Zarafa LDAP Howto Debian/Ubuntu

From Zarafa wiki

Jump to: navigation, search

Contents

Introduction

Install Debian 7 / Ubuntu 12.04 LTS.

Please note : slapd uses the hostname to "guess" the organisation name for the LDAP.

In this howto we use the hostname zarafa.example.local, which results in dc=example,dc=local in LDAP.

For your setup you probably want to change this to something more useful.

Install mysql and apache / php

# apt-get install mysql-server libapache2-mod-php5 

Enter the mysql password twice and write it down.

Install OpenLDAP

# apt-get install slapd ldap-utils

Enter LDAP administrator password twice and write it down.

Use slapcat to verify that the install took the defaults from your hostname for your organisation correctly, if that's not the case run dpkg-reconfigure slapd and set it up manually

# slapcat
dn: dc=example,dc=local
objectClass: top
objectClass: dcObject
objectClass: organization
o: example.local
dc: example
structuralObjectClass: organization
entryUUID: 907f25dc-91f2-1032-97fa-b34646bf14f6
creatorsName: cn=admin,dc=example,dc=local
createTimestamp: 20130805081250Z
entryCSN: 20130805081250.289774Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=local
modifyTimestamp: 20130805081250Z

dn: cn=admin,dc=example,dc=local
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9dm1rV21GdmVPbVBXTnI4blhSbE5oeVVmTTVSWm4vV2U=
structuralObjectClass: organizationalRole
entryUUID: 907fc91a-91f2-1032-97fb-b34646bf14f6
creatorsName: cn=admin,dc=example,dc=local
createTimestamp: 20130805081250Z
entryCSN: 20130805081250.293957Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=local
modifyTimestamp: 20130805081250Z</nowiki>

Create the placeholder for our users.

Create a file called org.ldif containing:

dn: ou=People,dc=example,dc=local
objectClass: organizationalUnit
objectClass: top
ou: People

Import the ldif file into ldap.

# ldapadd -x -D cn=admin,dc=example,dc=local -W -f org.ldif

Check if it was added with a simple search.

# ldapsearch -x -D cn=admin,dc=example,dc=local -W -b dc=example,dc=local

Download and install Zarafa

Choose the version for your distribution from http://download.zarafa.com/community/final/7.1/

We will be using zcp-7.1.5-42059-debian-7.0-x86_64-free.tar.gz in this howto.

# wget http://download.zarafa.com/community/final/7.1/7.1.5-42059/zcp-7.1.5-42059-debian-7.0-x86_64-free.tar.gz

# tar zxvf zcp-7.1.5-42059-debian-7.0-x86_64-free.tar.gz

# cd zcp-7.1.5-42059-debian-7.0-x86_64

# ./install.sh

When prompted for mysql password use the on you have entered earlier.

Accept the defaults for the other questions.

Press y to accept the install of the suggested packages.

Reboot the system.

# reboot

After the boot check if Zarafa is up and running.

# zarafa-admin -l

User list for Default(1):
	Username	Fullname	Homeserver	
	------------------------------------------
	SYSTEM		SYSTEM		Zarafa	

Add the Zarafa schema to our ldap

# zcat /usr/share/doc/zarafa/zarafa.ldif.gz | ldapadd -H ldapi:/// -Y EXTERNAL

Add an Zarafa user to our ldap

Create a new ldif file called user.ldif containing the following. This user will have zarafa admin rights:

dn: uid=john,ou=People,dc=example,dc=local
objectClass: posixAccount
objectClass: top
objectClass: zarafa-user
objectClass: inetOrgPerson
gidNumber: 1000
cn: John Doe
homeDirectory: /home/john
mail: john@example.local
uidNumber: 1000
zarafaAliases: j.doe@example.local
zarafaUserServer: Zarafa
uid: john
zarafaAccount: 1
zarafaAdmin: 1
sn: Doe
userPassword: john
zarafaQuotaOverride: 1
zarafaEnabledFeatures: imap
zarafaDisabledFeatures: pop3
zarafaQuotaWarn: 1000000000
zarafaQuotaSoft: 1100000000
zarafaQuotaHard: 1200000000
# ldapadd -x -D cn=admin,dc=example,dc=local -W -f user.ldif

Verify the user anonymously.

# ldapsearch -xLLL -b dc=example,dc=local uid=john

Changing the zarafa configuration

Edit /etc/zarafa/server.cfg

Change the line user_plugin into the following.

user_plugin             = ldap

Setup the ldap.cfg

# cd /etc/zarafa/
# cp ldap.openldap.cfg ldap.cfg

For this howto to we will be using anonymous binding

Edit /etc/zarafa/ldap.cfg

Change the line ldap_bind_user = cn=admin,cn=users,dc=zarafa,dc=com into the following.

ldap_bind_user =

Change the search base so it matches our organisation.

ldap_search_base = dc=example,dc=local

Restart the zarafa-server

 # /etc/init.d/zarafa-server restart 

Check if Zarafa can get the user from LDAP

# zarafa-admin -l

User list for Default(2):
	Username	Fullname	Homeserver	
	------------------------------------------
	SYSTEM		SYSTEM		Zarafa	
	john		John Doe	

Lets show the details of our user john.

# zarafa-admin --details john

Username:		john
Fullname:		John Doe
Emailaddress:		john@example.local
Active:			yes
Administrator:		yes
Address book:		Visible
Auto-accept meeting req:no
Mapped properties:
	PR_SURNAME		Doe	
	PR_EC_ENABLED_FEATURES	imap	
	PR_EC_DISABLED_FEATURES	pop3	
Current user store quota settings:
 Quota overrides:	yes
 Warning level:		953.67 MB
 Soft level:		1049.04 MB
 Hard level:		1144.41 MB
Current store size:	0.00 MB
Groups (1):
	Everyone

Ldap optimization

Create a file called optimize-index.ldif containing:

dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: cn eq
olcDbIndex: gidNumber eq
olcDbIndex: mail eq
olcDbIndex: memberUid eq
olcDbIndex: ou eq
olcDbIndex: uid eq
olcDbIndex: uidNumber eq
olcDbIndex: uniqueMember eq
olcDbIndex: zarafaAccount eq
olcDbIndex: zarafaAliases eq
olcDbIndex: zarafaViewPrivilege eq

Add the ldif to add the new indexes.

# cat optimize-index.ldif | ldapmodify -Y EXTERNAL -H ldapi:///

Check if our new olcDbIndex keys have been added.

# slapcat -b cn=config | grep olcDbIndex:

olcDbIndex: objectClass eq
olcDbIndex: cn eq
olcDbIndex: gidNumber eq
olcDbIndex: mail eq
olcDbIndex: memberUid eq
olcDbIndex: ou eq
olcDbIndex: uid eq
olcDbIndex: uidNumber eq
olcDbIndex: uniqueMember eq
olcDbIndex: zarafaAccount eq
olcDbIndex: zarafaAliases eq
olcDbIndex: zarafaViewPrivilege eq

You could check your slapd logging for suggestion of additional candidates for indexation.

# cat /var/log/syslog |grep bdb_equality_candidates

Ldap backup and restore using slapcat / slapadd

Backup

For the configuration use the the 0 since it is the first database.

# slapcat -n 0 -l config.ldif

For the organisation use the the 1 since it is the second database.

# slapcat -n 1 -l example.local.ldif

Restore

Make sure you have stopped slapd before doing this.

You can use slapadd -n 0/1 to restore the respective databases.

# slapadd -n 0 -l config.ldif
# slapadd -n 1 -l example.local.ldif

Be careful to check if your restored databases end up in /var/lib/ldap with the correct permissions.

The owner should be openldap:openldap and the permissions 0600

Personal tools