Nethence Newdoc Olddoc Lab Your IP BBDock  

Warning: those guides are mostly obsolete, please have a look at the new documentation.


Setting up Sendmail & OpenLDAP on NetBSD
draft to be continued (11/08/2014)
First, make sure Sendmail is up and running on your NetBSD system.
Then install OpenLDAP,
echo $PKG_PATH
pkg_add openldap openldap-client openldap-server openldap-doc
pkg_info | grep ^openldap
cp /usr/pkg/share/examples/rc.d/slapd /etc/rc.d/
# /usr/sbin/chown -R slapd:ldap /var/openldap/openldap-data/*
# /usr/sbin/chown :ldap /usr/pkg/etc/openldap/slapd.conf
# /bin/chmod 640 /usr/pkg/etc/openldap/slapd.conf
grep slapd /etc/passwd
grep ldap /etc/group
On x64 systems,
ls -l /etc/rc.conf.d/slapd
cat > /etc/rc.conf.d/slapd <<EOF9
ulimit -s 4096
cat /etc/rc.conf.d/slapd
Base Configuration
Configure the thing,
ln -s /usr/pkg/etc/openldap /etc/openldap
cd /etc/openldap/
mv slapd.conf slapd.conf.dist
cat > slapd.conf <<EOF9
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
pidfile /var/openldap/run/
argsfile /var/openldap/run/slapd.args
database bdb
suffix "dc=example,dc=local"
rootdn "cn=Manager,dc=example,dc=local"
password-hash {CRYPT}
directory /var/openldap/openldap-data
chmod 640 /etc/openldap/slapd.conf
chgrp ldap slapd.conf
Note. CRYPT for Dovecot compatibility.
Note. No need to crypt the rootpw password in the configuration file itself, it won't work.
Initializing the directory
Check the group ownership (root:ldap 640) on the configuration file,
ls -l /etc/openldap/slapd.conf
Check the permissions (slapd:ldap 700) on the database folder,
ls -ld /var/openldap/openldap-data/
Enable and start the daemon,
echo "slapd=YES" >> /etc/rc.conf
ls -al /var/openldap/openldap-data/
/etc/rc.d/slapd start
ls -al /var/openldap/openldap-data/
Note. if you ever need to reinitialize the directory database at installation time only,
#rm -rf /var/openldap/openldap-data/*
check that it is running as slapd user,
ps aux | grep slapd
For the following example to be interesting to test, those UID should not exist,
grep 1102 /etc/passwd
grep 1103 /etc/passwd
Note. and the users [100] group which exists, will be used.
initialize the directory database,
cd /etc/openldap/
cat > dovecot.init.ldif <<EOF9
dn: dc=example,dc=local
objectClass: top
objectClass: dcObject
objectClass: organization
o: Example Org
dc: example
description: bla bla
dn: ou=accounts,dc=example,dc=local
objectClass: top
objectClass: organizationalUnit
ou: accounts
# only necessary if you are NOT using 'bind' authentication
dn: cn=dovecot,ou=accounts,dc=example,dc=local
objectClass: top
objectclass: person
cn: dovecot
sn: dovecot
dn: uid=ole_wobble,ou=accounts,dc=example,dc=local
objectClass: top
objectclass: person
objectClass: posixAccount
cn: Ole Wobble Olson
sn: Olson
uid: ole_wobble
uidNumber: 1102
gidNumber: 100
homeDirectory: /home/ole_wobble
dn: uid=ole_wubble,ou=accounts,dc=example,dc=local
objectClass: top
objectclass: person
objectClass: posixAccount
cn: Ole Wubble Olson
sn: Olson
uid: ole_wubble
uidNumber: 1103
gidNumber: 100
homeDirectory: /home/ole_wubble
#sed 's/^[[:space:]]*//' dovecot.init.ldif
ldapadd -W -D "cn=Manager,dc=example,dc=local" -f /etc/openldap/dovecot.init.ldif
You should get this output at initialization time,
adding new entry "dc=example,dc=local"
adding new entry "ou=accounts,dc=example,dc=local"
adding new entry "cn=dovecot,ou=accounts,dc=example,dc=local"
adding new entry "uid=ole_wobble,ou=accounts,dc=example,dc=local"
adding new entry "uid=ole_wubble,ou=accounts,dc=example,dc=local"
Troubleshooting the directory initialization
If you get this error,
ldap_bind: Invalid credentials (49)
make sure you get the same dc domain for rootdn into slapd.conf and in the init ldif. Also make sure /etc/openldap is a symlink to /usr/pkg/etc/openldap and not a directory on its own.
If you get this error,
ldap_add: Protocol error (2)
additional info: no attributes provided
it may be caused by the leading spaces in your init ldif.
If you get this error,
ldap_add: Undefined attribute type (17)
additional info: dn: attribute type undefined
it may be because you forgot to provide the inetorgperson schema in slapd.conf.
If you get this error,
ldap_add: Type or value exists (20)
additional info: objectClass: value #0 provided more than once
it is because a space is needed before each new dn: line, check line 9, and eventually a leading space at the end of file too...
Configuration Tweak for Dovecot
Add this to your LDAP daemon configuration for Dovecot to be able to get information about users,
cd /etc/openldap/
cat >> slapd.conf <<EOF9
access to dn.children="ou=accounts,dc=example,dc=net"
by dn="cn=dovecot,ou=accounts,dc=example,dc=net" read
by anonymous auth
/etc/rc.d/slapd restart
Setting up user passwords
Setup a password for the dovecot user and mail accounts
ldappasswd -W -S -D "cn=Manager,dc=example,dc=local" "cn=dovecot,ou=accounts,dc=example,dc=local"
ldappasswd -W -S -D "cn=Manager,dc=example,dc=local" "uid=ole_wobble,ou=accounts,dc=example,dc=local"
ldappasswd -W -S -D "cn=Manager,dc=example,dc=local" "uid=ole_wubble,ou=accounts,dc=example,dc=local"
and check the registry,
ldapsearch -LLL -W -D "cn=Manager,dc=example,dc=local" -b "dc=example,dc=local" "(objectclass=*)"
Dovecot LDA with Sendmail:

(obsolete, see the new doc)