Ceci est une ancienne révision du document !
Ce tutorial se base sur celui ci, mais précise les spécificités pour Gentoo.
emerge openldap
allow bind_v2 # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args ####################################################################### # BDB database definitions ####################################################################### database hdb suffix "dc=ceric35,dc=homelinux,dc=org" # <kbyte> <min> checkpoint 32 30 rootdn "cn=admin,dc=ceric35,dc=homelinux,dc=org" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw azertyuiop # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/openldap-data # Indices to maintain index objectClass eq
Le fichier d'import est diffèrent ici et contient la définition de l'organisation en plus :
dn: dc=ceric35,dc=homelinux,dc=org objectclass: dcObject objectclass: organization o: ceric35 dc: ceric35 dn: uid=cyrus,dc=ceric35,dc=homelinux,dc=org uid: cyrus cn: Administrateur Cyrus sn: Cyrus userPassword: motdepassedecyrus objectClass: inetOrgPerson dn: uid=ceric35,dc=ceric35,dc=homelinux,dc=org uid: ceric35 cn: Administrateur Ceric35 sn: Ceric35 mail: ceric35@ceric35.homelinux.org userPassword: motdepassedeceric35 objectClass: inetOrgPerson dn: uid=eric,dc=ceric35,dc=homelinux,dc=org uid: eric cn: Utilisateur eric sn: eric mail: eric@ceric35.homelinux.org userPassword: motdepassedeeric objectClass: inetOrgPerson
BASE dc=ceric35,dc=homelinux,dc=org #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 URI ldap://localhost
dev-libs/cyrus-sasl ldap
emerge cyrus-sasl cyrus-imapd cyrus-imap-admin
# SERVEUR LDAP LDAP_SERVERS: ldap://localhost # DOMAINE LDAP_DEFAULT_DOMAIN: ceric35.homelinux.org LDAP_TIMEOUT: 10 LDAP_TIME_LIMIT: 10 LDAP_CACHE_TTL: 30 LDAP_CACHE_MEM: 32768 # VERSION LDAP LDAP_VERSION: 3 # SASL Pour l'accès au serveur LDAP_USE_SASL: no # Méthode d'authentification (bind / custom / fastbind) LDAP_AUTH_METHOD: bind # Utilisateur utilisé pour la connexion - Si vide = Anonyme LDAP_BIND_DN: cn=admin,dc=ceric35,dc=homelinux,dc=org # Et le mot de passe LDAP_BIND_PW: azertyuiop # Base de départ de la recherche LDAP_SEARCH_BASE: dc=ceric35,dc=homelinux,dc=org # Et profondeur (sub / one / base ) LDAP_SCOPE: sub # Filtre de recherche : uid dans notre cas LDAP_FILTER: uid=%u # Et nom du champ contenant le mot de passe LDAP_PASSWORD_ATTR: userPassword
# Initial (empty) options. SASLAUTHD_OPTS="" # Use /etc/saslauthd.conf parameter file SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -O /etc/saslauthd.conf" # Use ldap authentications mechanism SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -a ldap"
# Don't forget to use chattr +S (if you are using ext[23]) # when you change these directories (read the docs). configdirectory: /var/imap partition-default: /var/spool/imap sievedir: /var/imap/sieve tls_ca_path: /etc/ssl/certs tls_cert_file: /etc/ssl/cyrus/server.crt tls_key_file: /etc/ssl/cyrus/server.key # Don't use an everyday user as admin. admins: cyrus hashimapspool: yes allowanonymouslogin: no allowplaintext: yes # Allow renaming of top-level mailboxes. #allowusermoves: yes # Use this if sieve-scripts could be in ~user/.sieve. #sieveusehomedir: yes # Use saslauthd if you want to use pam for imap. # But be warned: login with DIGEST-MD5 or CRAM-MD5 # is not possible using pam. sasl_pwcheck_method: saslauthd #################################################### ## This is a recommended authentication method if you ## emerge cyrus-sasl with 'postgres' or 'mysql' ## To use with mysql database uncomment those lines below. #sasl_pwcheck_method: auxprop #sasl_auxprop_plugin: sql ## possible values for sasl_auxprop_plugin 'mysql', 'pgsql', 'sqlite'. #sasl_sql_engine: mysql ## all possible values. #sasl_mech_list: LOGIN PLAIN CRAM-MD5 DIGEST-MD5 NTLM ## or limit to CRAM-MD5 only sasl_mech_list: PLAIN ## change below to suit your setup. sasl_sql_user: mailsqluser sasl_sql_passwd: password sasl_sql_database: mailsqldb sasl_sql_hostnames: localhost sasl_sql_select: SELECT clear FROM users WHERE email = '%u@%r'
emerge -C ssmtp
emerge postfix
cyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/lib/cyrus/deliver -e -m ${extension} ${user}
emerge postgrey