Changeset - 4313878669b1
[Not reviewed]
0 6 0
Branko Majic (branko) - 9 years ago 2015-10-04 13:05:54
MAR-37: Fixed documentation for the mail server LDAP base DN parameter, and renamed the parameter to make a bit more sense (to reduce confusion).
6 files changed with 25 insertions and 24 deletions:
0 comments (0 inline, 0 general)
Show inline comments
@@ -700,40 +700,41 @@ Deployed services are configured as follows:

Both Postfix and Dovecot expect a specific directory structure in LDAP when
doing look-ups:

* Postfix will log-in to LDAP as user
* Dovecot will log-in to LDAP as user
* Domain entries need to be available as
* Alias entries need to be available as
* User entries are read from sub-tree (first-level only)
  ``ou=people,MAIL_LDAP_ROOT_DN``. Query filter used for finding users is
  ``(&(mail=%s)(memberOf=cn=mail,ou=groups,MAIL_LDAP_ROOT_DN))``. This allows
  ``ou=people,MAIL_LDAP_BASE_DN``. Query filter used for finding users is
  ``(&(mail=%s)(memberOf=cn=mail,ou=groups,MAIL_LDAP_BASE_DN))``. This allows
  group-based granting of mail services to users.



**mail_ldap_base_dn** (string, mandatory)
  Base DN on the LDAP server. A specific directory structure is expected under
  this entry (as explained above) in order to locate the available domains,
  users, aliases etc.

**mail_ldap_url** (string, mandatory)
  LDAP URL that should be used for connecting to the LDAP server for doing
  domain/user look-ups.

**mail_ldap_tls_truststore** (string, optional, ``/etc/ssl/certs/truststore.pem``)
  Path to TLS truststore used for verifying the LDAP certificate. Should be in
  PEM format.

**mail_service_ldap_base_dn** (string, mandatory)
  Base DN in LDAP for the mail services under which the entries (domains, users,
  aliases) can be found.

**mail_ldap_postfix_password** (string, mandatory)
  Password for authenticating the Postfix LDAP user.

**mail_ldap_dovecot_password** (string, mandatory)
  Password for authenticating the Dovecot LDAP user.

@@ -790,13 +791,13 @@ Here is an example configuration for setting-up XMPP server using Prosody:
.. code-block:: yaml


  mail_ldap_url: ldap://
  mail_ldap_tls_truststore: /etc/ssl/certs/truststore.pem
  mail_ldap_root_dn: dc=example,dc=com
  mail_ldap_base_dn: dc=example,dc=com
  mail_ldap_postfix_password: postfix
  mail_ldap_dovecot_password: dovecot

  mail_user: vmail
  mail_user_uid: 5000
  mail_user_gid: 5000
Show inline comments
uris = {{ mail_ldap_url }}
dn = cn=dovecot,ou=services,{{ mail_service_ldap_base_dn }}
dn = cn=dovecot,ou=services,{{ mail_ldap_base_dn }}
dnpass = {{ mail_ldap_dovecot_password }}
tls = yes
tls_ca_cert_file = {{ mail_ldap_tls_truststore }}
tls_require_cert = demand
auth_bind = yes
base = ou=people,{{ mail_service_ldap_base_dn }}
base = ou=people,{{ mail_ldap_base_dn }}
scope = onelevel
user_filter = (&(objectClass=inetOrgPerson)(mail=%u)(memberOf=cn=mail,ou=groups,{{ mail_service_ldap_base_dn }}))
user_filter = (&(objectClass=inetOrgPerson)(mail=%u)(memberOf=cn=mail,ou=groups,{{ mail_ldap_base_dn }}))
pass_attrs = mail=user,userPassword=password
pass_filter = (&(objectClass=inetOrgPerson)(mail=%u)(memberOf=cn=mail,ou=groups,{{ mail_service_ldap_base_dn }}))
pass_filter = (&(objectClass=inetOrgPerson)(mail=%u)(memberOf=cn=mail,ou=groups,{{ mail_ldap_base_dn }}))
iterate_attrs = mail=user
iterate_filter = (memberOf=cn=mail,ou=groups,{{ mail_service_ldap_base_dn }})
iterate_filter = (memberOf=cn=mail,ou=groups,{{ mail_ldap_base_dn }})
default_pass_scheme = SSHA
user_attrs =
Show inline comments
# Connection settings.
server_host = {{ mail_ldap_url }}
start_tls = yes
tls_require_cert = yes
tls_ca_cert_file = {{ mail_ldap_tls_truststore }}
bind = yes
bind_dn = cn=postfix,ou=services,{{ mail_service_ldap_base_dn }}
bind_dn = cn=postfix,ou=services,{{ mail_ldap_base_dn }}
bind_pw = {{ mail_ldap_postfix_password }}
version = 3

# Query settings.
search_base = ou=aliases,ou=mail,ou=services,{{ mail_service_ldap_base_dn }}
search_base = ou=aliases,ou=mail,ou=services,{{ mail_ldap_base_dn }}
scope = one
query_filter = cn=%s
result_attribute = rfc822MailMember
Show inline comments
# Connection settings.
server_host = {{ mail_ldap_url }}
start_tls = yes
tls_require_cert = yes
tls_ca_cert_file = {{ mail_ldap_tls_truststore }}
bind = yes
bind_dn = cn=postfix,ou=services,{{ mail_service_ldap_base_dn }}
bind_dn = cn=postfix,ou=services,{{ mail_ldap_base_dn }}
bind_pw = {{ mail_ldap_postfix_password }}
version = 3

# Query settings.
search_base = ou=domains,ou=mail,ou=services,{{ mail_service_ldap_base_dn }}
search_base = ou=domains,ou=mail,ou=services,{{ mail_ldap_base_dn }}
scope = one
query_filter = dc=%s
result_attribute = dc
Show inline comments
# Connection settings.
server_host = {{ mail_ldap_url }}
start_tls = yes
tls_require_cert = yes
tls_ca_cert_file = {{ mail_ldap_tls_truststore }}
bind = yes
bind_dn = cn=postfix,ou=services,{{ mail_service_ldap_base_dn }}
bind_dn = cn=postfix,ou=services,{{ mail_ldap_base_dn }}
bind_pw = {{ mail_ldap_postfix_password }}
version = 3

# Query settings
search_base = ou=people,{{ mail_service_ldap_base_dn }}
search_base = ou=people,{{ mail_ldap_base_dn }}
scope = one
query_filter = (&(mail=%s)(memberOf=cn=mail,ou=groups,{{mail_service_ldap_base_dn}}))
query_filter = (&(mail=%s)(memberOf=cn=mail,ou=groups,{{mail_ldap_base_dn}}))
result_attribute = mail
Show inline comments

mail_ldap_url: ldap://ldap.{{ testsite_domain }}/
mail_ldap_tls_truststore: /etc/ssl/certs/ca.pem
mail_service_ldap_base_dn: "{{ testsite_ldap_base }}"
mail_ldap_base_dn: "{{ testsite_ldap_base }}"
mail_ldap_postfix_password: postfix
mail_ldap_dovecot_password: dovecot

mail_user: vmail
mail_user_uid: 5000
mail_user_gid: 5000
0 comments (0 inline, 0 general)