elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Improve active.directory.md. 

New: upgrade.ubuntu.18.04-20.04.html (DRAFT).
This commit is contained in:
Zhang Huangbin 2020-05-03 10:57:48 +08:00
parent 8c9980ece2
commit a76480c70d
6 changed files with 477 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
en_US/integrations/active.directory.md
View File

@ -39,6 +39,9 @@ To integrate Microsoft Active Directory with iRedMail, you should have:
installed and working properly, listen on port 389 (ldap://) or 636
(ldaps://), and allow LDAP connections from iRedMail server.
If you need to enable LDAP over SSL, please read
[this tutorial](https://support.microsoft.com/en-us/help/321051/how-to-enable-ldap-over-ssl-with-a-third-party-certification-authority).
## Install iRedMail
Please follow [iRedMail installaion guides](./index.html)
@ -73,10 +76,15 @@ With iRedMail (OpenLDAP backend), we have a low-privileged account
`cn=vmail,dc=xxx,dc=xxx` with read-only privilege. And we suggest you create a
same account `vmail` in AD, with strong and complex password.
__NOTE__: [Dovecot will treat characters as comment after a inline `#`, so
please just don't use `#` in password](https://forum.iredmail.org/post8630.html#p8630)
__NOTES__:
Please make sure this newly created user is able to connect to AD server with
* Dovecot treats characters as comment after a inline `#`, please don't use
`#` in password.
* Seems Windows Server 2019 doesn't like user id without domain part by
default, please create the `vmail` user with your domain name instead. for
example, `vmail@domain.com` (replace `domain.com` by your real domain name).
Make sure this newly created user is able to connect to AD server with
below command on iRedMail server:
```shell
@ -86,6 +94,14 @@ Enter password: password_of_vmail
If it prints all users stored in AD server, then it's working as expected.
If you're using LDAPS, replace `-h ad.example.com` by
`-H ldaps://ad.example.com:636` instead:
```shell
# ldapsearch -x -H ldaps://ad.example.com:636 -D 'vmail' -W -b 'cn=users,dc=example,dc=com'
Enter password: password_of_vmail
```
### Enable LDAP query with AD in Postfix
Disable unused iRedMail special settings:
@ -138,7 +154,7 @@ postconf -e virtual_alias_maps='proxy:ldap:/etc/postfix/ad_virtual_group_maps.cf
example.com dovecot
```
__Note__: `dovecot` used here is a Postfix transport defined in
__Note__: the name `dovecot` used here is a Postfix transport defined in
`/etc/postfix/master.cf`, used to deliver received emails to local user mailboxes.
Run `postmap` so that postfix can read it:
@ -182,9 +198,8 @@ result_format = %d/%u/Maildir/
debuglevel = 0
```
__Note__: Here, we hard-code user's mailbox path in
`[domain]/[username]/Maildir/` format (`result_format` parameter). for example:
`example.com/postmaster/Maildir/`.
__Note__: We hard-code user's mailbox path in `result_format =` parameter, it
will be something like `example.com/username/Maildir/`.
* Create file: `/etc/postfix/ad_virtual_group_maps.cf`:
@ -205,7 +220,7 @@ result_attribute= userPrincipalName
debuglevel = 0
```
__Note__:
__Notes__:
* If your user have email address in both `mail` and `userPrincipalName`, you
will get duplicate result. Comment out `leaf_result_attribute` line will fix it.
@ -279,6 +294,11 @@ dnpass = passwd_of_vmail
base = cn=users,dc=example,dc=com
scope = subtree
deref = never
# Below two are required by command 'doveadm mailbox ...'
iterate_attrs = userPrincipalName=user
iterate_filter = (&(userPrincipalName=*)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
user_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs = userPassword=password
@ -288,17 +308,28 @@ user_attrs = =home=/var/vmail/vmail1/%Ld/%Ln/,=mail=maildir:~/Maildir/
Restart dovecot service to make it work.
__Note__: we don't have per-user quota limit here, you can set a hard-coded
quota for all users in `/etc/dovecot/dovecot.conf`. For example:
!!! attention
```
plugin {
[... omit other settings here ...]
We don't have per-user quota limit here, you can set a hard-coded
quota for all users in `/etc/dovecot/dovecot.conf`. For example:
# Format: integer number + M/G/T (M -> MB, G -> GB, T -> TB).
quota_rule = *:storage=1G
}
```
```
plugin {
[... omit other settings here ...]
# Format: integer number + M/G/T (M -> MB, G -> GB, T -> TB).
quota_rule = *:storage=1G
}
```
Or, you can modify the `user_attrs =` line to get per-user quota from a
LDAP attribute in AD. For example, query per-user quota limit from
attribute `postOfficeBox` which contain an integer number and treated as
number of gigabytes:
```
user_attrs = =home=/var/vmail/vmail1/%Ld/%Ln/,=mail=maildir:~/Maildir/,postOfficeBox=quota_rule=*:storage=%{ldap:postOfficeBox}G
```
Now use command `telnet` to verify AD query after restarted Dovecot service:
@ -354,20 +385,30 @@ $config['ldap_public']["global_ldap_abook"] = array(
// mapping of contact fields to directory attributes
'fieldmap' => array(
'name' => 'cn',
'surname' => 'sn',
'firstname' => 'givenName',
'title' => 'title',
'email' => 'mail:*',
'phone:work' => 'telephoneNumber',
'phone:mobile' => 'mobile',
'name' => 'cn',
'displayname' => 'displayName',
'surname' => 'sn',
'firstname' => 'givenName',
'jobtitle' => 'title',
'department' => 'department',
'company' => 'company',
'email' => 'mail:*',
'phone:work' => 'telephoneNumber',
'phone:home' => 'homePhone',
'phone:mobile' => 'mobile',
'phone:workfax' => 'facsimileTelephoneNumber',
'street' => 'street',
'zipcode' => 'postalCode',
'locality' => 'l',
'department' => 'departmentNumber',
'notes' => 'description',
'photo' => 'jpegPhoto',
'phone:pager' => 'pager',
'phone:other' => 'ipPhone',
'street:work' => 'streetAddress',
'zipcode:work' => 'postalCode',
'locality:work' => 'l',
'region:work' => 'st',
'country:work' => 'c',
'notes' => 'description',
'photo' => 'jpegPhoto', // Might be 'thumbnailPhoto' for
// compatibility with some other
// Microsoft software
'website' => 'wWWHomePage',
),
'sort' => 'cn',
'scope' => 'sub',
@ -388,6 +429,95 @@ $config['ldap_public']["global_ldap_abook"] = array(
);
```
## Enable Active Directory integration in SOGo Groupware
Edit SOGo config file `/etc/sogo/sogo.conf`, comment out the LDAP address book
setting added by iRedMail, and add new setting for AD like below:
```
SOGoUserSources = (
{
// Used for user authentication
type = ldap;
id = users;
canAuthenticate = YES;
isAddressBook = NO;
displayName = "LDAP Authentication";
hostname = "ldap://ad.example.com:389"; // <- Set to ldaps://ad.example.com:636 for LDAPS.
baseDN = "cn=users,dc=example,dc=com";
bindDN = "vmail";
bindPassword = "password_of_vmail";
filter = "objectClass=person AND userPrincipalName='*' AND (NOT userAccountControl:1.2.840.113556.1.4.803:=2)";
scope = SUB;
// always keep binding to the LDAP server using the DN of the
// currently authenticated user. bindDN and bindPassword are still
// required to find DN of the user.
// Note: with default LDAP acl configured by iRedMail, user doesn't
// have privilege to query o=domains,dc=delmsgs,dc=freeddns,dc=org.
// so this doesn't work.
bindAsCurrentUser = YES;
// The algorithm used for password encryption when changing
// passwords without Password Policies enabled.
// Possible values are: plain, crypt, md5-crypt, ssha, ssha512.
userPasswordAlgorithm = ssha512;
CNFieldName = cn;
IDFieldName = userPrincipalName;
// value of UIDFieldName must be unique on entire server
UIDFieldName = userPrincipalName;
IMAPLoginFieldName = userPrincipalName;
MailFieldNames = (userPrincipalName);
bindFields = (userPrincipalName);
},
{
// Used for global address book
type = ldap;
id = global_addressbook;
canAuthenticate = NO;
isAddressBook = YES;
displayName = "Global Address Book";
bindAsCurrentUser = YES;
// Listing of this LDAP source is only possible when performing a
// search (respecting the SOGoSearchMinimumWordLength parameter)
// or when explicitely typing a single dot.
// Defaults to YES when unset.
//
// WARNING: if you have many accounts in this address book, it may
// reach server-side query size limit, or cause
// performance issue.
listRequiresDot = NO;
// Set to ldaps://ad.example.com:636 for LDAPS.
hostname = "ldap://ad.example.com:389";
baseDN = "cn=users,dc=example,dc=com";
bindDN = "vmail";
bindPassword = "password_of_vmail";
filter = "(objectClass=person OR (objectClass=group AND mail='*')) AND (NOT userAccountControl:1.2.840.113556.1.4.803:=2)";
scope = SUB;
IDFieldName = userPrincipalName;
bindFields = (userPrincipalName);
// value of UID field must be unique on whole server.
UIDFieldName = userPrincipalName;
IMAPLoginFieldName = userPrincipalName;
CNFieldName = cn;
SearchFieldNames = (mail, cn, sAMAccountName, displayName, sn, givenName);
mapping = {
ou = ("department", "ou");
street = ("streetAddress", "street");
mozillaworkurl = ("wWWHomePage", "mozillaworkurl");
description = ("info", "description");
};
}
);
```
## Additions documents
* If your mail domain name is different than Windows Active Directory domain: [https://forum.iredmail.org/topic3165-integration-with-windows-domain.html](https://forum.iredmail.org/topic3165-integration-with-windows-domain.html)

12
en_US/iredmail-easy/8-migrate.to.iredmail.easy.md
View File

@ -157,6 +157,18 @@ files under `/opt/iredmail/custom/<software>/`.
details, please check our
[Best Practice](./iredmail-easy.best.practice.html#postfix) tutorial.
### Amavisd
- Copy DKIM keys from `/var/lib/dkim/` to `/opt/iredmail/custom/amavisd/dkim/`.
- Move all your `dkim_key(...)` parameters from Amavisd config file
(`/etc/amavisd/amavisd.conf` (RHEL/CentOS), or `/etc/amavis/conf.d/50-user`
(Debian/Ubuntu), `/etc/amavisd.conf` (OpenBSD), `/usr/local/etc/amavisd.conf`
(FreeBSD)) to `/opt/iredmail/custom/amavisd/amavisd.conf`.
!!! attention
Please make sure no duplicat keys, otherwise Amavisd can not start.
### SpamAssassin
Split custom settings from `/etc/mail/spamassassin/local.cf` to

56
en_US/upgrade/0-upgrade.ubuntu.18.04-20.04.md Normal file
View File

@ -0,0 +1,56 @@
# Upgrade Ubuntu from 18.04 to 20.04
!!! warning
THIS IS A DRAFT DOCUMENT, DO NOT APPLY IT.
## Packages
Install required Python-2 packages:
```
apt install python2-dev
pip2 install uwsgi web.py==0.51 pycurl netifaces
ln -sf /usr/local/bin/uwsgi /etc/alternatives/uwsgi
echo "SQL_DB_DRIVER = 'pymysql'" >> /opt/iredapd/settings.py
```
If you're running OpenLDAP backend:
```
pip2 install python-ldap==3.2.0
```
## Configurations
* `/etc/php/7.4/fpm/pool.d/www.conf`
```
[inet]
user = www-data
group = www-data
listen = 127.0.0.1:9999
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
; IP addresses must be separated by comma, and no space between comma and ip.
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 200
pm.start_servers = 10
pm.min_spare_servers = 5
pm.max_spare_servers = 10
pm.max_requests = 500
pm.status_path = /php-fpm-status
ping.path = /php-fpm-ping
request_terminate_timeout = 60s
access.log = /var/log/php-fpm/access.log
slowlog = /var/log/php-fpm/slow.log
request_slowlog_timeout = 10s
```

187
html/active.directory.html
View File

@ -31,6 +31,7 @@
</li>
<li><a href="#enable-active-directory-integration-in-dovecot">Enable Active Directory integration in Dovecot</a></li>
<li><a href="#enable-active-directory-integration-in-roundcube-webmail-for-global-ldap-address-book">Enable Active Directory integration in Roundcube webmail for Global LDAP Address Book</a></li>
<li><a href="#enable-active-directory-integration-in-sogo-groupware">Enable Active Directory integration in SOGo Groupware</a></li>
<li><a href="#additions-documents">Additions documents</a></li>
</ul>
</li>
@ -70,9 +71,13 @@
<p>To integrate Microsoft Active Directory with iRedMail, you should have:</p>
<ul>
<li>A working Linux/BSD server with iRedMail (OpenLDAP backend) installed.</li>
<li>A working Microsoft Windows (2000/2003) server, with Active Directory
<li>
<p>A working Microsoft Windows (2000/2003) server, with Active Directory
installed and working properly, listen on port 389 (ldap://) or 636
(ldaps://), and allow LDAP connections from iRedMail server.</li>
(ldaps://), and allow LDAP connections from iRedMail server.</p>
<p>If you need to enable LDAP over SSL, please read
<a href="https://support.microsoft.com/en-us/help/321051/how-to-enable-ldap-over-ssl-with-a-third-party-certification-authority">this tutorial</a>.</p>
</li>
</ul>
<h2 id="install-iredmail">Install iRedMail</h2>
<p>Please follow <a href="./index.html">iRedMail installaion guides</a>
@ -110,15 +115,27 @@ achieve this AD integration by simply modifying some configure files.</p>
<p>With iRedMail (OpenLDAP backend), we have a low-privileged account
<code>cn=vmail,dc=xxx,dc=xxx</code> with read-only privilege. And we suggest you create a
same account <code>vmail</code> in AD, with strong and complex password.</p>
<p><strong>NOTE</strong>: <a href="https://forum.iredmail.org/post8630.html#p8630">Dovecot will treat characters as comment after a inline <code>#</code>, so
please just don't use <code>#</code> in password</a></p>
<p>Please make sure this newly created user is able to connect to AD server with
<p><strong>NOTES</strong>:</p>
<ul>
<li>Dovecot treats characters as comment after a inline <code>#</code>, please don't use
<code>#</code> in password.</li>
<li>Seems Windows Server 2019 doesn't like user id without domain part by
default, please create the <code>vmail</code> user with your domain name instead. for
example, <code>vmail@domain.com</code> (replace <code>domain.com</code> by your real domain name).</li>
</ul>
<p>Make sure this newly created user is able to connect to AD server with
below command on iRedMail server:</p>
<pre><code class="shell"># ldapsearch -x -h ad.example.com -D 'vmail' -W -b 'cn=users,dc=example,dc=com'
Enter password: password_of_vmail
</code></pre>
<p>If it prints all users stored in AD server, then it's working as expected.</p>
<p>If you're using LDAPS, replace <code>-h ad.example.com</code> by
<code>-H ldaps://ad.example.com:636</code> instead:</p>
<pre><code class="shell"># ldapsearch -x -H ldaps://ad.example.com:636 -D 'vmail' -W -b 'cn=users,dc=example,dc=com'
Enter password: password_of_vmail
</code></pre>
<h3 id="enable-ldap-query-with-ad-in-postfix">Enable LDAP query with AD in Postfix</h3>
<p>Disable unused iRedMail special settings:</p>
<pre><code class="shell">postconf -e virtual_alias_maps=''
@ -163,7 +180,7 @@ postconf -e virtual_mailbox_domains='example.com'
<pre><code>example.com dovecot
</code></pre>
<p><strong>Note</strong>: <code>dovecot</code> used here is a Postfix transport defined in
<p><strong>Note</strong>: the name <code>dovecot</code> used here is a Postfix transport defined in
<code>/etc/postfix/master.cf</code>, used to deliver received emails to local user mailboxes.</p>
<p>Run <code>postmap</code> so that postfix can read it:</p>
<pre><code># postmap hash:/etc/postfix/transport
@ -204,9 +221,8 @@ result_format = %d/%u/Maildir/
debuglevel = 0
</code></pre>
<p><strong>Note</strong>: Here, we hard-code user's mailbox path in
<code>[domain]/[username]/Maildir/</code> format (<code>result_format</code> parameter). for example:
<code>example.com/postmaster/Maildir/</code>.</p>
<p><strong>Note</strong>: We hard-code user's mailbox path in <code>result_format =</code> parameter, it
will be something like <code>example.com/username/Maildir/</code>.</p>
<ul>
<li>Create file: <code>/etc/postfix/ad_virtual_group_maps.cf</code>:</li>
</ul>
@ -226,7 +242,7 @@ result_attribute= userPrincipalName
debuglevel = 0
</code></pre>
<p><strong>Note</strong>:</p>
<p><strong>Notes</strong>:</p>
<ul>
<li>If your user have email address in both <code>mail</code> and <code>userPrincipalName</code>, you
will get duplicate result. Comment out <code>leaf_result_attribute</code> line will fix it.</li>
@ -287,6 +303,11 @@ dnpass = passwd_of_vmail
base = cn=users,dc=example,dc=com
scope = subtree
deref = never
# Below two are required by command 'doveadm mailbox ...'
iterate_attrs = userPrincipalName=user
iterate_filter = (&amp;(userPrincipalName=*)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
user_filter = (&amp;(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_filter = (&amp;(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs = userPassword=password
@ -295,16 +316,24 @@ user_attrs = =home=/var/vmail/vmail1/%Ld/%Ln/,=mail=maildir:~/Maildir/
</code></pre>
<p>Restart dovecot service to make it work.</p>
<p><strong>Note</strong>: we don't have per-user quota limit here, you can set a hard-coded
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>We don't have per-user quota limit here, you can set a hard-coded
quota for all users in <code>/etc/dovecot/dovecot.conf</code>. For example:</p>
<pre><code>plugin {
[... omit other settings here ...]
# Format: integer number + M/G/T (M -&gt; MB, G -&gt; GB, T -&gt; TB).
quota_rule = *:storage=1G
}
<p>```
plugin {
[... omit other settings here ...]</p>
<pre><code># Format: integer number + M/G/T (M -&gt; MB, G -&gt; GB, T -&gt; TB).
quota_rule = *:storage=1G
</code></pre>
<p>}
```</p>
<p>Or, you can modify the <code>user_attrs =</code> line to get per-user quota from a
LDAP attribute in AD. For example, query per-user quota limit from
attribute <code>postOfficeBox</code> which contain an integer number and treated as
number of gigabytes:</p>
<p><code>user_attrs = =home=/var/vmail/vmail1/%Ld/%Ln/,=mail=maildir:~/Maildir/,postOfficeBox=quota_rule=*:storage=%{ldap:postOfficeBox}G</code></p>
</div>
<p>Now use command <code>telnet</code> to verify AD query after restarted Dovecot service:</p>
<pre><code># telnet localhost 143 # &lt;- Type this
* OK [...] Dovecot ready.
@ -354,20 +383,30 @@ $config['ldap_public'][&quot;global_ldap_abook&quot;] = array(
// mapping of contact fields to directory attributes
'fieldmap' =&gt; array(
'name' =&gt; 'cn',
'surname' =&gt; 'sn',
'firstname' =&gt; 'givenName',
'title' =&gt; 'title',
'email' =&gt; 'mail:*',
'phone:work' =&gt; 'telephoneNumber',
'phone:mobile' =&gt; 'mobile',
'name' =&gt; 'cn',
'displayname' =&gt; 'displayName',
'surname' =&gt; 'sn',
'firstname' =&gt; 'givenName',
'jobtitle' =&gt; 'title',
'department' =&gt; 'department',
'company' =&gt; 'company',
'email' =&gt; 'mail:*',
'phone:work' =&gt; 'telephoneNumber',
'phone:home' =&gt; 'homePhone',
'phone:mobile' =&gt; 'mobile',
'phone:workfax' =&gt; 'facsimileTelephoneNumber',
'street' =&gt; 'street',
'zipcode' =&gt; 'postalCode',
'locality' =&gt; 'l',
'department' =&gt; 'departmentNumber',
'notes' =&gt; 'description',
'photo' =&gt; 'jpegPhoto',
'phone:pager' =&gt; 'pager',
'phone:other' =&gt; 'ipPhone',
'street:work' =&gt; 'streetAddress',
'zipcode:work' =&gt; 'postalCode',
'locality:work' =&gt; 'l',
'region:work' =&gt; 'st',
'country:work' =&gt; 'c',
'notes' =&gt; 'description',
'photo' =&gt; 'jpegPhoto', // Might be 'thumbnailPhoto' for
// compatibility with some other
// Microsoft software
'website' =&gt; 'wWWHomePage',
),
'sort' =&gt; 'cn',
'scope' =&gt; 'sub',
@ -388,6 +427,92 @@ $config['ldap_public'][&quot;global_ldap_abook&quot;] = array(
);
</code></pre>
<h2 id="enable-active-directory-integration-in-sogo-groupware">Enable Active Directory integration in SOGo Groupware</h2>
<p>Edit SOGo config file <code>/etc/sogo/sogo.conf</code>, comment out the LDAP address book
setting added by iRedMail, and add new setting for AD like below:</p>
<pre><code> SOGoUserSources = (
{
// Used for user authentication
type = ldap;
id = users;
canAuthenticate = YES;
isAddressBook = NO;
displayName = &quot;LDAP Authentication&quot;;
hostname = &quot;ldap://ad.example.com:389&quot;; // &lt;- Set to ldaps://ad.example.com:636 for LDAPS.
baseDN = &quot;cn=users,dc=example,dc=com&quot;;
bindDN = &quot;vmail&quot;;
bindPassword = &quot;password_of_vmail&quot;;
filter = &quot;objectClass=person AND userPrincipalName='*' AND (NOT userAccountControl:1.2.840.113556.1.4.803:=2)&quot;;
scope = SUB;
// always keep binding to the LDAP server using the DN of the
// currently authenticated user. bindDN and bindPassword are still
// required to find DN of the user.
// Note: with default LDAP acl configured by iRedMail, user doesn't
// have privilege to query o=domains,dc=delmsgs,dc=freeddns,dc=org.
// so this doesn't work.
bindAsCurrentUser = YES;
// The algorithm used for password encryption when changing
// passwords without Password Policies enabled.
// Possible values are: plain, crypt, md5-crypt, ssha, ssha512.
userPasswordAlgorithm = ssha512;
CNFieldName = cn;
IDFieldName = userPrincipalName;
// value of UIDFieldName must be unique on entire server
UIDFieldName = userPrincipalName;
IMAPLoginFieldName = userPrincipalName;
MailFieldNames = (userPrincipalName);
bindFields = (userPrincipalName);
},
{
// Used for global address book
type = ldap;
id = global_addressbook;
canAuthenticate = NO;
isAddressBook = YES;
displayName = &quot;Global Address Book&quot;;
bindAsCurrentUser = YES;
// Listing of this LDAP source is only possible when performing a
// search (respecting the SOGoSearchMinimumWordLength parameter)
// or when explicitely typing a single dot.
// Defaults to YES when unset.
//
// WARNING: if you have many accounts in this address book, it may
// reach server-side query size limit, or cause
// performance issue.
listRequiresDot = NO;
// Set to ldaps://ad.example.com:636 for LDAPS.
hostname = &quot;ldap://ad.example.com:389&quot;;
baseDN = &quot;cn=users,dc=example,dc=com&quot;;
bindDN = &quot;vmail&quot;;
bindPassword = &quot;password_of_vmail&quot;;
filter = &quot;(objectClass=person OR (objectClass=group AND mail='*')) AND (NOT userAccountControl:1.2.840.113556.1.4.803:=2)&quot;;
scope = SUB;
IDFieldName = userPrincipalName;
bindFields = (userPrincipalName);
// value of UID field must be unique on whole server.
UIDFieldName = userPrincipalName;
IMAPLoginFieldName = userPrincipalName;
CNFieldName = cn;
SearchFieldNames = (mail, cn, sAMAccountName, displayName, sn, givenName);
mapping = {
ou = (&quot;department&quot;, &quot;ou&quot;);
street = (&quot;streetAddress&quot;, &quot;street&quot;);
mozillaworkurl = (&quot;wWWHomePage&quot;, &quot;mozillaworkurl&quot;);
description = (&quot;info&quot;, &quot;description&quot;);
};
}
);
</code></pre>
<h2 id="additions-documents">Additions documents</h2>
<ul>
<li>If your mail domain name is different than Windows Active Directory domain: <a href="https://forum.iredmail.org/topic3165-integration-with-windows-domain.html">https://forum.iredmail.org/topic3165-integration-with-windows-domain.html</a></li>

15
html/migrate.to.iredmail.easy.html
View File

@ -27,6 +27,7 @@
<li><a href="#copy-files-to-new-locations">Copy files to new locations</a></li>
<li><a href="#split-custom-settings">Split custom settings</a><ul>
<li><a href="#postfix">Postfix</a></li>
<li><a href="#amavisd">Amavisd</a></li>
<li><a href="#spamassassin">SpamAssassin</a></li>
<li><a href="#roundcube-webmail">Roundcube Webmail</a></li>
<li><a href="#iredapd">iRedAPD</a></li>
@ -296,6 +297,20 @@ details, please check our
<a href="./iredmail-easy.best.practice.html#postfix">Best Practice</a> tutorial.</p>
</li>
</ul>
<h3 id="amavisd">Amavisd</h3>
<ul>
<li>Copy DKIM keys from <code>/var/lib/dkim/</code> to <code>/opt/iredmail/custom/amavisd/dkim/</code>.</li>
<li>
<p>Move all your <code>dkim_key(...)</code> parameters from Amavisd config file
(<code>/etc/amavisd/amavisd.conf</code> (RHEL/CentOS), or <code>/etc/amavis/conf.d/50-user</code>
(Debian/Ubuntu), <code>/etc/amavisd.conf</code> (OpenBSD), <code>/usr/local/etc/amavisd.conf</code>
(FreeBSD)) to <code>/opt/iredmail/custom/amavisd/amavisd.conf</code>.</p>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>Please make sure no duplicat keys, otherwise Amavisd can not start.</p>
</div>
</li>
</ul>
<h3 id="spamassassin">SpamAssassin</h3>
<p>Split custom settings from <code>/etc/mail/spamassassin/local.cf</code> to
<code>/opt/iredmail/custom/spamassassin/custom.cf</code>.</p>

78
html/upgrade.ubuntu.18.04-20.04.html Normal file
View File

@ -0,0 +1,78 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Upgrade Ubuntu from 18.04 to 20.04</title>
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
</head>
<body>
<div id="navigation">
<a href="https://www.iredmail.org" target="_blank">
<img alt="iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>&nbsp;
<span>iRedMail</span>
</a>
&nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="upgrade-ubuntu-from-1804-to-2004">Upgrade Ubuntu from 18.04 to 20.04</h1>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>THIS IS A DRAFT DOCUMENT, DO NOT APPLY IT.</p>
</div>
<h2 id="packages">Packages</h2>
<p>Install required Python-2 packages:</p>
<pre><code>apt install python2-dev
pip2 install uwsgi web.py==0.51 pycurl netifaces
ln -sf /usr/local/bin/uwsgi /etc/alternatives/uwsgi
echo &quot;SQL_DB_DRIVER = 'pymysql'&quot; &gt;&gt; /opt/iredapd/settings.py
</code></pre>
<p>If you're running OpenLDAP backend:</p>
<pre><code>pip2 install python-ldap==3.2.0
</code></pre>
<h2 id="configurations">Configurations</h2>
<ul>
<li><code>/etc/php/7.4/fpm/pool.d/www.conf</code></li>
</ul>
<pre><code>[inet]
user = www-data
group = www-data
listen = 127.0.0.1:9999
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
; IP addresses must be separated by comma, and no space between comma and ip.
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 200
pm.start_servers = 10
pm.min_spare_servers = 5
pm.max_spare_servers = 10
pm.max_requests = 500
pm.status_path = /php-fpm-status
ping.path = /php-fpm-ping
request_terminate_timeout = 60s
access.log = /var/log/php-fpm/access.log
slowlog = /var/log/php-fpm/slow.log
request_slowlog_timeout = 10s
</code></pre><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div>
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-3293801-21"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-3293801-21');
</script>
</body></html>