LDAP notes

User creation

Create the user using ldapuseradd ldapadduser <username> <groupname>

export ICONVCHAR=utf8
ldapadduser web1_alarm web1

The command hangs after adding the user -> stop using CTRL-C

ldapsetpasswd web1_alarm

In ldap.thinkthinkdo.com:
Wenn das ein Mail-User ist: -> das Attribut Email hinzufügen
homeDirectory auf /var/www/<web>/user/<username> setzen.

Per ssh mit dem user anmelden (dabei werden vom pam module pam_mkhomedir.so unter Verwendung von skel=/var/www/web1/user/skel/ als Vorlage ein home-directory in homeDirectory angelegt)
Procmail-files für ttdmin vorbereiten:

/root/bin/migrate_procmail.sh -u=<user> -h=<home_directory> -e=<email-address>
z.B.:
/root/bin/migrate_procmail.sh -u=web1_alarm -h=/var/www/web1/user/web1_alarm -e=alarm@thinkthinkdo.com

Falls sich der user nicht per ssh anmelden können soll -> in ldap.thinkthinkdo.com loginShell auf /bin/false setzen.

Autoresponder, LDAP, postfix, gnarwl

Use information stored in LDAP for autoresponder messages.

This is using a specific LDAP schema ttdmin.schema (see attachements).

LDAP

The user has to belong to to ObjectClass TTDMinAccount.

The following attributes are relevant for the vation autoresponder:

accountActive (flag if the account is active - has to be true)
delete (flag for deletion - has to be FALSE
mailAutoreply (the mail address that is used to answer incomming mail - has to be set)
vacationActive (flag if the autoresponder is active - has to be TRUE if vacation should be activated)
vacationInfo (text in utf-8 encoding that is used to respond)

gnarwl

installed from the clone of gnawrl at ​https://github.com/guhl/gnarwl

Config at /etc/gnarwl.cfg

map_sender $sender
map_receiver $recepient
map_subject $subject
map_field $begin vacationStart
map_field $end vacationEnd
map_field $fullname cn
map_field $deputy vacationForward
map_field $reply mail
server localhost
port 389
scope sub
login cn=Manager,dc=thinkthinkdo,dc=com
password totally_secret
protocol 0
base ou=People,dc=thinkthinkdo,dc=com
queryfilter (&(mailAutoreply=$recepient)(vacationActive=TRUE))
result vacationInfo
blockfiles /var/lib/gnarwl/block/
umask 0644
blockexpire 48
mta /usr/sbin/sendmail -F $recepient -t $sender
maxreceivers 64
maxheader 512
charset utf-8
badheaders /var/lib/gnarwl/badheaders.db
blacklist /var/lib/gnarwl/blacklist.db
forceheader /var/lib/gnarwl/header.txt
forcefooter /var/lib/gnarwl/footer.txt
recvheader To Cc
loglevel 3

postfix

The principle here is: All messages are BCCed to a gnarwl transport based on an LDAP query if vacation is active. This is done by adding this to /etc/postfix/main.cf

recipient_bcc_maps =
        ldap:/etc/postfix/ldap_vacation.cf

in /etc/postfix/ldap_vacation.cf

server_host = ldap://localhost
search_base = ou=People,dc=thinkthinkdo,dc=com
version = 3
bind = yes
start_tls = no
bind_dn = cn=Manager,dc=thinkthinkdo,dc=com
bind_pw = totally_secret
search_base = ou=People,dc=thinkthinkdo,dc=com
scope = sub
query_filter = (&(&(objectClass=TTDMinAccount)(mail=%s))(vacationActive=TRUE)(accountActive=TRUE)(delete=FALSE))
result_attribute = mailAutoreply
result_format = %s,%s@autoreply.thinkthinkdo.com
expansion_limit = 1

This basically adds the @autoreply.thinkthinkdo.com to the mail-addressed that is defined to be used for autoresponding and later used in transport.

This transport is defined in /etc/postfix/transport - add:

autoreply.thinkthinkdo.com      gnarwl:

after adding this use postmap /etc/postfix/transport to convert this to the db format.

In /etc/postfix/main.cf this transport is added by adding the line:

transport_maps = hash:/etc/postfix/transport

gnawrl itself is added to /etc/postfix/master.cf by adding this:

gnarwl    unix  -       n       n       -	-	pipe
         flags=F  user=gnarwl argv=/usr/bin/gnarwl -a ${user} -s ${sender}

if gnarl should parse the message header for the sender then use this in /etc/postfix/master.cf

gnarwl    unix  -       n       n       -	-	pipe
         flags=F  user=gnarwl argv=/usr/bin/gnarwl -a ${user}

afterwards restart postfix.