Improve active.directory.md.

New: upgrade.ubuntu.18.04-20.04.html (DRAFT).
2020-05-03 10:57:48 +08:00 · 2020-05-03 10:57:48 +08:00 · a76480c70d
parent 8c9980ece2
commit a76480c70d
6 changed files with 477 additions and 61 deletions
--- a/en_US/integrations/active.directory.md
+++ b/en_US/integrations/active.directory.md
@ -39,6 +39,9 @@ To integrate Microsoft Active Directory with iRedMail, you should have:
  installed and working properly, listen on port 389 (ldap://) or 636
  (ldaps://), and allow LDAP connections from iRedMail server.
    If you need to enable LDAP over SSL, please read
    [this tutorial](https://support.microsoft.com/en-us/help/321051/how-to-enable-ldap-over-ssl-with-a-third-party-certification-authority).
 ## Install iRedMail
 Please follow [iRedMail installaion guides](./index.html)
@ -73,10 +76,15 @@ With iRedMail (OpenLDAP backend), we have a low-privileged account
 `cn=vmail,dc=xxx,dc=xxx` with read-only privilege. And we suggest you create a
 same account `vmail` in AD, with strong and complex password.
-__NOTE__: [Dovecot will treat characters as comment after a inline `#`, so
+__NOTES__:
 please just don't use `#` in password](https://forum.iredmail.org/post8630.html#p8630)
-Please make sure this newly created user is able to connect to AD server with
+* Dovecot treats characters as comment after a inline `#`, please don't use
  `#` in password.
 * Seems Windows Server 2019 doesn't like user id without domain part by
  default, please create the `vmail` user with your domain name instead. for
  example, `vmail@domain.com` (replace `domain.com` by your real domain name).
 Make sure this newly created user is able to connect to AD server with
 below command on iRedMail server:
 ```shell
@ -86,6 +94,14 @@ Enter password: password_of_vmail
 If it prints all users stored in AD server, then it's working as expected.
 If you're using LDAPS, replace `-h ad.example.com` by
 `-H ldaps://ad.example.com:636` instead:
 ```shell
 # ldapsearch -x -H ldaps://ad.example.com:636 -D 'vmail' -W -b 'cn=users,dc=example,dc=com'
 Enter password: password_of_vmail
 ```
 ### Enable LDAP query with AD in Postfix
 Disable unused iRedMail special settings:
@ -138,7 +154,7 @@ postconf -e virtual_alias_maps='proxy:ldap:/etc/postfix/ad_virtual_group_maps.cf
 example.com dovecot
 ```
-__Note__: `dovecot` used here is a Postfix transport defined in
+__Note__: the name `dovecot` used here is a Postfix transport defined in
 `/etc/postfix/master.cf`, used to deliver received emails to local user mailboxes.
 Run `postmap` so that postfix can read it:
@ -182,9 +198,8 @@ result_format   = %d/%u/Maildir/
 debuglevel      = 0
 ```
-__Note__: Here, we hard-code user's mailbox path in
+__Note__: We hard-code user's mailbox path in `result_format =` parameter, it
-`[domain]/[username]/Maildir/` format (`result_format` parameter). for example:
+will be something like `example.com/username/Maildir/`.
 `example.com/postmaster/Maildir/`.
 * Create file: `/etc/postfix/ad_virtual_group_maps.cf`:
@ -205,7 +220,7 @@ result_attribute= userPrincipalName
 debuglevel      = 0
 ```
-__Note__:
+__Notes__:
 * If your user have email address in both `mail` and `userPrincipalName`, you
  will get duplicate result. Comment out `leaf_result_attribute` line will fix it.
@ -279,6 +294,11 @@ dnpass          = passwd_of_vmail
 base            = cn=users,dc=example,dc=com
 scope           = subtree
 deref           = never
 # Below two are required by command 'doveadm mailbox ...'
 iterate_attrs   = userPrincipalName=user
 iterate_filter  = (&(userPrincipalName=*)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
 user_filter     = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
 pass_filter     = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
 pass_attrs      = userPassword=password
@ -288,17 +308,28 @@ user_attrs      = =home=/var/vmail/vmail1/%Ld/%Ln/,=mail=maildir:~/Maildir/
 Restart dovecot service to make it work.
-__Note__: we don't have per-user quota limit here, you can set a hard-coded
+!!! attention
 quota for all users in `/etc/dovecot/dovecot.conf`. For example:
-```
+    We don't have per-user quota limit here, you can set a hard-coded
-plugin {
+    quota for all users in `/etc/dovecot/dovecot.conf`. For example:
    [... omit other settings here ...]
-    # Format: integer number + M/G/T (M -> MB, G -> GB, T -> TB).
+    ```
-    quota_rule = *:storage=1G
+    plugin {
-}
+        [... omit other settings here ...]
-```
+
        # Format: integer number + M/G/T (M -> MB, G -> GB, T -> TB).
        quota_rule = *:storage=1G
    }
    ```
    Or, you can modify the `user_attrs =` line to get per-user quota from a
    LDAP attribute in AD. For example, query per-user quota limit from
    attribute `postOfficeBox` which contain an integer number and treated as
    number of gigabytes:
    ```
    user_attrs      = =home=/var/vmail/vmail1/%Ld/%Ln/,=mail=maildir:~/Maildir/,postOfficeBox=quota_rule=*:storage=%{ldap:postOfficeBox}G
    ```
 Now use command `telnet` to verify AD query after restarted Dovecot service:
@ -354,20 +385,30 @@ $config['ldap_public']["global_ldap_abook"] = array(
    // mapping of contact fields to directory attributes
    'fieldmap' => array(
-        'name'        => 'cn',
+        'name'          => 'cn',
-        'surname'     => 'sn',
+        'displayname'   => 'displayName',
-        'firstname'   => 'givenName',
+        'surname'       => 'sn',
-        'title'       => 'title',
+        'firstname'     => 'givenName',
-        'email'       => 'mail:*',
+        'jobtitle'      => 'title',
-        'phone:work'  => 'telephoneNumber',
+        'department'    => 'department',
-        'phone:mobile' => 'mobile',
+        'company'       => 'company',
        'email'         => 'mail:*',
        'phone:work'    => 'telephoneNumber',
        'phone:home'    => 'homePhone',
        'phone:mobile'  => 'mobile',
        'phone:workfax' => 'facsimileTelephoneNumber',
-        'street'      => 'street',
+        'phone:pager'   => 'pager',
-        'zipcode'     => 'postalCode',
+        'phone:other'   => 'ipPhone',
-        'locality'    => 'l',
+        'street:work'   => 'streetAddress',
-        'department'  => 'departmentNumber',
+        'zipcode:work'  => 'postalCode',
-        'notes'       => 'description',
+        'locality:work' => 'l',
-        'photo'       => 'jpegPhoto',
+        'region:work'   => 'st',
        'country:work'  => 'c',
        'notes'         => 'description',
        'photo'         => 'jpegPhoto',   // Might be 'thumbnailPhoto' for
                                          // compatibility with some other
                                          // Microsoft software
        'website'       => 'wWWHomePage',
    ),
    'sort'          => 'cn',
    'scope'         => 'sub',
@ -388,6 +429,95 @@ $config['ldap_public']["global_ldap_abook"] = array(
 );
 ```
 ## Enable Active Directory integration in SOGo Groupware
 Edit SOGo config file `/etc/sogo/sogo.conf`, comment out the LDAP address book
 setting added by iRedMail, and add new setting for AD like below:
 ```
    SOGoUserSources = (
        {
            // Used for user authentication
            type = ldap;
            id = users;
            canAuthenticate = YES;
            isAddressBook = NO;
            displayName = "LDAP Authentication";
            hostname = "ldap://ad.example.com:389";   // <- Set to ldaps://ad.example.com:636 for LDAPS.
            baseDN = "cn=users,dc=example,dc=com";
            bindDN = "vmail";
            bindPassword = "password_of_vmail";
            filter = "objectClass=person AND userPrincipalName='*' AND (NOT userAccountControl:1.2.840.113556.1.4.803:=2)";
            scope = SUB;
            // always keep binding to the LDAP server using the DN of the
            // currently authenticated user. bindDN and bindPassword are still
            // required to find DN of the user.
            // Note: with default LDAP acl configured by iRedMail, user doesn't
            //       have privilege to query o=domains,dc=delmsgs,dc=freeddns,dc=org.
            //       so this doesn't work.
            bindAsCurrentUser = YES;
            // The algorithm used for password encryption when changing
            // passwords without Password Policies enabled.
            // Possible values are: plain, crypt, md5-crypt, ssha, ssha512.
            userPasswordAlgorithm = ssha512;
            CNFieldName = cn;
            IDFieldName = userPrincipalName;
            // value of UIDFieldName must be unique on entire server
            UIDFieldName = userPrincipalName;
            IMAPLoginFieldName = userPrincipalName;
            MailFieldNames = (userPrincipalName);
            bindFields = (userPrincipalName);
        },
        {
            // Used for global address book
            type = ldap;
            id = global_addressbook;
            canAuthenticate = NO;
            isAddressBook = YES;
            displayName = "Global Address Book";
            bindAsCurrentUser = YES;
            // Listing of this LDAP source is only possible when performing a
            // search (respecting the SOGoSearchMinimumWordLength parameter)
            // or when explicitely typing a single dot.
            // Defaults to YES when unset.
            //
            // WARNING: if you have many accounts in this address book, it may
            //          reach server-side query size limit, or cause
            //          performance issue.
            listRequiresDot = NO;
           // Set to ldaps://ad.example.com:636 for LDAPS.
            hostname = "ldap://ad.example.com:389";
            baseDN = "cn=users,dc=example,dc=com";
            bindDN = "vmail";
            bindPassword = "password_of_vmail";
            filter = "(objectClass=person OR (objectClass=group AND mail='*')) AND (NOT userAccountControl:1.2.840.113556.1.4.803:=2)";
            scope = SUB;
            IDFieldName = userPrincipalName;
            bindFields = (userPrincipalName);
            // value of UID field must be unique on whole server.
            UIDFieldName = userPrincipalName;
            IMAPLoginFieldName = userPrincipalName;
            CNFieldName = cn;
            SearchFieldNames = (mail, cn, sAMAccountName, displayName, sn, givenName);
            mapping = {
              ou = ("department", "ou");
              street = ("streetAddress", "street");
              mozillaworkurl = ("wWWHomePage", "mozillaworkurl");
              description = ("info", "description");
            };
        }
    );
 ```
 ## Additions documents
 * If your mail domain name is different than Windows Active Directory domain: [https://forum.iredmail.org/topic3165-integration-with-windows-domain.html](https://forum.iredmail.org/topic3165-integration-with-windows-domain.html)
--- a/en_US/iredmail-easy/8-migrate.to.iredmail.easy.md
+++ b/en_US/iredmail-easy/8-migrate.to.iredmail.easy.md
@ -157,6 +157,18 @@ files under `/opt/iredmail/custom/<software>/`.
    details, please check our
    [Best Practice](./iredmail-easy.best.practice.html#postfix) tutorial.
 ### Amavisd
 - Copy DKIM keys from `/var/lib/dkim/` to `/opt/iredmail/custom/amavisd/dkim/`.
 - Move all your `dkim_key(...)` parameters from Amavisd config file
  (`/etc/amavisd/amavisd.conf` (RHEL/CentOS), or `/etc/amavis/conf.d/50-user`
  (Debian/Ubuntu), `/etc/amavisd.conf` (OpenBSD), `/usr/local/etc/amavisd.conf`
  (FreeBSD)) to `/opt/iredmail/custom/amavisd/amavisd.conf`.
    !!! attention
        Please make sure no duplicat keys, otherwise Amavisd can not start.
 ### SpamAssassin
 Split custom settings from `/etc/mail/spamassassin/local.cf` to
--- a/en_US/upgrade/0-upgrade.ubuntu.18.04-20.04.md
+++ b/en_US/upgrade/0-upgrade.ubuntu.18.04-20.04.md
@ -0,0 +1,56 @@
 # Upgrade Ubuntu from 18.04 to 20.04
 !!! warning
    THIS IS A DRAFT DOCUMENT, DO NOT APPLY IT.
 ## Packages
 Install required Python-2 packages:
 ```
 apt install python2-dev
 pip2 install uwsgi web.py==0.51 pycurl netifaces
 ln -sf /usr/local/bin/uwsgi /etc/alternatives/uwsgi
 echo "SQL_DB_DRIVER = 'pymysql'" >> /opt/iredapd/settings.py
 ```
 If you're running OpenLDAP backend:
 ```
 pip2 install python-ldap==3.2.0
 ```
 ## Configurations
 * `/etc/php/7.4/fpm/pool.d/www.conf`
 ```
 [inet]
 user = www-data
 group = www-data
 listen = 127.0.0.1:9999
 listen.owner = www-data
 listen.group = www-data
 listen.mode = 0660
 ; IP addresses must be separated by comma, and no space between comma and ip.
 listen.allowed_clients = 127.0.0.1
 pm = dynamic
 pm.max_children = 200
 pm.start_servers = 10
 pm.min_spare_servers = 5
 pm.max_spare_servers = 10
 pm.max_requests = 500
 pm.status_path = /php-fpm-status
 ping.path = /php-fpm-ping
 request_terminate_timeout = 60s
 access.log = /var/log/php-fpm/access.log
 slowlog = /var/log/php-fpm/slow.log
 request_slowlog_timeout = 10s
 ```
--- a/html/active.directory.html
+++ b/html/active.directory.html
@ -31,6 +31,7 @@
 </li>
 <li><a href="#enable-active-directory-integration-in-dovecot">Enable Active Directory integration in Dovecot</a></li>
 <li><a href="#enable-active-directory-integration-in-roundcube-webmail-for-global-ldap-address-book">Enable Active Directory integration in Roundcube webmail for Global LDAP Address Book</a></li>
 <li><a href="#enable-active-directory-integration-in-sogo-groupware">Enable Active Directory integration in SOGo Groupware</a></li>
 <li><a href="#additions-documents">Additions documents</a></li>
 </ul>
 </li>
@ -70,9 +71,13 @@
 <p>To integrate Microsoft Active Directory with iRedMail, you should have:</p>
 <ul>
 <li>A working Linux/BSD server with iRedMail (OpenLDAP backend) installed.</li>
-<li>A working Microsoft Windows (2000/2003) server, with Active Directory
+<li>
 <p>A working Microsoft Windows (2000/2003) server, with Active Directory
  installed and working properly, listen on port 389 (ldap://) or 636
-  (ldaps://), and allow LDAP connections from iRedMail server.</li>
+  (ldaps://), and allow LDAP connections from iRedMail server.</p>
 <p>If you need to enable LDAP over SSL, please read
 <a href="https://support.microsoft.com/en-us/help/321051/how-to-enable-ldap-over-ssl-with-a-third-party-certification-authority">this tutorial</a>.</p>
 </li>
 </ul>
 <h2 id="install-iredmail">Install iRedMail</h2>
 <p>Please follow <a href="./index.html">iRedMail installaion guides</a>
@ -110,15 +115,27 @@ achieve this AD integration by simply modifying some configure files.</p>
 <p>With iRedMail (OpenLDAP backend), we have a low-privileged account
 <code>cn=vmail,dc=xxx,dc=xxx</code> with read-only privilege. And we suggest you create a
 same account <code>vmail</code> in AD, with strong and complex password.</p>
-<p><strong>NOTE</strong>: <a href="https://forum.iredmail.org/post8630.html#p8630">Dovecot will treat characters as comment after a inline <code>#</code>, so
+<p><strong>NOTES</strong>:</p>
-please just don't use <code>#</code> in password</a></p>
+<ul>
-<p>Please make sure this newly created user is able to connect to AD server with
+<li>Dovecot treats characters as comment after a inline <code>#</code>, please don't use
  <code>#</code> in password.</li>
 <li>Seems Windows Server 2019 doesn't like user id without domain part by
  default, please create the <code>vmail</code> user with your domain name instead. for
  example, <code>vmail@domain.com</code> (replace <code>domain.com</code> by your real domain name).</li>
 </ul>
 <p>Make sure this newly created user is able to connect to AD server with
 below command on iRedMail server:</p>
 <pre><code class="shell"># ldapsearch -x -h ad.example.com -D 'vmail' -W -b 'cn=users,dc=example,dc=com'
 Enter password: password_of_vmail
 </code></pre>
 <p>If it prints all users stored in AD server, then it's working as expected.</p>
 <p>If you're using LDAPS, replace <code>-h ad.example.com</code> by
 <code>-H ldaps://ad.example.com:636</code> instead:</p>
 <pre><code class="shell"># ldapsearch -x -H ldaps://ad.example.com:636 -D 'vmail' -W -b 'cn=users,dc=example,dc=com'
 Enter password: password_of_vmail
 </code></pre>
 <h3 id="enable-ldap-query-with-ad-in-postfix">Enable LDAP query with AD in Postfix</h3>
 <p>Disable unused iRedMail special settings:</p>
 <pre><code class="shell">postconf -e virtual_alias_maps=''
@ -163,7 +180,7 @@ postconf -e virtual_mailbox_domains='example.com'
 <pre><code>example.com dovecot
 </code></pre>
-<p><strong>Note</strong>: <code>dovecot</code> used here is a Postfix transport defined in
+<p><strong>Note</strong>: the name <code>dovecot</code> used here is a Postfix transport defined in
 <code>/etc/postfix/master.cf</code>, used to deliver received emails to local user mailboxes.</p>
 <p>Run <code>postmap</code> so that postfix can read it:</p>
 <pre><code># postmap hash:/etc/postfix/transport
@ -204,9 +221,8 @@ result_format   = %d/%u/Maildir/
 debuglevel      = 0
 </code></pre>
-<p><strong>Note</strong>: Here, we hard-code user's mailbox path in
+<p><strong>Note</strong>: We hard-code user's mailbox path in <code>result_format =</code> parameter, it
-<code>[domain]/[username]/Maildir/</code> format (<code>result_format</code> parameter). for example:
+will be something like <code>example.com/username/Maildir/</code>.</p>
 <code>example.com/postmaster/Maildir/</code>.</p>
 <ul>
 <li>Create file: <code>/etc/postfix/ad_virtual_group_maps.cf</code>:</li>
 </ul>
@ -226,7 +242,7 @@ result_attribute= userPrincipalName
 debuglevel      = 0
 </code></pre>
-<p><strong>Note</strong>:</p>
+<p><strong>Notes</strong>:</p>
 <ul>
 <li>If your user have email address in both <code>mail</code> and <code>userPrincipalName</code>, you
  will get duplicate result. Comment out <code>leaf_result_attribute</code> line will fix it.</li>
@ -287,6 +303,11 @@ dnpass          = passwd_of_vmail
 base            = cn=users,dc=example,dc=com
 scope           = subtree
 deref           = never
 # Below two are required by command 'doveadm mailbox ...'
 iterate_attrs   = userPrincipalName=user
 iterate_filter  = (&amp;(userPrincipalName=*)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
 user_filter     = (&amp;(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
 pass_filter     = (&amp;(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
 pass_attrs      = userPassword=password
@ -295,16 +316,24 @@ user_attrs      = =home=/var/vmail/vmail1/%Ld/%Ln/,=mail=maildir:~/Maildir/
 </code></pre>
 <p>Restart dovecot service to make it work.</p>
-<p><strong>Note</strong>: we don't have per-user quota limit here, you can set a hard-coded
+<div class="admonition attention">
 <p class="admonition-title">Attention</p>
 <p>We don't have per-user quota limit here, you can set a hard-coded
 quota for all users in <code>/etc/dovecot/dovecot.conf</code>. For example:</p>
-<pre><code>plugin {
+<p>```
-    [... omit other settings here ...]
+plugin {
-
+    [... omit other settings here ...]</p>
-    # Format: integer number + M/G/T (M -&gt; MB, G -&gt; GB, T -&gt; TB).
+<pre><code># Format: integer number + M/G/T (M -&gt; MB, G -&gt; GB, T -&gt; TB).
-    quota_rule = *:storage=1G
+quota_rule = *:storage=1G
 }
 </code></pre>
-
+<p>}
 ```</p>
 <p>Or, you can modify the <code>user_attrs =</code> line to get per-user quota from a
 LDAP attribute in AD. For example, query per-user quota limit from
 attribute <code>postOfficeBox</code> which contain an integer number and treated as
 number of gigabytes:</p>
 <p><code>user_attrs      = =home=/var/vmail/vmail1/%Ld/%Ln/,=mail=maildir:~/Maildir/,postOfficeBox=quota_rule=*:storage=%{ldap:postOfficeBox}G</code></p>
 </div>
 <p>Now use command <code>telnet</code> to verify AD query after restarted Dovecot service:</p>
 <pre><code># telnet localhost 143                     # &lt;- Type this
 * OK [...] Dovecot ready.
@ -354,20 +383,30 @@ $config['ldap_public'][&quot;global_ldap_abook&quot;] = array(
    // mapping of contact fields to directory attributes
    'fieldmap' =&gt; array(
-        'name'        =&gt; 'cn',
+        'name'          =&gt; 'cn',
-        'surname'     =&gt; 'sn',
+        'displayname'   =&gt; 'displayName',
-        'firstname'   =&gt; 'givenName',
+        'surname'       =&gt; 'sn',
-        'title'       =&gt; 'title',
+        'firstname'     =&gt; 'givenName',
-        'email'       =&gt; 'mail:*',
+        'jobtitle'      =&gt; 'title',
-        'phone:work'  =&gt; 'telephoneNumber',
+        'department'    =&gt; 'department',
-        'phone:mobile' =&gt; 'mobile',
+        'company'       =&gt; 'company',
        'email'         =&gt; 'mail:*',
        'phone:work'    =&gt; 'telephoneNumber',
        'phone:home'    =&gt; 'homePhone',
        'phone:mobile'  =&gt; 'mobile',
        'phone:workfax' =&gt; 'facsimileTelephoneNumber',
-        'street'      =&gt; 'street',
+        'phone:pager'   =&gt; 'pager',
-        'zipcode'     =&gt; 'postalCode',
+        'phone:other'   =&gt; 'ipPhone',
-        'locality'    =&gt; 'l',
+        'street:work'   =&gt; 'streetAddress',
-        'department'  =&gt; 'departmentNumber',
+        'zipcode:work'  =&gt; 'postalCode',
-        'notes'       =&gt; 'description',
+        'locality:work' =&gt; 'l',
-        'photo'       =&gt; 'jpegPhoto',
+        'region:work'   =&gt; 'st',
        'country:work'  =&gt; 'c',
        'notes'         =&gt; 'description',
        'photo'         =&gt; 'jpegPhoto',   // Might be 'thumbnailPhoto' for
                                          // compatibility with some other
                                          // Microsoft software
        'website'       =&gt; 'wWWHomePage',
    ),
    'sort'          =&gt; 'cn',
    'scope'         =&gt; 'sub',
@ -388,6 +427,92 @@ $config['ldap_public'][&quot;global_ldap_abook&quot;] = array(
 );
 </code></pre>
 <h2 id="enable-active-directory-integration-in-sogo-groupware">Enable Active Directory integration in SOGo Groupware</h2>
 <p>Edit SOGo config file <code>/etc/sogo/sogo.conf</code>, comment out the LDAP address book
 setting added by iRedMail, and add new setting for AD like below:</p>
 <pre><code>    SOGoUserSources = (
        {
            // Used for user authentication
            type = ldap;
            id = users;
            canAuthenticate = YES;
            isAddressBook = NO;
            displayName = &quot;LDAP Authentication&quot;;
            hostname = &quot;ldap://ad.example.com:389&quot;;   // &lt;- Set to ldaps://ad.example.com:636 for LDAPS.
            baseDN = &quot;cn=users,dc=example,dc=com&quot;;
            bindDN = &quot;vmail&quot;;
            bindPassword = &quot;password_of_vmail&quot;;
            filter = &quot;objectClass=person AND userPrincipalName='*' AND (NOT userAccountControl:1.2.840.113556.1.4.803:=2)&quot;;
            scope = SUB;
            // always keep binding to the LDAP server using the DN of the
            // currently authenticated user. bindDN and bindPassword are still
            // required to find DN of the user.
            // Note: with default LDAP acl configured by iRedMail, user doesn't
            //       have privilege to query o=domains,dc=delmsgs,dc=freeddns,dc=org.
            //       so this doesn't work.
            bindAsCurrentUser = YES;
            // The algorithm used for password encryption when changing
            // passwords without Password Policies enabled.
            // Possible values are: plain, crypt, md5-crypt, ssha, ssha512.
            userPasswordAlgorithm = ssha512;
            CNFieldName = cn;
            IDFieldName = userPrincipalName;
            // value of UIDFieldName must be unique on entire server
            UIDFieldName = userPrincipalName;
            IMAPLoginFieldName = userPrincipalName;
            MailFieldNames = (userPrincipalName);
            bindFields = (userPrincipalName);
        },
        {
            // Used for global address book
            type = ldap;
            id = global_addressbook;
            canAuthenticate = NO;
            isAddressBook = YES;
            displayName = &quot;Global Address Book&quot;;
            bindAsCurrentUser = YES;
            // Listing of this LDAP source is only possible when performing a
            // search (respecting the SOGoSearchMinimumWordLength parameter)
            // or when explicitely typing a single dot.
            // Defaults to YES when unset.
            //
            // WARNING: if you have many accounts in this address book, it may
            //          reach server-side query size limit, or cause
            //          performance issue.
            listRequiresDot = NO;
           // Set to ldaps://ad.example.com:636 for LDAPS.
            hostname = &quot;ldap://ad.example.com:389&quot;;
            baseDN = &quot;cn=users,dc=example,dc=com&quot;;
            bindDN = &quot;vmail&quot;;
            bindPassword = &quot;password_of_vmail&quot;;
            filter = &quot;(objectClass=person OR (objectClass=group AND mail='*')) AND (NOT userAccountControl:1.2.840.113556.1.4.803:=2)&quot;;
            scope = SUB;
            IDFieldName = userPrincipalName;
            bindFields = (userPrincipalName);
            // value of UID field must be unique on whole server.
            UIDFieldName = userPrincipalName;
            IMAPLoginFieldName = userPrincipalName;
            CNFieldName = cn;
            SearchFieldNames = (mail, cn, sAMAccountName, displayName, sn, givenName);
            mapping = {
              ou = (&quot;department&quot;, &quot;ou&quot;);
              street = (&quot;streetAddress&quot;, &quot;street&quot;);
              mozillaworkurl = (&quot;wWWHomePage&quot;, &quot;mozillaworkurl&quot;);
              description = (&quot;info&quot;, &quot;description&quot;);
            };
        }
    );
 </code></pre>
 <h2 id="additions-documents">Additions documents</h2>
 <ul>
 <li>If your mail domain name is different than Windows Active Directory domain: <a href="https://forum.iredmail.org/topic3165-integration-with-windows-domain.html">https://forum.iredmail.org/topic3165-integration-with-windows-domain.html</a></li>
--- a/html/migrate.to.iredmail.easy.html
+++ b/html/migrate.to.iredmail.easy.html
@ -27,6 +27,7 @@
 <li><a href="#copy-files-to-new-locations">Copy files to new locations</a></li>
 <li><a href="#split-custom-settings">Split custom settings</a><ul>
 <li><a href="#postfix">Postfix</a></li>
 <li><a href="#amavisd">Amavisd</a></li>
 <li><a href="#spamassassin">SpamAssassin</a></li>
 <li><a href="#roundcube-webmail">Roundcube Webmail</a></li>
 <li><a href="#iredapd">iRedAPD</a></li>
@ -296,6 +297,20 @@ details, please check our
 <a href="./iredmail-easy.best.practice.html#postfix">Best Practice</a> tutorial.</p>
 </li>
 </ul>
 <h3 id="amavisd">Amavisd</h3>
 <ul>
 <li>Copy DKIM keys from <code>/var/lib/dkim/</code> to <code>/opt/iredmail/custom/amavisd/dkim/</code>.</li>
 <li>
 <p>Move all your <code>dkim_key(...)</code> parameters from Amavisd config file
  (<code>/etc/amavisd/amavisd.conf</code> (RHEL/CentOS), or <code>/etc/amavis/conf.d/50-user</code>
  (Debian/Ubuntu), <code>/etc/amavisd.conf</code> (OpenBSD), <code>/usr/local/etc/amavisd.conf</code>
  (FreeBSD)) to <code>/opt/iredmail/custom/amavisd/amavisd.conf</code>.</p>
 <div class="admonition attention">
 <p class="admonition-title">Attention</p>
 <p>Please make sure no duplicat keys, otherwise Amavisd can not start.</p>
 </div>
 </li>
 </ul>
 <h3 id="spamassassin">SpamAssassin</h3>
 <p>Split custom settings from <code>/etc/mail/spamassassin/local.cf</code> to
 <code>/opt/iredmail/custom/spamassassin/custom.cf</code>.</p>
--- a/html/upgrade.ubuntu.18.04-20.04.html
+++ b/html/upgrade.ubuntu.18.04-20.04.html
@ -0,0 +1,78 @@
 <!DOCTYPE html>
 <html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Upgrade Ubuntu from 18.04 to 20.04</title>
        <link rel="stylesheet" type="text/css" href="./css/markdown.css" />
    </head>
    <body>
    <div id="navigation">
    <a href="https://www.iredmail.org" target="_blank">
        <img alt="iRedMail web site"
             src="./images/logo-iredmail.png"
             style="vertical-align: middle; height: 30px;"
             />&nbsp;
        <span>iRedMail</span>
    </a>
    &nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="upgrade-ubuntu-from-1804-to-2004">Upgrade Ubuntu from 18.04 to 20.04</h1>
 <div class="admonition warning">
 <p class="admonition-title">Warning</p>
 <p>THIS IS A DRAFT DOCUMENT, DO NOT APPLY IT.</p>
 </div>
 <h2 id="packages">Packages</h2>
 <p>Install required Python-2 packages:</p>
 <pre><code>apt install python2-dev
 pip2 install uwsgi web.py==0.51 pycurl netifaces
 ln -sf /usr/local/bin/uwsgi /etc/alternatives/uwsgi
 echo &quot;SQL_DB_DRIVER = 'pymysql'&quot; &gt;&gt; /opt/iredapd/settings.py
 </code></pre>
 <p>If you're running OpenLDAP backend:</p>
 <pre><code>pip2 install python-ldap==3.2.0
 </code></pre>
 <h2 id="configurations">Configurations</h2>
 <ul>
 <li><code>/etc/php/7.4/fpm/pool.d/www.conf</code></li>
 </ul>
 <pre><code>[inet]
 user = www-data
 group = www-data
 listen = 127.0.0.1:9999
 listen.owner = www-data
 listen.group = www-data
 listen.mode = 0660
 ; IP addresses must be separated by comma, and no space between comma and ip.
 listen.allowed_clients = 127.0.0.1
 pm = dynamic
 pm.max_children = 200
 pm.start_servers = 10
 pm.min_spare_servers = 5
 pm.max_spare_servers = 10
 pm.max_requests = 500
 pm.status_path = /php-fpm-status
 ping.path = /php-fpm-ping
 request_terminate_timeout = 60s
 access.log = /var/log/php-fpm/access.log
 slowlog = /var/log/php-fpm/slow.log
 request_slowlog_timeout = 10s
 </code></pre><div class="footer">
    <p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
 </div>
 <!-- Global site tag (gtag.js) - Google Analytics -->
 <script async src="https://www.googletagmanager.com/gtag/js?id=UA-3293801-21"></script>
 <script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());
  gtag('config', 'UA-3293801-21');
 </script>
 </body></html>