovanmal
Jovan Malešević
Sistem administrator
BL, Republika Srpska

Član broj: 6106
Poruke: 204
*.teol.net.

Sajt: flashofobvious.blogspot.c..

+2 Profil

iRed mail - Podesavanje LDAP adresara

^{07.08.2011. u 22:17 - pre 154 meseci}

Imam instaliran CentOS 5.6 i na njemu su ispodizani servisi: Postfix, Dovecot, Apache, OpenLDAP, MySQL, ClamAV... i to sve preko genijalne skripte koja sve automatski podesi - iRed mail www.iredmail.org.

Sve radi kako i treba, samo što nikako ne mogu da podesim Mozillu Thunderbird tako da koristi LDAP adresar umjesto svog lokalnog. Ovo je super opcija koja bi omogućila da svi korisnici odmah u adresaru imaju adrese koje su značajne za kompaniju i da svaki korisnik ima svoj adresar gdje god da se loguje na mail. Našao sam uputstvo na
http://www.iredmail.org/wiki/i...AP_as_Global_LDAP_Address_Book

ali kada sve to odradim, neće da mi učita kontakte iz LDAP direktorija - prijavljuje Replication failed.

U Roundcube webmail-u koji se takođe instalira u paketu iRedmail sve radi kako treba - vide se adrese iz Global LDAP Adress Booka i mogu da se unose nove stavke u Personal LDAP Adress book. Znači, postoji način, samo negdje griješim u podešavanju. Evo primjera podešavanja koje kod mene ne radi:

U Thunderbirdovom adresaru sam dodao novi LDAP Directory adresar. Podesavanja su:

Name: iRed LDAP
Hostname: localhost (probam na serveru da bih isključio mogućnost da mi firewall blokira saobraćaj)
Base DN: domainName=nesto.net,o=domains,dc=nesto,dc=net
Port number: 389 (u Roundcube-ovom konfiguracionom fajlu main.inc.php pise da Roundcube radi preko ovog porta, tj. ne koristi SSL - tada bi port bio 636)
Bind DN: [email protected],ou=Users,domainName=nesto.net,o=domains,dc=nesto,dc=net
Scope: subtree
Search filter: (&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailList)(objectClass=mailAlias)(objectClass=mailUser)))

Kada na Offline kartici kliknem Download now, dobijem poruku "Replication failed"

Ako na kartici General ipak potvrdim "Use secure connection (SSL)", tada se port automatski promijeni na 636 i poslije klika na Download now me pita za password. Kada unesem password korisnika, prijavi mi da ne može da uspostavi vezu sa LDAP serverom zato što sertifikat nije bezbjedan.

Najvjerovatnije je da treba da generišem ili importujem sertifikat za LDAP, ali ne znam kako.

Izvinite na iscrpnosti i mogućem smaranju oko čitanja ovolikog posta, ali baš bi mi značilo ako bi neko znao kako da riješim ovo.
pozdrav

..blinding flash of the obvious..

Odgovor na temu

jovanmal
Jovan Malešević
Sistem administrator
BL, Republika Srpska

Član broj: 6106
Poruke: 204
*.eastcode.net.

Sajt: flashofobvious.blogspot.c..

+2 Profil

Re: iRed mail - Podesavanje LDAP adresara

^{10.08.2011. u 21:54 - pre 154 meseci}

Nikako da rijesim problem...

Bavio sam se pracenjem log fajla openldap.log i uocio da se prilikom pokusaja pristupa LDAP adresaru iz Thunderbirda pojavljuje

Code:
conn=51 op=0 RESULT tag=97 err=48 text=anonymous bind disallowed

Gledao sam i fajl /etc/openldap/slapd.conf i nisam vidio nista neobicno.

Evo kako izgleda log openldap.log kada se pristupi OpenLDAP-u:

Code:
# LOGOVANJE U ROUNDCUBE

Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=3 BIND dn="cn=vmail,dc=nesto,dc=net" method=128
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=3 BIND dn="cn=vmail,dc=nesto,dc=net" mech=SIMPLE ssf=0
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=3 RESULT tag=97 err=0 text=
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=4 SRCH base="o=domains,dc=nesto,dc=net" scope=2 deref=0 filter="(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=imapsecured)(|([email protected])(&(enabledService=shadowaddress)([email protected]))))"
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=5 BIND anonymous mech=implicit ssf=0
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=5 BIND dn="[email protected],ou=Users,domainName=nesto.net,o=domains,dc=nesto,dc=net" method=128
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=5 BIND dn="[email protected],ou=Users,domainName=nesto.net,o=domains,dc=nesto,dc=net" mech=SIMPLE ssf=0
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=5 RESULT tag=97 err=0 text=
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=6 BIND anonymous mech=implicit ssf=0
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=6 BIND dn="cn=vmail,dc=nesto,dc=net" method=128
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=6 BIND dn="cn=vmail,dc=nesto,dc=net" mech=SIMPLE ssf=0
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=6 RESULT tag=97 err=0 text=
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=7 SRCH base="o=domains,dc=nesto,dc=net" scope=2 deref=0 filter="(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=imapsecured)(|([email protected])(&(enabledService=shadowaddress)([email protected]))))"
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=7 SRCH attr=homeDirectory mailMessageStore mailQuota
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=7 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=8 SRCH base="o=domains,dc=nesto,dc=net" scope=2 deref=0 filter="(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=imapsecured)(|([email protected])(&(enabledService=shadowaddress)([email protected]))))"
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=8 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=9 BIND anonymous mech=implicit ssf=0
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=9 BIND dn="[email protected],ou=Users,domainName=nesto.net,o=domains,dc=nesto,dc=net" method=128
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=9 BIND dn="[email protected],ou=Users,domainName=nesto.net,o=domains,dc=nesto,dc=net" mech=SIMPLE ssf=0
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=9 RESULT tag=97 err=0 text=
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=10 BIND anonymous mech=implicit ssf=0
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=10 BIND dn="cn=vmail,dc=nesto,dc=net" method=128
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=10 BIND dn="cn=vmail,dc=nesto,dc=net" mech=SIMPLE ssf=0
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=10 RESULT tag=97 err=0 text=
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=11 SRCH base="o=domains,dc=nesto,dc=net" scope=2 deref=0 filter="(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=imapsecured)(|([email protected])(&(enabledService=shadowaddress)([email protected]))))"
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=11 SRCH attr=homeDirectory mailMessageStore mailQuota
Aug 10 22:08:57 openchange slapd[12151]: conn=0 op=11 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=12 SRCH base="o=domains,dc=nesto,dc=net" scope=2 deref=0 filter="(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=imapsecured)(|([email protected])(&(enabledService=shadowaddress)([email protected]))))"
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=12 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=13 BIND anonymous mech=implicit ssf=0
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=13 BIND dn="[email protected],ou=Users,domainName=nesto.net,o=domains,dc=nesto,dc=net" method=128
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=13 BIND dn="[email protected],ou=Users,domainName=nesto.net,o=domains,dc=nesto,dc=net" mech=SIMPLE ssf=0
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=13 RESULT tag=97 err=0 text=
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=14 BIND anonymous mech=implicit ssf=0
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=14 BIND dn="cn=vmail,dc=nesto,dc=net" method=128
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=14 BIND dn="cn=vmail,dc=nesto,dc=net" mech=SIMPLE ssf=0
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=14 RESULT tag=97 err=0 text=
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=15 SRCH base="o=domains,dc=nesto,dc=net" scope=2 deref=0 filter="(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=imapsecured)(|([email protected])(&(enabledService=shadowaddress)([email protected]))))"
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=15 SRCH attr=homeDirectory mailMessageStore mailQuota
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=15 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=16 SRCH base="o=domains,dc=nesto,dc=net" scope=2 deref=0 filter="(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=imapsecured)(|([email protected])(&(enabledService=shadowaddress)([email protected]))))"
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=16 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=17 BIND anonymous mech=implicit ssf=0
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=17 BIND dn="[email protected],ou=Users,domainName=nesto.net,o=domains,dc=nesto,dc=net" method=128
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=17 BIND dn="[email protected],ou=Users,domainName=nesto.net,o=domains,dc=nesto,dc=net" mech=SIMPLE ssf=0
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=17 RESULT tag=97 err=0 text=
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=18 BIND anonymous mech=implicit ssf=0
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=18 BIND dn="cn=vmail,dc=nesto,dc=net" method=128
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=18 BIND dn="cn=vmail,dc=nesto,dc=net" mech=SIMPLE ssf=0
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=18 RESULT tag=97 err=0 text=
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=19 SRCH base="o=domains,dc=nesto,dc=net" scope=2 deref=0 filter="(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=imapsecured)(|([email protected])(&(enabledService=shadowaddress)([email protected]))))"
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=19 SRCH attr=homeDirectory mailMessageStore mailQuota
Aug 10 22:08:58 openchange slapd[12151]: conn=0 op=19 SEARCH RESULT tag=101 err=0 nentries=1 text=

# PRISTUP LDAP ADRESARU U ROUNDCUBE-U:

Aug 10 22:11:12 openchange slapd[12151]: conn=5 fd=20 ACCEPT from IP=127.0.0.1:33274 (IP=0.0.0.0:389)
Aug 10 22:11:12 openchange slapd[12151]: conn=5 op=0 BIND dn="[email protected],ou=Users,domainName=nesto.net,o=domains,dc=nesto,dc=net" method=128
Aug 10 22:11:12 openchange slapd[12151]: conn=5 op=0 BIND dn="[email protected],ou=Users,domainName=nesto.net,o=domains,dc=nesto,dc=net" mech=SIMPLE ssf=0
Aug 10 22:11:12 openchange slapd[12151]: conn=5 op=0 RESULT tag=97 err=0 text=
Aug 10 22:11:12 openchange slapd[12151]: conn=5 op=1 SRCH base="domainName=nesto.net,o=domains,dc=nesto,dc=net" scope=2 deref=0 filter="(&(enabledService=mail)(enabledService=deliver)(enabledService=displayedinglobaladdressbook)(|(objectClass=mailList)(objectClass=mailAlias)(objectClass=mailUser)))"
Aug 10 22:11:12 openchange slapd[12151]: conn=5 op=1 SRCH attr=cn mail sn givenname
Aug 10 22:11:12 openchange slapd[12151]: conn=5 op=1 SEARCH RESULT tag=101 err=0 nentries=4 text=
Aug 10 22:11:12 openchange slapd[12151]: conn=5 op=2 UNBIND
Aug 10 22:11:12 openchange slapd[12151]: conn=5 fd=20 closed
Aug 10 22:11:13 openchange slapd[12151]: conn=6 fd=20 ACCEPT from IP=127.0.0.1:33277 (IP=0.0.0.0:389)
Aug 10 22:11:13 openchange slapd[12151]: conn=6 op=0 BIND dn="[email protected],ou=Users,domainName=nesto.net,o=domains,dc=nesto,dc=net" method=128
Aug 10 22:11:13 openchange slapd[12151]: conn=6 op=0 BIND dn="[email protected],ou=Users,domainName=nesto.net,o=domains,dc=nesto,dc=net" mech=SIMPLE ssf=0
Aug 10 22:11:13 openchange slapd[12151]: conn=6 op=0 RESULT tag=97 err=0 text=
Aug 10 22:11:13 openchange slapd[12151]: conn=6 op=1 SRCH base="[email protected],ou=Users,domainName=nesto.net,o=domains,dc=nesto,dc=net" scope=0 deref=0 filter="(objectClass=*)"
Aug 10 22:11:13 openchange slapd[12151]: conn=6 op=1 SRCH attr=cn mail sn givenname
Aug 10 22:11:13 openchange slapd[12151]: conn=6 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug 10 22:11:13 openchange slapd[12151]: conn=6 op=2 UNBIND
Aug 10 22:11:13 openchange slapd[12151]: conn=6 fd=20 closed

# OTVARANJE MOZILLA THUNDERBIRDA SA PODESENIM ISTIM ACCOUNTOM:

Aug 10 22:30:58 openchange slapd[12151]: conn=0 op=148 SRCH base="o=domains,dc=nesto,dc=net" scope=2 deref=0 filter="(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=imapsecured)(|([email protected])(&(enabledService=shadowaddress)([email protected]))))"
Aug 10 22:30:58 openchange slapd[12151]: conn=0 op=148 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug 10 22:30:58 openchange slapd[12151]: conn=0 op=149 BIND anonymous mech=implicit ssf=0
Aug 10 22:30:58 openchange slapd[12151]: conn=0 op=149 BIND dn="[email protected],ou=Users,domainName=nesto.net,o=domains,dc=nesto,dc=net" method=128
Aug 10 22:30:58 openchange slapd[12151]: conn=0 op=149 BIND dn="[email protected],ou=Users,domainName=nesto.net,o=domains,dc=nesto,dc=net" mech=SIMPLE ssf=0
Aug 10 22:30:58 openchange slapd[12151]: conn=0 op=149 RESULT tag=97 err=0 text=
Aug 10 22:30:58 openchange slapd[12151]: conn=0 op=150 BIND anonymous mech=implicit ssf=0
Aug 10 22:30:58 openchange slapd[12151]: conn=0 op=150 BIND dn="cn=vmail,dc=nesto,dc=net" method=128
Aug 10 22:30:58 openchange slapd[12151]: conn=0 op=150 BIND dn="cn=vmail,dc=nesto,dc=net" mech=SIMPLE ssf=0
Aug 10 22:30:58 openchange slapd[12151]: conn=0 op=150 RESULT tag=97 err=0 text=
Aug 10 22:30:58 openchange slapd[12151]: conn=0 op=151 SRCH base="o=domains,dc=nesto,dc=net" scope=2 deref=0 filter="(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=imapsecured)(|([email protected])(&(enabledService=shadowaddress)([email protected]))))"
Aug 10 22:30:58 openchange slapd[12151]: conn=0 op=151 SRCH attr=homeDirectory mailMessageStore mailQuota
Aug 10 22:30:58 openchange slapd[12151]: conn=0 op=151 SEARCH RESULT tag=101 err=0 nentries=1 text=

# POKUSAJ PRISTUPA LDAP ADRESARU U THUNDERBIRDU PREKO ENKRIPTOVANE KONEKCIJE (PORT 636):

Aug 10 22:33:06 openchange slapd[12151]: conn=48 fd=20 ACCEPT from IP=192.168.1.103:42718 (IP=0.0.0.0:636)
Aug 10 22:33:06 openchange slapd[12151]: conn=48 fd=20 TLS established tls_ssf=256 ssf=256
Aug 10 22:33:06 openchange slapd[12151]: conn=48 op=0 BIND dn="" method=128
Aug 10 22:33:06 openchange slapd[12151]: conn=48 op=0 RESULT tag=97 err=48 text=anonymous bind disallowed
Aug 10 22:33:06 openchange slapd[12151]: conn=48 op=1 UNBIND
Aug 10 22:33:06 openchange slapd[12151]: conn=48 fd=20 closed

# POKUSAJ PRISTUPA LDAP ADRESARU U THUNDERBIRDU PREKO NEENKRIPTOVANE KONEKCIJE (PORT 389):

Aug 10 22:35:05 openchange slapd[12151]: conn=50 fd=20 ACCEPT from IP=192.168.1.103:34515 (IP=0.0.0.0:389)
Aug 10 22:35:05 openchange slapd[12151]: conn=50 op=0 BIND dn="" method=128
Aug 10 22:35:05 openchange slapd[12151]: conn=50 op=0 RESULT tag=97 err=48 text=anonymous bind disallowed
Aug 10 22:35:05 openchange slapd[12151]: conn=50 op=1 UNBIND
Aug 10 22:35:05 openchange slapd[12151]: conn=50 fd=20 closed

Zakacio sam i fajl slapd.conf, bio bih zahvalan da i njega pogledate...

..blinding flash of the obvious..

Prikačeni fajlovi

slapd.conf - 6.97k

Odgovor na temu