Mr Zesty's BrainDump

User Tools

Site Tools

Trace:
qmail-ldapwithdovecotondebian

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
qmail-ldapwithdovecotondebian [2008/03/20 23:09]
127.0.0.1 external edit 		qmail-ldapwithdovecotondebian [2020/02/13 22:55] (current)
Line 1: Line 1:
  
-====== qmail-ldap With Dovecot on Debian ====== +====== qmail-ldap With Dovecot on Ubuntu ====== 
-<uri strref="http://wiki.dovecot.org/PasswordDatabase/CheckPassword"/>+ 
 +Reference: http://wiki2.dovecot.org/AuthDatabase/LDAP
  
 <code> <code>
-aptitude remove courier-authdaemon courier-authlib courier-authlib-userdb+aptitude install dovecot-imapd dovecot-pop3d dovecot-ldap
 </code> </code>
 +
 +**/etc/dovecot/conf.d/10-auth.conf**:
 <code> <code>
-aptitude install dovecot-imapd dovecot-pop3d+... 
 +!include auth-ldap.conf.ext 
 +..
 </code> </code>
-Patch qmail-ldap with this patch to add auth_dovecot:  
  
-<uri strref="http://japc.uncovering.org/dovecot/qmail-ldap-1.03-20060201-dovecot.patch"/>+**/etc/dovecot/conf.d/10-mail.conf**:
  
 <code> <code>
-qmail-1.03# patch -p1 &lt; ../qmail-ldap-1.03-20060201-dovecot.patch+... 
 +mail_uid = 200 
 +mail_gid = 200 
 +... 
 +first_valid_uid = 200 
 +...
 </code> </code>
-<strong>/etc/dovecot/dovecot.conf</strong>:+ 
 +**/etc/dovecot/dovecot-ldap.conf.ext**:
  
 <code> <code>
---- ./dovecot.conf      2008/03/21 02:37:32     1.1 +hosts localhost
-+++ ./dovecot.conf      2008/03/24 17:31:18 +
-@@ -18,7 +18,7 @@ +
- # Protocols we want to be serving: imap imaps pop3 pop3s +
- # If you only want to use dovecot-auth, you can set this to &quot;none&quot;+
- #protocols imap imaps +
--protocols = +
-+protocols = imap imaps pop3 pop3s+
  
- # IP or host address where to listen in for connections. It's not currently +auth_bind = yes
- # possible to specify multiple addresses. &quot;*&quot; listens in all IPv4 interfaces. +
-@@ -43,7 +43,7 @@ +
- # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP +
- # matches the local IP (ie. you're connecting from the same computer), the +
- # connection is considered secure and plaintext authentication is allowed. +
--#disable_plaintext_auth = yes +
-+disable_plaintext_auth = no+
  
- # Should all IMAP and POP3 processes be killed when Dovecot master process +base ou=qmail, o=mrzesty
- # shuts down. Setting this to &quot;no&quot; means that Dovecot can be upgraded without +
-@@ -205,7 +205,7 @@ +
- # +
- # http://wiki.dovecot.org/MailLocation +
- # +
--#mail_location = +
-+mail_location maildir:~/Maildir+
  
- # If you need to set multiple mailbox locations or want to change default +user_attrs = =home=/var/qmail/maildirs/%{ldap:mailMessageStore}
- # namespace settings, you can do it by defining namespace sections: +
-@@ -304,21 +304,21 @@ +
- # Show more verbose process titles (in ps). Currently shows user name and +
- # IP address. Useful for seeing who are actually using the IMAP processes +
- # (eg. shared mailboxes or if same uid is used for multiple accounts). +
--#verbose_proctitle no +
-+verbose_proctitle yes+
  
- # Valid UID range for users, defaults to 500 and above. This is mostly +user_filter (&(objectClass=qmailUser)(uid=%u))
- # to make sure that users can't log in as daemons or other system users. +
- # Note that denying root logins is hardcoded to dovecot binary and can'+
- # be done even if first_valid_uid is set to 0. +
--#first_valid_uid 500 +
--#last_valid_uid +
-+first_valid_uid 200 +
-+last_valid_uid = 200+
  
- # Valid GID range for users, defaults to non-root/wheel. Users having +pass_attrs = =home=/var/qmail/maildirs/%{ldap:mailMessageStore}
- # non-valid GID as primary group ID aren't allowed to log in. If user +
- # belongs to supplementary groups with non-valid GIDs, those groups are +
- # not set. +
--#first_valid_gid +
--#last_valid_gid +
-+first_valid_gid 200 +
-+last_valid_gid = 200+
  
- # Maximum number of running mail processes. When this limit is reached, +pass_filter = (&(objectClass=qmailUser)(uid=%u)) 
- # new users aren't allowed to log in. +</code>
-@@ -512,7 +512,7 @@+
  
-   # Support for dynamically loadable plugins. mail_plugins is a space separated 
-   # list of plugins to load. 
--  #mail_plugins = 
-+  mail_plugins = quota imap_quota 
-   #mail_plugin_dir = /usr/lib/dovecot/modules/imap 
- 
-   # Send IMAP capabilities in greeting message. This makes it unnecessary for 
-@@ -618,7 +618,7 @@ 
- 
-   # Support for dynamically loadable plugins. mail_plugins is a space separated 
-   # list of plugins to load. 
--  #mail_plugins = 
-+  mail_plugins = quota 
-   #mail_plugin_dir = /usr/lib/dovecot/modules/pop3 
- 
-   # Workarounds for various client bugs: 
-@@ -743,7 +743,7 @@ 
- auth default { 
-   # Space separated list of wanted authentication mechanisms: 
-   #   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi 
--  mechanisms = plain 
-+  mechanisms = plain login 
- 
-   # 
-   # Password database is used to verify user's password (and nothing more). 
-@@ -779,7 +779,7 @@ 
-   # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM 
-   # authentication to actually work. 
-   # http://wiki.dovecot.org/PasswordDatabase/PAM 
--  passdb pam { 
-+  #passdb pam { 
-     #  [session=yes] [setcred=yes] [cache_key=&lt;key&gt;] [&lt;service name&gt;] 
-     # 
-     # session=yes makes Dovecot open and immediately close PAM session. Some 
-@@ -808,7 +808,7 @@ 
-     #   args = session=yes * 
-     #   args = cache_key=%u dovecot 
-     #args = dovecot 
--  } 
-+  #} 
- 
-   # /etc/passwd or similar, using getpwnam() 
-   # In many systems nowadays this uses Name Service Switch, which is 
-@@ -839,10 +839,10 @@ 
-   # checkpassword executable authentication 
-   # NOTE: You will probably want to use &quot;userdb prefetch&quot; with this. 
-   # http://wiki.dovecot.org/PasswordDatabase/CheckPassword 
--  #passdb checkpassword { 
-+  passdb checkpassword { 
-     # Path for checkpassword binary 
--    #args = 
--  #} 
-+    args = /var/qmail/bin/auth_dovecot ./Maildir/ 
-+  } 
- 
-   # SQL database 
-   # http://wiki.dovecot.org/AuthDatabase/SQL 
-@@ -877,8 +877,8 @@ 
-   # configured in /etc/nsswitch.conf. WARNING: nss_ldap is known to be broken 
-   # with Dovecot. Don't use it, or users might log in as each others! 
-   # http://wiki.dovecot.org/AuthDatabase/Passwd 
--  userdb passwd { 
--  } 
-+  #userdb passwd { 
-+  #} 
- 
-   # passwd-like file with specified location 
-   # http://wiki.dovecot.org/AuthDatabase/PasswdFile 
-@@ -922,8 +922,8 @@ 
-   # This can be made to work with SQL and LDAP databases, see their example 
-   # configuration files for more information how to do it. 
-   # http://wiki.dovecot.org/UserDatabase/Prefetch 
--  #userdb prefetch { 
--  #} 
-+  userdb prefetch { 
-+  } 
- 
-   # User to use for the process. This user needs access to only user and 
-   # password databases, nothing else. Only shadow and pam authentication 
-@@ -1026,7 +1026,7 @@ 
-   #   dict: Keep quota stored in dictionary (eg. SQL) 
-   #   maildir: Maildir++ quota 
-   #   fs: Read-only support for filesystem quota 
--  #quota = maildir 
-+  quota = maildir 
- 
-   # ACL plugin. vfile backend reads ACLs from &quot;dovecot-acl&quot; file from maildir 
-   # directory. You can also optionally give a global ACL directory path where 
-</code> 
 ====== Fail2ban ====== ====== Fail2ban ======
 Activate fail2ban to block brute force attacks. Activate fail2ban to block brute force attacks.
qmail-ldapwithdovecotondebian.1206068986.txt.gz · Last modified: 2020/02/13 22:55 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki
free spam filter