OpenLDAP Open-xchange
Un bug ouvert depuis le 20 juin 2001 fait que la version packagé d'OpenLDAP dans Sarge, n'a pas le support des « aci », dont OX se sert pout la déclaration des utilisateurs.
Nous allons donc compiler OpenLDAP afin d'avoir cette option.
# apt-get install dpkg-dev
# cd /usr/local/src
# mkdir openldap
# cd openldap
# apt-get source slapd
# apt-get build-dep slapd
# cd openldap2.2-2.2.23/debian
# vim configure.options
Retirez le commentaire à la ligne suivante :
# --enable-aci
# cd ..
# dpkg-buildpackage -uc -b
# cd ..
# dpkg -i *.deb
Vient une série de question, non, domaine, organisation, passwd x2, BDB, non, oui, non
Comme OpenLDAP est modifié, il ne faut pas qu'un 'apt-get upgrade' écrase cette version et nous oblige à tout réinstaller. Pour cela il faut enlever tous les paquets que l'on vient d'installer à la liste des paquets suceptibles d'être mis à jour :
ls *.deb | awk -F '_' '{print $1 " hold"}' | dpkg --set-selections
# cd /etc/ldap
# vim /etc/ldap/slapd.conf
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/openxchange.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd.args
# Read slapd.conf(5) for possible values
loglevel 5
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_bdb
#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend bdb
checkpoint 512 30
#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend <other>
#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database bdb
# The base of your directory in database #1
suffix "dc=mon,dc=domaine,dc=com"
rootdn "uid=mailadmin,dc=mon,dc=domaine,dc=com"
rootpw "secure"
# Where the database file are physically stored for database #1
directory "/var/lib/ldap"
# Indexing options for database #1
index objectClass eq
index uid,mailEnabled,cn,sn,givenname,lnetMailAccess,alias,loginDestination eq,sub
# Save the time that the entry gets modified, for database #1
lastmod on
include /etc/ldap/acl_ox.conf
Création d'un fichier qui contiendra les ACLs
# vim acl_ox.conf
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
#
# protect the userPassword attribute
access to attr=userPassword
#
by self =w
by anonymous auth
#
# global address book
access to dn.subtree="o=AddressBook,ou=OxObjects,dc=mon,dc=domaine,dc=com"
by group.exact="cn=AddressAdmins,o=AddressBook,ou=OxObjects,dc=mon,dc=domaine,dc=com" write
by users read
#
# personal address book
access to dn.regex="^ou=addr,(uid=([^,]+),ou=Users,ou=OxObjects,dc=mon,dc=domaine,dc=com)$" attrs=children
by dn.exact,expand="$1" write
access to dn.regex="^uid=([^,]+),ou=addr,(uid=([^,]+),ou=Users,ou=OxObjects,dc=mon,dc=domaine,dc=com)$" attrs=entry
by dn.exact,expand="$2" write
#
# default rule allowing users full access to their own entries
access to *
by self write
by users read
Il faut maintenant re-créer l'index et redémarrer le service LDAP :
# slapindex -f /etc/ldap/slapd.conf
# /etc/init.d/slapd restart
snoopyouaib.com - Toute reproduction conseillée !
Nous sommes le 30-07-2010 et il est 18:32
