Nethence Newdoc Olddoc Lab Your IP BBDock  


Warning: those guides are mostly obsolete, please have a look at the new documentation.

UnixWindowsOracleObsoleteHardwareDIYMechanicsScriptsConfigs

Setting up Sendmail & OpenLDAP on NetBSD
draft to be continued (11/08/2014)
 
Installation
First, make sure Sendmail is up and running on your NetBSD system.
 
Then install OpenLDAP,
echo $PKG_PATH
pkg_add openldap openldap-client openldap-server openldap-doc
pkg_info | grep ^openldap
cp /usr/pkg/share/examples/rc.d/slapd /etc/rc.d/
# /usr/sbin/chown -R slapd:ldap /var/openldap/openldap-data/*
# /usr/sbin/chown :ldap /usr/pkg/etc/openldap/slapd.conf
# /bin/chmod 640 /usr/pkg/etc/openldap/slapd.conf
grep slapd /etc/passwd
grep ldap /etc/group
 
On x64 systems,
ls -l /etc/rc.conf.d/slapd
cat > /etc/rc.conf.d/slapd <<EOF9
start_precmd="set_limits"
 
set_limits()
{
ulimit -s 4096
}
EOF9
cat /etc/rc.conf.d/slapd
 
Base Configuration
Configure the thing,
ln -s /usr/pkg/etc/openldap /etc/openldap
cd /etc/openldap/
mv slapd.conf slapd.conf.dist
cat > slapd.conf <<EOF9
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
pidfile /var/openldap/run/slapd.pid
argsfile /var/openldap/run/slapd.args
database bdb
suffix "dc=example,dc=local"
rootdn "cn=Manager,dc=example,dc=local"
password-hash {CRYPT}
rootpw CHANGE_THIS_PASSWORD 
directory /var/openldap/openldap-data
EOF9
chmod 640 /etc/openldap/slapd.conf
chgrp ldap slapd.conf
Note. CRYPT for Dovecot compatibility.
Note. No need to crypt the rootpw password in the configuration file itself, it won't work.
 
Initializing the directory
Check the group ownership (root:ldap 640) on the configuration file,
ls -l /etc/openldap/slapd.conf
 
Check the permissions (slapd:ldap 700) on the database folder,
ls -ld /var/openldap/openldap-data/
 
Enable and start the daemon,
echo "slapd=YES" >> /etc/rc.conf
ls -al /var/openldap/openldap-data/
/etc/rc.d/slapd start
ls -al /var/openldap/openldap-data/
Note. if you ever need to reinitialize the directory database at installation time only,
#rm -rf /var/openldap/openldap-data/*
check that it is running as slapd user,
ps aux | grep slapd
 
For the following example to be interesting to test, those UID should not exist,
grep 1102 /etc/passwd
grep 1103 /etc/passwd
Note. and the users [100] group which exists, will be used.
initialize the directory database,
cd /etc/openldap/
cat > dovecot.init.ldif <<EOF9
dn: dc=example,dc=local
objectClass: top
objectClass: dcObject
objectClass: organization
o: Example Org
dc: example
description: bla bla
 
dn: ou=accounts,dc=example,dc=local
objectClass: top
objectClass: organizationalUnit
ou: accounts
 
# only necessary if you are NOT using 'bind' authentication
dn: cn=dovecot,ou=accounts,dc=example,dc=local
objectClass: top
objectclass: person
cn: dovecot
sn: dovecot
 
dn: uid=ole_wobble,ou=accounts,dc=example,dc=local
objectClass: top
objectclass: person
objectClass: posixAccount
cn: Ole Wobble Olson
sn: Olson
uid: ole_wobble
uidNumber: 1102
gidNumber: 100
homeDirectory: /home/ole_wobble
 
dn: uid=ole_wubble,ou=accounts,dc=example,dc=local
objectClass: top
objectclass: person
objectClass: posixAccount
cn: Ole Wubble Olson
sn: Olson
uid: ole_wubble
uidNumber: 1103
gidNumber: 100
homeDirectory: /home/ole_wubble
 
EOF9
#sed 's/^[[:space:]]*//' dovecot.init.ldif
ldapadd -W -D "cn=Manager,dc=example,dc=local" -f /etc/openldap/dovecot.init.ldif
 
You should get this output at initialization time,
adding new entry "dc=example,dc=local"
 
adding new entry "ou=accounts,dc=example,dc=local"
 
adding new entry "cn=dovecot,ou=accounts,dc=example,dc=local"
 
adding new entry "uid=ole_wobble,ou=accounts,dc=example,dc=local"
 
adding new entry "uid=ole_wubble,ou=accounts,dc=example,dc=local"
 
Troubleshooting the directory initialization
If you get this error,
ldap_bind: Invalid credentials (49)
make sure you get the same dc domain for rootdn into slapd.conf and in the init ldif. Also make sure /etc/openldap is a symlink to /usr/pkg/etc/openldap and not a directory on its own.
 
If you get this error,
ldap_add: Protocol error (2)
additional info: no attributes provided
it may be caused by the leading spaces in your init ldif.
 
If you get this error,
ldap_add: Undefined attribute type (17)
additional info: dn: attribute type undefined
it may be because you forgot to provide the inetorgperson schema in slapd.conf.
 
If you get this error,
ldap_add: Type or value exists (20)
additional info: objectClass: value #0 provided more than once
it is because a space is needed before each new dn: line, check line 9, and eventually a leading space at the end of file too...
 
Configuration Tweak for Dovecot
Add this to your LDAP daemon configuration for Dovecot to be able to get information about users,
cd /etc/openldap/
cat >> slapd.conf <<EOF9
access to dn.children="ou=accounts,dc=example,dc=net"
by dn="cn=dovecot,ou=accounts,dc=example,dc=net" read
by anonymous auth
EOF9
/etc/rc.d/slapd restart
 
Setting up user passwords
Setup a password for the dovecot user and mail accounts
ldappasswd -W -S -D "cn=Manager,dc=example,dc=local" "cn=dovecot,ou=accounts,dc=example,dc=local"
ldappasswd -W -S -D "cn=Manager,dc=example,dc=local" "uid=ole_wobble,ou=accounts,dc=example,dc=local"
ldappasswd -W -S -D "cn=Manager,dc=example,dc=local" "uid=ole_wubble,ou=accounts,dc=example,dc=local"
and check the registry,
ldapsearch -LLL -W -D "cn=Manager,dc=example,dc=local" -b "dc=example,dc=local" "(objectclass=*)"
 
References
HowToDovecotOpenLdap: http://wiki2.dovecot.org/HowTo/DovecotOpenLdap
Dovecot LDA with Sendmail: http://wiki2.dovecot.org/LDA/Sendmail
 

(obsolete, see the new doc)