1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-10-25 18:00:54 +00:00
Go to file
2020-06-10 22:37:46 -04:00
conf Merge branch 'master' into ldap 2020-05-29 17:11:39 -04:00
management Use sha1 hash of maildrop instead of a generated UUID 2020-06-09 20:24:46 -04:00
setup Revert: still get host not found from postfix (type=A vs type=AAAA) for PRIMARY_HOSTNAME 2020-06-10 22:37:24 -04:00
tests Dump nsswitch 2020-06-10 12:18:10 -04:00
tools Better return codes after errors in the setup scripts (#1741) 2020-04-11 14:18:44 -04:00
.editorconfig Use correct setting for .editorconfig indent_style (#1670) 2019-11-03 13:31:29 -05:00
.gitignore adding a fully qualified domain name for the hostname and ignoring the .vagrant dir (#1027) 2016-12-20 16:32:06 -05:00
.travis.yml Output more host information post-setup 2020-06-10 22:37:46 -04:00
CHANGELOG.md MTA-STS tweaks, add status check using postfix-mta-sts-resolver, change to enforce 2020-05-29 15:36:52 -04:00
CODE_OF_CONDUCT.md some improvements suggested by the community 2016-08-15 20:09:05 -04:00
CONTRIBUTING.md Add some development instructions to CONTRIBUTING.md (#1348) 2018-02-05 08:41:19 -05:00
LICENSE add CC0 1.0 Universal in LICENSE 2014-04-23 15:49:23 -04:00
README.md Minor wording changes 2020-06-06 11:17:42 -04:00
security.md MTA-STS tweaks, add status check using postfix-mta-sts-resolver, change to enforce 2020-05-29 15:36:52 -04:00
Vagrantfile minimal changeset to get things working on 18.04 2018-10-03 13:00:06 -04:00

Build Status

Mail-in-a-Box LDAP

This is a version of Mail-in-a-Box with LDAP used as the user account database instead of sqlite.

All features are supported - you won't find many visible differences. It's only an under-the-hood change.

However it will allow a remote Nextcloud installation to authenticate users against Mail-in-a-Box using Nextcloud's official LDAP support. A single user account database shared with Nextcloud was originally the goal of the project which would simplify deploying a private mail and cloud service for a home or small business. But, there could be many other use cases as well.

To add a new account to Nextcloud, you'd simply add a new email account with MiaB-LDAP's admin interface. Quotas and other account settings are made within Nextcloud.

How to connect a remote Nextcloud

To fully integrate Mail-in-a-Box w/LDAP (MiaB-LDAP) with Nextcloud, changes must be made on both sides.

  1. MiaB-LDAP
  • Remote LDAPS access: the default MiaB-LDAP installation doesn't allow any remote LDAP access, so for Nextcloud to access MiaB-LDAP, firewall rules must be loosened to the LDAPS port (636). This is a one-time change. Run something like this as root on MiaB-LDAP, where $ip is the ip-address of your Nextcloud server: ufw allow proto tcp from $ip to any port ldaps
  • Roundcube and Z-Push (ActiveSync) changes: modify the MiaB-LDAP configuration to use the remote Nextcloud for contacts and calendar. A script to do this automatically will be available soon.
  1. Remote Nextcloud
  • Use MiaB-LDAP for user acccounts: on Nextcloud, enable user-ldap (in Apps, enable "LDAP user and group backend". Then in Settings click on "LDAP / AD integration". There are quite a few settings to make in there and more information on this will be forthcoming, including a script that will use the user-ldap API to configure the LDAP parameters in Nextcloud for you.

Details

Once installed, you will find all LDAP service account credentials in /home/user-data/ldap/miab_ldap.conf, such as those for Nextcloud. Service accounts have limited rights to make changes and should be preferred over the use of the LDAP admin account.

See conf/postfix.schema for more details on the LDAP schema.

LDAP server access logs are stored in /var/log/ldap/slapd.log and rotated daily.

To perform general command-line searches against your LDAP database, run setup/ldap -search "\<query\>" as root, where query can be a distinguished name to show all attributes of that dn, or an LDAP search enclosed in parenthesis. Some examples:

  • setup/ldap.sh -search "(mail=alice@mydomain.com)" (show alice)
  • setup/ldap.sh -search "(|(mail=alice.*)(mail=bruce.*))" (show all alices and bruces)
  • setup/ldap.sh -search "(objectClass=mailuser)" (show all users)
  • etc.

This is a convenient way to run ldapsearch having all the correct command line arguments.

Caution: do not make direct LDAP database changes, such as adding users or groups using ldapmodify or other LDAP database tool. Instead, use the MiaB admin interface or REST API. Adding or removing a user or group with the admin interface may trigger additional database and system changes by the management daemon, such as updating DNS zones for new email domains, updating group memberships, etc, that would not be performed with a direct change.

Migration

Running any of the setup scripts to install MiaB-LDAP (miab, setup/bootstrap.sh, setup/start.sh, etc) will automatically migrate your current installation from sqlite to LDAP. Make a full MiaB backup before running!