[remaster/mcs] complete dovecot setup, implement partial (and untested) MCS setup

2010-10-19 19:41:55 +02:00 · 2010-10-19 19:41:55 +02:00 · 6f64f7a358
commit 6f64f7a358
parent 8242e589e5
4 changed files with 1449 additions and 1 deletions
--- a/remaster/mcs/dovecot-ldap.conf
+++ b/remaster/mcs/dovecot-ldap.conf
@ -0,0 +1,131 @@
+# This file is opened as root, so it should be owned by root and mode 0600.
+#
+# http://wiki.dovecot.org/AuthDatabase/LDAP
+#
+# NOTE: If you're not using authentication binds, you'll need to give
+# dovecot-auth read access to userPassword field in the LDAP server.
+# With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There should
+# already be something like this:
+
+# access to attribute=userPassword
+#        by dn="<dovecot's dn>" read # add this
+#        by anonymous auth
+#        by self write
+#        by * none
+
+# Space separated list of LDAP hosts to use. host:port is allowed too.
+hosts = localhost
+
+# LDAP URIs to use. You can use this instead of hosts list. Note that this
+# setting isn't supported by all LDAP libraries.
+#uris = 
+
+# Distinguished Name - the username used to login to the LDAP server
+#dn = cn=Directory Manager
+
+# Password for LDAP server
+#dnpass = password
+
+# Use SASL binding instead of the simple binding. Note that this changes
+# ldap_version automatically to be 3 if it's lower. Also note that SASL binds
+# and auth_bind=yes don't work together.
+sasl_bind = no
+# SASL mechanism name to use.
+#sasl_mech =
+# SASL realm to use.
+#sasl_realm =
+# SASL authorization ID, ie. the dnpass is for this "master user", but the
+# dn is still the logged in user. Normally you want to keep this empty.
+#sasl_authz_id =
+
+# Use TLS to connect to the LDAP server.
+#tls = no
+
+# Use authentication binding for verifying password's validity. This works by
+# logging into LDAP server using the username and password given by client.
+# The pass_filter is used to find the DN for the user. Note that the pass_attrs
+# is still used, only the password field is ignored in it. Before doing any
+# search, the binding is switched back to the default DN.
+auth_bind = yes
+
+# If authentication binding is used, you can save one LDAP request per login
+# if users' DN can be specified with a common template. The template can use
+# the standard %variables (see user_filter). Note that you can't
+# use any pass_attrs if you use this setting.
+#
+# If you use this setting, it's a good idea to use a different
+# dovecot-ldap.conf for userdb (it can even be a symlink, just as long as the
+# filename is different in userdb's args). That way one connection is used only
+# for LDAP binds and another connection is used for user lookups. Otherwise
+# the binding is changed to the default DN before each user lookup.
+#
+# For example:
+#   auth_bind_userdn = cn=%u,ou=people,o=org
+#
+#auth_bind_userdn = cn=Directory Manager
+
+# LDAP protocol version to use. Likely 2 or 3.
+ldap_version = 3
+
+# LDAP base. %variables can be used here.
+base = dc=babel,dc=it
+
+# Dereference: never, searching, finding, always
+#deref = never
+
+# Search scope: base, onelevel, subtree
+scope = subtree
+
+# User attributes are given in LDAP-name=dovecot-internal-name list. The
+# internal names are:
+#   uid - System UID
+#   gid - System GID
+#   home - Home directory
+#   mail - Mail location
+#
+# There are also other special fields which can be returned, see
+# http://wiki.dovecot.org/UserDatabase/ExtraFields
+# user_attrs = mailMessageStore=mail=maildir:/maildirs/%$,maildirquota=quota_rule=*:backend,mail_plugins,maildirwarn3=quota_warning=storage=%$%% /usr/local/bin/quota-warning.sh %$
+#,maildirwarn2=quota_warning2=storage=%$%% /usr/local/bin/quota-warning.sh %$ %u,maildirwarn3=quota_warning3=storage=%$%% /usr/local/bin/quota-warning.sh %$ %u
+user_attrs = mailMessageStore=mail=maildir:/maildirs/%$,maildirquota=quota_rule=*:backend,mail_plugins,maildirwarn1=quota_warning=storage=%$%% /usr/local/bin/quota-warning.sh %$ %u,maildirwarn2=quota_warning2=storage=%$%% /usr/local/bin/quota-warning.sh %$ %u,maildirwarn3=quota_warning3=storage=%$%% /usr/local/bin/quota-warning.sh %$ %u
+
+pass_attrs = mail=user,userPassword=password,mailMessageStore=userdb_home
+#pass_attrs = mail=user,userPassword=password,mailMessageStore=userdb_home
+pass_filter = (&(objectClass=inetOrgPerson)(mail=%u))
+
+#user_attrs = mailMessageStore=home,mailquota=quota_rule=*:backend
+
+
+
+# Filter for user lookup. Some variables can be used (see
+# http://wiki.dovecot.org/Variables for full list):
+#   %u - username
+#   %n - user part in user@domain, same as %u if there's no domain
+#   %d - domain part in user@domain, empty if user there's no domain
+user_filter = (&(objectClass=inetOrgPerson)(mail=%u))
+
+# Password checking attributes:
+#  user: Virtual user name (user@domain), if you wish to change the
+#        user-given username to something else
+#  password: Password, may optionally start with {type}, eg. {crypt}
+# There are also other special fields which can be returned, see
+# http://wiki.dovecot.org/PasswordDatabase/ExtraFields
+#pass_attrs = uid=user,userPassword=password
+
+# If you wish to avoid two LDAP lookups (passdb + userdb), you can use
+# userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll
+# also have to include user_attrs in pass_attrs field prefixed with "userdb_"
+# string. For example:
+#pass_attrs = mail=user,userPassword=password,mailMessageStore=userdb_home
+
+# Filter for password lookups
+#pass_filter = (&(objectClass=inetOrgPerson)(mail=%u))
+
+# Default password scheme. "{scheme}" before password overrides this.
+# List of supported schemes is in: http://wiki.dovecot.org/Authentication
+#default_pass_scheme = CRYPT
+
+# You can use same UID and GID for all user accounts if you really want to.
+# If the UID/GID is still found from LDAP reply, it overrides these values.
+#user_global_uid = mail
+#user_global_gid = mail
--- a/remaster/mcs/dovecot.conf
+++ b/remaster/mcs/dovecot.conf
--- a/remaster/mcs/mcs-functions.sh
+++ b/remaster/mcs/mcs-functions.sh
@ -34,6 +34,14 @@ ServerAdminPwd=mcsmanager
 " > "${tmp_config_file}"
 	# FIXME: calling the script directly, from init, won't work, WTF!
 	su - -c "/usr/sbin/setup-ds-admin.pl -f ${tmp_config_file} --silent" || return 1
+
+	# init MCS ldap data
+	( /usr/sbin/mcs-ldapinit.pl -d localhost.localdomain -b "dc=babel,dc=it" \
+		-s sa -p mcsmanager -a node1 -B "db1,db2" > /tmp/base.ldif ) || return 1
+	/usr/bin/ldapmodify -a -D "cn=directory manager" -w mcsmanager \
+		-f /tmp/base.ldif || return 1
+	rm -f /tmp/base.ldif &> /dev/null
+
 	echo "389 Directory Server configured."
 	return 0
 }
--- a/scripts/3rdparty/remaster_mcs_inner_chroot_script_after.sh
+++ b/scripts/3rdparty/remaster_mcs_inner_chroot_script_after.sh
@ -40,7 +40,7 @@ if [ -z "${mysql_ebuild}" ]; then
 	exit 1
 fi
 echo "password=mcsmanager" > /root/.my.cnf || exit 1
-ebuild "${mysql_ebuild}" config
+HOSTNAME="somethingelse" ebuild "${mysql_ebuild}" config
 if [ "${?}" != "0" ]; then
 	exit 1
 fi
@ -79,14 +79,42 @@ cp /.mcs/mmt_scripts /usr/local/ -Rp || exit 1
 chown root:root /usr/local/mmt_scripts -R || exit 1
 chmod 755 /usr/local/mmt_scripts/* -R || exit 1

+# copy mcs-ldapinit.pl somewhere, it will be used to setup mcs ldap schema at runtime
+cp /.mcs/no_repo/MailWare-Manager/scripts/mcs-ldapinit.pl /usr/sbin/ || exit 1
+chmod +x /usr/sbin/mcs-ldapinit.pl || exit 1
+chown root:root /usr/sbin/mcs-ldapinit.pl || exit 1
+
+
 # Build ejabberd
 #tar xvzf /.mcs/ejabberd-patched.tar.bz2 -C /tmp || exit 1
 #cd /tmp/ejabberd-2.1.0_rc1 || exit 1

+## Setup MCS
+
+# setup 389 schema
+cp /.mcs/no_repo/MailWare-Manager/ldif/schema/* /etc/dirsrv/schema/ || exit 1
+chown root:root /etc/dirsrv/schema/*.ldif -R || exit 1
+# setup config
+
+# TODO: complete
+# cp /.mcs/no_repo/MailWare-Manager/sabayon-conf/web/WEB-INF/balance.xml || exit 1 # TODO
+# cp /.mcs/no_repo/MailWare-Manager/sabayon-conf/web/WEB-INF/conf/axis2.xml || exit 1 # TODO
+# cp /.mcs/no_repo/MailWare-Manager/sabayon-conf/src/manager.properties || exit 1
+# cp /.mcs/no_repo/MailWare-Manager/sabayon-conf/src/ldap.properties || exit 1
+
+mkdir /maildirs || exit 1
+chown mail:mail /maildirs -R || exit 1
+
+
 # Setup .war stuff
 cp /.mcs/no_repo/jboss-deploy/* /opt/jboss-bin-4.2/server/default/deploy/ -Rap
 chown jboss:jboss /opt/jboss-bin-4.2/server/default/deploy/ -R

+# Setup dovecot
+cp /.mcs/dovecot*.conf /etc/dovecot/ || exit 1
+chown root:root /etc/dovecot/dovecot*.conf || exit 1
+chmod 644 /etc/dovecot/dovecot*.conf || exit 1
+
 # add services to init
 # autostarted by the mcs setup script
 ## rc-update add 389-ds default