== LDAP notes == === User creation === Create the user using ldapuseradd ldapadduser {{{ export ICONVCHAR=utf8 ldapadduser web1_alarm web1 }}} The command hangs after adding the user -> stop using CTRL-C {{{ ldapsetpasswd web1_alarm }}} In ldap.thinkthinkdo.com:[[BR]] Wenn das ein Mail-User ist: -> Objectclass TTDMinAccount zuordnen und das Attribut Email hinzufügen[[BR]] homeDirectory auf /var/www//user/ setzen. Per ssh mit dem user anmelden (dabei werden vom pam module pam_mkhomedir.so unter Verwendung von skel=/var/www/web1/user/skel/ als Vorlage ein home-directory in homeDirectory angelegt)[[BR]] Procmail-files für ttdmin vorbereiten: {{{ /root/bin/migrate_procmail.sh -u= -h= -e= z.B.: /root/bin/migrate_procmail.sh -u=web1_alarm -h=/var/www/web1/user/web1_alarm -e=alarm@thinkthinkdo.com }}} Falls sich der user nicht per ssh anmelden können soll -> in ldap.thinkthinkdo.com loginShell auf /bin/false setzen. === Autoresponder, LDAP, postfix, gnarwl === Use information stored in LDAP for autoresponder messages. This is using a specific LDAP schema ttdmin.schema (see attachements). ==== LDAP ==== The user has to belong to to ObjectClass TTDMinAccount. The following attributes are relevant for the vation autoresponder: {{{ accountActive (flag if the account is active - has to be true) delete (flag for deletion - has to be FALSE mailAutoreply (the mail address that is used to answer incomming mail - has to be set) vacationActive (flag if the autoresponder is active - has to be TRUE if vacation should be activated) vacationInfo (text in utf-8 encoding that is used to respond) }}} ==== gnarwl ==== installed from the clone of gnawrl at https://github.com/guhl/gnarwl Config at /etc/gnarwl.cfg {{{ map_sender $sender map_receiver $recepient map_subject $subject map_field $begin vacationStart map_field $end vacationEnd map_field $fullname cn map_field $deputy vacationForward map_field $reply mail server localhost port 389 scope sub login cn=Manager,dc=thinkthinkdo,dc=com password totally_secret protocol 0 base ou=People,dc=thinkthinkdo,dc=com queryfilter (&(mailAutoreply=$recepient)(vacationActive=TRUE)) result vacationInfo blockfiles /var/lib/gnarwl/block/ umask 0644 blockexpire 48 mta /usr/sbin/sendmail -F $recepient -t $sender maxreceivers 64 maxheader 512 charset utf-8 badheaders /var/lib/gnarwl/badheaders.db blacklist /var/lib/gnarwl/blacklist.db forceheader /var/lib/gnarwl/header.txt forcefooter /var/lib/gnarwl/footer.txt recvheader To Cc loglevel 3 }}} /etc/gnarwl.cfg should only be readable by the user that runs gnarwl (see /etc/postfix/master.cf below) {{{ chown gnarwl:gnarwl /etc/gnarwl.cfg chmod 600 /etc/gnarwl.cfg }}} ==== postfix ==== The principle here is: All messages are BCCed to a gnarwl transport based on an LDAP query if vacation is active. This is done by adding this to /etc/postfix/main.cf {{{ recipient_bcc_maps = ldap:/etc/postfix/ldap_vacation.cf }}} in /etc/postfix/ldap_vacation.cf {{{ server_host = ldap://localhost search_base = ou=People,dc=thinkthinkdo,dc=com version = 3 bind = yes start_tls = no bind_dn = cn=Manager,dc=thinkthinkdo,dc=com bind_pw = totally_secret search_base = ou=People,dc=thinkthinkdo,dc=com scope = sub query_filter = (&(&(objectClass=TTDMinAccount)(mail=%s))(vacationActive=TRUE)(accountActive=TRUE)(delete=FALSE)) result_attribute = mailAutoreply result_format = %s,%s@autoreply.thinkthinkdo.com expansion_limit = 1 }}} This basically adds the @autoreply.thinkthinkdo.com to the mail-addressed that is defined to be used for autoresponding and later used in transport. This transport is defined in /etc/postfix/transport - add: {{{ autoreply.thinkthinkdo.com gnarwl: }}} after adding this use {{{ postmap /etc/postfix/transport }}} to convert this to the db format. In /etc/postfix/main.cf this transport is added by adding the line: {{{ transport_maps = hash:/etc/postfix/transport }}} gnawrl itself is added to /etc/postfix/master.cf by adding this: {{{ gnarwl unix - n n - - pipe flags=F user=gnarwl argv=/usr/bin/gnarwl -a ${user} -s ${sender} }}} if gnarwl should parse the message header for the sender then use this in /etc/postfix/master.cf {{{ gnarwl unix - n n - - pipe flags=F user=gnarwl argv=/usr/bin/gnarwl -a ${user} }}} afterwards restart postfix.