If problems occur you can enable logging.Īdd multiple logging options with olcLogLevel:, the logs are quite cryptic and unusually didn't help me much. This should print a page full of things with 'yes' next to most of them.Ĭhecking whether %COMPAT is required. OpenLDAP Testing SSL/TLS way 2 gnutls-cli-debug -p 636 If everything worked you have done the hardest bit (appart from understanding the ACL's, later!) If that doesnt work leave it on 389 and change it to level Anonymous, if this doesn't work you have probably have done something daft. If you cannot get in, change it to port 389, change Level to User + Password and that should let you in, this means cert problem is issue. This should prompt for a cert, select session only! (this ascertains its listening and connecting on 636) then it should show you the dir, if this works you admin login is ok. So long as the server has ports 636 and 389 listening you can do this from a second client machine. Note these were generated with openSSL you dont need to use gnutls thing) Once slapd is restarted, it should be now listening on port 636 with your snakeoil certs (which I use with other things on the server. Sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f delete.ldif -v How to delete stuff you may have accidently added after reading other things on the internet. Sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f cert.ldif -v OlcTLSCertificateKeyFile: /etc/ssl/private/ssl-cert-snakeoil.key OlcTLSCertificateFile: /etc/ssl/certs/ssl-cert-snakeoil.pem (create just as a temporary text file somewhere) It should end up like, -rw-r- 1 root ssl-cert 1675 ssl-cert-snakeoil.key ![]() pem should already, you will need to add openldap account into the ssl-cert group so it has read access to the. Make sure they both have read access! The. Note using StartTLS instead of TLS/SSL uses port 389 so this wouldn't be needed, however couldn't find anything that used StartTLS, everything uses TLS/SSL so you will need this.Īdd you SSL certificates, I am using the ones I use with dovecot and most everything else on the server.OpenLDAP TSL/SSL securing openLDAP slapd modify /etc/default/slapdĮnable slapd daemon to listen on port 636 for TLS/SSL The password slapd asks you to set on install (via the ncurses popup) is your (effectively root) 'admin' account in openldap, corresponding to the login cn=admin,dc=yourdomain,dc=com.Sudo apt-get install slapd ldap-utils gnutls-bin jxplorer phpldapadmin There is a who load of outdated info on the interwebs, hopefully this will help someone not waste all the time I did! (Assuming you are already using Squirrelmail/Thunderbird) Hopefully this will explain how to use multi user openLDAP Address book with phpldapadmin/Thunderbird/Squirrelmail/iPhone(iOS) 4 openLDAP ACL Access Permissions acl.ldif.3.3.1 fixup config.php to final settings.3.3 phpldapadmin - Importing Site Structure.3.2 phpldapadmin config - /etc/phpldapadmin/config.php.2.1 openLDAP slapd modify /etc/default/slapd. ![]() Fix incorrect option group naming issue under SquirrelMail 1.4.Please support this plugin's development: Donate to this author That is, no matter what address book backends are in use, this plugin will work the same, and there are NO changes required whatsoever to begin using grouping functionality. The address listing page is then adorned with a filtering selector that lets the listing be filtered by one or more groups. Users may define any number of groups to which addresses can be added (and addresses may be added to more than one group). This plugin adds pagination to the address listing page and, if allowed per the configuration file, adds address book grouping functionality to SquirrelMail. Plugins - Address Book Grouping and Pagination
0 Comments
Leave a Reply. |