Guía para la implementación de servicios integrados a Samba4 como Active Directory Domain Controller (AD DC) en Debian 9/10 – Parte 8

Instalación y configuración de Postfix/Dovecot Mail Server e integración con Samba AD DC.

Instalación de paquetes necesarios

export DEBIAN_FRONTEND=noninteractive
apt install postfix-pcre postfix-ldap dovecot-core dovecot-ldap dovecot-pop3d dovecot-imapd dovecot-lmtpd ldap-utils mailutils
unset DEBIAN_FRONTEND

export DEBIAN_FRONTEND=noninteractive

apt install postfix-pcre postfix-ldap dovecot-core dovecot-ldap dovecot-pop3d dovecot-imapd dovecot-lmtpd ldap-utils mailutils

unset DEBIAN_FRONTEND

Configuración del sistema

Crear grupo y usuario locales para el almacén de buzones vmail.

groupadd -g 5000 vmail
useradd -m -g 5000 -u 5000 -d /var/vmail -s /usr/sbin/nologin -c "Virtual Mailbox Storage" vmail

groupadd -g 5000 vmail

useradd -m -g 5000 -u 5000 -d /var/vmail -s /usr/sbin/nologin -c "Virtual Mailbox Storage" vmail

Crear certificado de seguridad TLS/SSL.

Para Debian 9 Stretch.

openssl req -x509 -nodes -days 3650 -sha512 \
    -subj "/C=CU/ST=Provincia/L=Ciudad/O=EXAMPLE TLD/OU=IT/CN=mail.example.tld/emailAddress=postmaster@example.tld/" \
    -reqexts SAN -extensions SAN \-config &lt;(cat /etc/ssl/openssl.cnf \
        &lt;(printf "\n[SAN]\nsubjectAltName=DNS:smtp.example.tld,\
        DNS:pop3.example.tld,DNS:imap.example.tld,\
        DNS:webmail.example.tld,IP:192.168.0.4")) \
    -newkey rsa:4096 \
    -out /etc/ssl/certs/exampleMail.crt \
    -keyout /etc/ssl/private/exampleMail.key

openssl req -x509 -nodes -days 3650 -sha512 \

-subj "/C=CU/ST=Provincia/L=Ciudad/O=EXAMPLE TLD/OU=IT/CN=mail.example.tld/[email protected]/" \

-reqexts SAN -extensions SAN \-config <(cat /etc/ssl/openssl.cnf \

<(printf "\n[SAN]\nsubjectAltName=DNS:smtp.example.tld,\

DNS:pop3.example.tld,DNS:imap.example.tld,\

DNS:webmail.example.tld,IP:192.168.0.4")) \

-newkey rsa:4096 \

-out /etc/ssl/certs/exampleMail.crt \

-keyout /etc/ssl/private/exampleMail.key

Para Debian 10 Buster.

openssl req -x509 -nodes -days 3650 -sha512 \
    -subj "/C=CU/ST=Provincia/L=Ciudad/O=EXAMPLE TLD/OU=IT/CN=mail.example.tld/emailAddress=postmaster@example.tld/" \
    -addext "subjectAltName = DNS:smtp.example.tld,\
        DNS:pop3.example.tld,DNS:imap.example.tld,\
        DNS:webmail.example.tld,IP:192.168.0.4" \
    -newkey rsa:4096 \
    -out /etc/ssl/certs/exampleMail.crt \
    -keyout /etc/ssl/private/exampleMail.key

openssl dhparam -out /etc/ssl/dh2048.pem 2048
chmod 0444 /etc/ssl/certs/exampleMail.crt
chmod 0400 /etc/ssl/private/exampleMail.key

openssl req -x509 -nodes -days 3650 -sha512 \

-subj "/C=CU/ST=Provincia/L=Ciudad/O=EXAMPLE TLD/OU=IT/CN=mail.example.tld/[email protected]/" \

-addext "subjectAltName = DNS:smtp.example.tld,\

DNS:pop3.example.tld,DNS:imap.example.tld,\

DNS:webmail.example.tld,IP:192.168.0.4" \

-newkey rsa:4096 \

-out /etc/ssl/certs/exampleMail.crt \

-keyout /etc/ssl/private/exampleMail.key

openssl dhparam -out /etc/ssl/dh2048.pem 2048

chmod 0444 /etc/ssl/certs/exampleMail.crt

chmod 0400 /etc/ssl/private/exampleMail.key

Comprobar correcta creación del certificado.

openssl x509 -in /etc/ssl/certs/exampleMail.crt -text -noout

1 2	openssl x509 -in /etc/ssl/certs/exampleMail.crt -text -noout

Integración con Samba AD DC

Crear nueva Cuenta de Usuario del Dominio para el servicio postfix.

samba-tool user create 'postfix' 'P@s$w0rd.345' \
    --surname='Dovecot Roundcube' \
    --given-name='Postfix' \
    --company='EXAMPLE' \
    --description='Mail Service Account'

samba-tool user create 'postfix' '[email protected]$w0rd.345' \

--surname='Dovecot Roundcube' \

--given-name='Postfix' \

--company='EXAMPLE' \

--description='Mail Service Account'

Evitar que la cuenta expire.

samba-tool user setexpiry postfix --noexpiry

1 2	samba-tool user setexpiry postfix --noexpiry

Crear registros DNS.

samba-tool dns add localhost example.tld mail A '192.168.0.4' -U 'administrator'%'P@s$w0rd.123'
samba-tool dns add localhost 0.168.192.in-addr.arpa 4 PTR 'mail.example.tld.' -U 'administrator'%'P@s$w0rd.123'
samba-tool dns add localhost example.tld @ MX 'mail.example.tld 10' -U 'administrator'%'P@s$w0rd.123'
samba-tool dns add localhost example.tld @ TXT "'v=spf1 a:example.tld mx -all'" -U 'administrator'%'P@s$w0rd.123'
samba-tool dns add localhost example.tld smtp CNAME 'mail.example.tld' -U 'administrator'%'P@s$w0rd.123'
samba-tool dns add localhost example.tld pop3 CNAME 'mail.example.tld' -U 'administrator'%'P@s$w0rd.123'
samba-tool dns add localhost example.tld imap CNAME 'mail.example.tld' -U 'administrator'%'P@s$w0rd.123'
samba-tool dns add localhost example.tld webmail CNAME 'mail.example.tld' -U 'administrator'%'P@s$w0rd.123'

samba-tool dns add localhost example.tld mail A '192.168.0.4' -U 'administrator'%'[email protected]$w0rd.123'

samba-tool dns add localhost 0.168.192.in-addr.arpa 4 PTR 'mail.example.tld.' -U 'administrator'%'[email protected]$w0rd.123'

samba-tool dns add localhost example.tld @ MX 'mail.example.tld 10' -U 'administrator'%'[email protected]$w0rd.123'

samba-tool dns add localhost example.tld @ TXT "'v=spf1 a:example.tld mx -all'" -U 'administrator'%'[email protected]$w0rd.123'

samba-tool dns add localhost example.tld smtp CNAME 'mail.example.tld' -U 'administrator'%'[email protected]$w0rd.123'

samba-tool dns add localhost example.tld pop3 CNAME 'mail.example.tld' -U 'administrator'%'[email protected]$w0rd.123'

samba-tool dns add localhost example.tld imap CNAME 'mail.example.tld' -U 'administrator'%'[email protected]$w0rd.123'

samba-tool dns add localhost example.tld webmail CNAME 'mail.example.tld' -U 'administrator'%'[email protected]$w0rd.123'

Crear nueva Unidad Organizativa Email para grupos de correo electrónico, perteneciente a ACME.

samba-tool ou create 'OU=Email,OU=ACME,DC=example,DC=tld' --description='Email Groups Organizational Unit'

1 2	samba-tool ou create 'OU=Email,OU=ACME,DC=example,DC=tld' --description='Email Groups Organizational Unit'

Crear Grupos de Usuarios de correo electrónico.

samba-tool group add Everyone --groupou='OU=Email,OU=ACME' --description='All Users Email Group' --mail='everyone@example.tld'

samba-tool group add Management --groupou='OU=Email,OU=ACME' --description='Management Email Group' --mail='management@example.tld'

samba-tool group add Support --groupou='OU=Email,OU=ACME' --description='Technical Support Email Group' --mail='support@example.tld'

samba-tool group add Everyone --groupou='OU=Email,OU=ACME' --description='All Users Email Group' --mail='[email protected]'

samba-tool group add Management --groupou='OU=Email,OU=ACME' --description='Management Email Group' --mail='[email protected]'

samba-tool group add Support --groupou='OU=Email,OU=ACME' --description='Technical Support Email Group' --mail='[email protected]'

Añadir usuarios a los grupos creados.

samba-tool group addmembers ‘Everyone’ sheldon,leonard,rajesh
samba-tool group addmembers ‘Management’ sheldon
samba-tool group addmembers ‘Support’ rajesh,sheldon

Configuración de Postfix

Realizar copia de seguridad de los ficheros de configuración.

cp /etc/postfix/main.cf{,.org}
cp /etc/postfix/master.cf{,.org}

cp /etc/postfix/main.cf{,.org}

cp /etc/postfix/master.cf{,.org}

Declarar dominio de correo a gestionar.

postconf -e "mydomain = example.tld"
postconf -e "smtpd_sasl_local_domain = example.tld"
postconf -e "virtual_mailbox_domains = example.tld"

postconf -e "mydomain = example.tld"

postconf -e "smtpd_sasl_local_domain = example.tld"

postconf -e "virtual_mailbox_domains = example.tld"

Definir transporte virtual del dominio de correo.

postconf -e "virtual_transport = lmtp:unix:private/dovecot-lmtp"

1 2	postconf -e "virtual_transport = lmtp:unix:private/dovecot-lmtp"

Definir usuarios virtuales de correo electrónico.

postconf -e "smtpd_sender_login_maps = proxy:ldap:/etc/postfix/virtual_sender_login_maps.cf"

1 2	postconf -e "smtpd_sender_login_maps = proxy:ldap:/etc/postfix/virtual_sender_login_maps.cf"

nano /etc/postfix/virtual_sender_login_maps.cf

server_host = dc.example.tld
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = postfix@example.tld
bind_pw = P@s$w0rd.345
search_base = OU=ACME,DC=example,DC=tld
scope = sub
query_filter = (&(objectClass=person)(userPrincipalName=%s)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
result_attribute = userPrincipalName
debuglevel = 0

server_host = dc.example.tld

server_port = 389

version = 3

bind = yes

start_tls = no

bind_dn = postfix@example.tld

bind_pw = P@s$w0rd.345

search_base = OU=ACME,DC=example,DC=tld

scope = sub

query_filter = (&(objectClass=person)(userPrincipalName=%s)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

result_attribute = userPrincipalName

debuglevel = 0

Definir buzón almacén de correo electrónico.

postconf -e "always_bcc = archive@example.tld"

1 2	postconf -e "always_bcc = [email protected]"

Definir buzones virtuales de correo electrónico.

postconf -e "virtual_minimum_uid = 5000"
postconf -e "virtual_uid_maps = static:5000"
postconf -e "virtual_gid_maps = static:5000"
postconf -e "virtual_mailbox_base = /var/vmail"
postconf -e "virtual_mailbox_maps = proxy:ldap:/etc/postfix/virtual_mailbox_maps.cf"

postconf -e "virtual_minimum_uid = 5000"

postconf -e "virtual_uid_maps = static:5000"

postconf -e "virtual_gid_maps = static:5000"

postconf -e "virtual_mailbox_base = /var/vmail"

postconf -e "virtual_mailbox_maps = proxy:ldap:/etc/postfix/virtual_mailbox_maps.cf"

nano /etc/postfix/virtual_mailbox_maps.cf

server_host = dc.example.tld
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = postfix@example.tld
bind_pw = P@s$w0rd.345
search_base = OU=ACME,DC=example,DC=tld
scope = sub
query_filter = (&(objectClass=person)(userPrincipalName=%s)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
result_attribute = userPrincipalName
result_format = %d/%u/Maildir/
debuglevel = 0

server_host = dc.example.tld

server_port = 389

version = 3

bind = yes

start_tls = no

bind_dn = postfix@example.tld

bind_pw = P@s$w0rd.345

search_base = OU=ACME,DC=example,DC=tld

scope = sub

query_filter = (&(objectClass=person)(userPrincipalName=%s)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

result_attribute = userPrincipalName

result_format = %d/%u/Maildir/

debuglevel = 0

Definir listas y aliases virtuales de correo electrónico.

postconf -e "virtual_alias_maps = proxy:ldap:/etc/postfix/virtual_list_maps.cf, proxy:ldap:/etc/postfix/virtual_alias_maps.cf"

1 2	postconf -e "virtual_alias_maps = proxy:ldap:/etc/postfix/virtual_list_maps.cf, proxy:ldap:/etc/postfix/virtual_alias_maps.cf"

nano /etc/postfix/virtual_list_maps.cf

server_host = dc.example.tld
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = postfix@example.tld
bind_pw = P@s$w0rd.345
search_base = OU=ACME,DC=example,DC=tld
scope = sub
query_filter = (&(objectClass=person)(memberOf=cn=%u,OU=Email,OU=ACME,DC=example,DC=tld)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
result_attribute = userPrincipalName
debuglevel = 0

server_host = dc.example.tld

server_port = 389

version = 3

bind = yes

start_tls = no

bind_dn = postfix@example.tld

bind_pw = P@s$w0rd.345

search_base = OU=ACME,DC=example,DC=tld

scope = sub

query_filter = (&(objectClass=person)(memberOf=cn=%u,OU=Email,OU=ACME,DC=example,DC=tld)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

result_attribute = userPrincipalName

debuglevel = 0

nano /etc/postfix/virtual_alias_maps.cf

server_host = dc.example.tld
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = postfix@example.tld
bind_pw = P@s$w0rd.345
search_base = OU=ACME,DC=example,DC=tld
scope = sub
query_filter = (&(objectClass=person)(otherMailbox=%s)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
result_attribute = userPrincipalName
debuglevel = 0

server_host = dc.example.tld

server_port = 389

version = 3

bind = yes

start_tls = no

bind_dn = postfix@example.tld

bind_pw = P@s$w0rd.345

search_base = OU=ACME,DC=example,DC=tld

scope = sub

query_filter = (&(objectClass=person)(otherMailbox=%s)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

result_attribute = userPrincipalName

debuglevel = 0

NOTA: El atributo otherMailbox puede editarse utilizando el comando samba-tool user edit ; o mediante las herramientas administrativas GUI RSAT o Apache Directory Studio.

Habilitar puerto seguro TCP\587 Submission y establecer comunicación con dovecot.

nano /etc/postfix/master.cf

submission inet n - y - 10 smtpd
    -o syslog_name=postfix/submission
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_tls_cert_file=/etc/ssl/certs/exampleMail.crt
    -o smtpd_tls_key_file=/etc/ssl/private/exampleMail.key
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
dovecot unix - n n - - pipe
    flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -d ${recipient}

submission inet n - y - 10 smtpd

-o syslog_name=postfix/submission

-o smtpd_tls_security_level=encrypt

-o smtpd_sasl_auth_enable=yes

-o smtpd_tls_cert_file=/etc/ssl/certs/exampleMail.crt

-o smtpd_tls_key_file=/etc/ssl/private/exampleMail.key

-o smtpd_client_restrictions=permit_sasl_authenticated,reject

dovecot unix - n n - - pipe

flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -d ${recipient}

Comprobaciones

postmap -q leonard@example.tld ldap:/etc/postfix/virtual_sender_login_maps.cf
postmap -q rajesh@example.tld ldap:/etc/postfix/virtual_mailbox_maps.cf
postmap -q everyone@example.tld ldap:/etc/postfix/virtual_list_maps.cf
postmap -q postmaster@example.tld ldap:/etc/postfix/virtual_alias_maps.cf

postmap -q leonard@example.tld ldap:/etc/postfix/virtual_sender_login_maps.cf

postmap -q rajesh@example.tld ldap:/etc/postfix/virtual_mailbox_maps.cf

postmap -q everyone@example.tld ldap:/etc/postfix/virtual_list_maps.cf

postmap -q postmaster@example.tld ldap:/etc/postfix/virtual_alias_maps.cf

Reiniciar el servicio.

systemctl restart postfix.service

1 2	systemctl restart postfix.service

Configuración del servicio Dovecot

Realizar salva de seguridad del fichero de configuración principal.

cp /etc/dovecot/dovecot.conf{,.org}

1 2	cp /etc/dovecot/dovecot.conf{,.org}

Crear script de alerta de sobreuso de cuota y asignar permiso de ejecución.

nano /usr/local/bin/quota-warning

#!/bin/bash

PERCENT=${1}
USER=${2}
DOMAIN=${USER#*@}

cat &lt;&lt; EOT | /usr/lib/dovecot/dovecot-lda -d ${USER} -o "plugin/quota=maildir:User quota:noenforcing"
From: no-reply@${DOMAIN}
Subject: ALERTA: USO DE CUOTA SUPERIOR AL ${PERCENT}%

ESTIMADO(A) USUARIO(A),

SU BUZON DE CORREO ACTUALMENTE OCUPA MAS DEL ${PERCENT}% DE LA CUOTA
ASIGNADA. BORRE ALGUNOS CORREOS VIEJOS PARA PODER SEGUIR RECIBIENDO
EMAILS.

MENSAJE AUTOMATIZADO DEL SISTEMA
EOT

exit 0

chmod +x /usr/local/bin/quota-warning

#!/bin/bash

PERCENT=${1}

USER=${2}

DOMAIN=${USER#*@}

cat << EOT | /usr/lib/dovecot/dovecot-lda -d ${USER} -o "plugin/quota=maildir:User quota:noenforcing"

From: no-reply@${DOMAIN}

Subject: ALERTA: USO DE CUOTA SUPERIOR AL ${PERCENT}%

ESTIMADO(A) USUARIO(A),

SU BUZON DE CORREO ACTUALMENTE OCUPA MAS DEL ${PERCENT}% DE LA CUOTA

ASIGNADA. BORRE ALGUNOS CORREOS VIEJOS PARA PODER SEGUIR RECIBIENDO

EMAILS.

MENSAJE AUTOMATIZADO DEL SISTEMA

EOT

exit 0

chmod +x /usr/local/bin/quota-warning

Integración con Samba AD DC

nano /etc/dovecot/dovecot.conf

userdb {
    args = /etc/dovecot/dovecot-ldap.conf
    driver = ldap
}
passdb {
    args = /etc/dovecot/dovecot-ldap.conf
    driver = ldap
}

userdb {

args = /etc/dovecot/dovecot-ldap.conf

driver = ldap

}

passdb {

args = /etc/dovecot/dovecot-ldap.conf

driver = ldap

}

nano /etc/dovecot/dovecot-ldap.conf

hosts = dc.example.tld:389
auth_bind = yes
ldap_version = 3
dn = postfix@example.tld
dnpass = P@s$w0rd.345
base = OU=ACME,DC=example,DC=tld
deref = never
scope = subtree
user_filter = (&(objectClass=person)(userPrincipalName=%u)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
user_attrs = maxStorage=quota_rule=*:bytes=%$
pass_filter = (&(objectClass=person)(userPrincipalName=%u)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs = userPassword=password
default_pass_scheme = CRYPT

hosts = dc.example.tld:389

auth_bind = yes

ldap_version = 3

dn = postfix@example.tld

dnpass = P@s$w0rd.345

base = OU=ACME,DC=example,DC=tld

deref = never

scope = subtree

user_filter = (&(objectClass=person)(userPrincipalName=%u)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

user_attrs = maxStorage=quota_rule=*:bytes=%$

pass_filter = (&(objectClass=person)(userPrincipalName=%u)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

pass_attrs = userPassword=password

default_pass_scheme = CRYPT

NOTA: El atributo maxStorage puede editarse utilizando el comando samba-tool user edit ; o mediante las herramientas administrativas GUI RSAT o Apache Directory Studio.

Reiniciar el servicio.

systemctl restart dovecot.service

1 2	systemctl restart dovecot.service

Instalación y configuración del servicio Webmail

Descomprimir el paquete de instalación de Rouncubemail en el sistema y asignar permisos.

tar -xzmf roundcubemail-*-complete.tar.gz -C /opt/
mv /opt/roundcubemail-* /opt/roundcube
ln -s /opt/roundcube/bin/{cleandb,gc}.sh /etc/cron.daily/
chown -R root:www-data /opt/roundcube/
find /opt/roundcube/ -type d \-exec chmod 0755 {} \;
find /opt/roundcube/ -type f \-exec chmod 0644 {} \;
chmod 0770 /opt/roundcube/{logs,temp}

tar -xzmf roundcubemail-*-complete.tar.gz -C /opt/

mv /opt/roundcubemail-* /opt/roundcube

ln -s /opt/roundcube/bin/{cleandb,gc}.sh /etc/cron.daily/

chown -R root:www-data /opt/roundcube/

find /opt/roundcube/ -type d \-exec chmod 0755 {} \;

find /opt/roundcube/ -type f \-exec chmod 0644 {} \;

chmod 0770 /opt/roundcube/{logs,temp}

Instalar gestor de base de datos PostgreSQL.

apt install postgresql

1	apt install postgresql

Crear base de datos para Roundcubemail.

su - postgres
psql
\password postgres
CREATE DATABASE roundcubemail WITH TEMPLATE template0 ENCODING 'UNICODE';
\q

su - postgres

psql

\password postgres

CREATE DATABASE roundcubemail WITH TEMPLATE template0 ENCODING 'UNICODE';

Inicializar la base de datos.

psql -h localhost -U postgres -W -f /opt/roundcube/SQL/postgres.initial.sql roundcubemail

1	psql -h localhost -U postgres -W -f /opt/roundcube/SQL/postgres.initial.sql roundcubemail

Variante Nginx

Instalación de paquetes necesarios.

apt install nginx-full php-fpm php-pear php-mbstring php-intl php-ldap php-gd php-imagick php-pgsql

1	apt install nginx-full php-fpm php-pear php-mbstring php-intl php-ldap php-gd php-imagick php-pgsql

Definir zona horaria.

sed -i "s/^;date\.timezone =.*$/date\.timezone = 'America\/Havana'/;
        s/^;cgi\.fix_pathinfo=.*$/cgi\.fix_pathinfo = 0/" \
        /etc/php/7*/fpm/php.ini

sed -i "s/^;date\.timezone =.*$/date\.timezone = 'America\/Havana'/;

s/^;cgi\.fix_pathinfo=.*$/cgi\.fix_pathinfo = 0/" \

/etc/php/7*/fpm/php.ini

Habilitar el servicio.

nano /etc/nginx/sites-available/roundcube
ln -s /etc/nginx/sites-available/roundcube /etc/nginx/sites-enabled/

1 2	nano /etc/nginx/sites-available/roundcube ln -s /etc/nginx/sites-available/roundcube /etc/nginx/sites-enabled/

Variante Apache

Instalación de paquetes necesarios.

apt install apache2 libapache2-mod-php php-pear php-mbstring php-intl php-ldap php-gd php-imagick php-pgsql

1	apt install apache2 libapache2-mod-php php-pear php-mbstring php-intl php-ldap php-gd php-imagick php-pgsql

Definir zona horaria.

sed -i "s/^;date\.timezone =.*$/date\.timezone = 'America\/Havana'/;
        s/^;cgi\.fix_pathinfo=.*$/cgi\.fix_pathinfo = 0/" \
        /etc/php/7*/apache2/php.ini

sed -i "s/^;date\.timezone =.*$/date\.timezone = 'America\/Havana'/;

s/^;cgi\.fix_pathinfo=.*$/cgi\.fix_pathinfo = 0/" \

/etc/php/7*/apache2/php.ini

Habilitar el servicio.

nano /etc/apache2/sites-available/roundcube.conf
a2ensite roundcube.conf

1 2	nano /etc/apache2/sites-available/roundcube.conf a2ensite roundcube.conf

Integración con Samba AD DC

nano /opt/roundcube/config/config.inc.php

// Samba AD DC Address Book
$config['autocomplete_addressbooks'] = array(
    'sql',
    'global_ldap_abook'
);
$config['ldap_public']["global_ldap_abook"] = array(
    'name'              => 'Mailboxes',
    'hosts'             => array('dc.example.tld'),
    'port'              => 389,
    'use_tls'           => false,
    'ldap_version'      => '3',
    'network_timeout'   => 10,
    'user_specific'     => false,
    'base_dn'           => 'OU=ACME,DC=example,DC=tld',
    'bind_dn'           => 'postfix@example.tld',
    'bind_pass'         => 'P@s$w0rd.345',
    'writable'          => false,
    'search_fields' => array(
        'mail',
        'cn',
        'sAMAccountName',
        'displayName',
        'sn',
        'givenName',
    ),
    'fieldmap' => array(
        'name'          => 'cn',
        'surname'       => 'sn',
        'firstname'     => 'givenName',
        'title'         => 'title',
        'email'         => 'mail:*',
        'phone:work'    => 'telephoneNumber',
        'phone:mobile'  => 'mobile',
        'phone:workfax' => 'facsimileTelephoneNumber',
        'street'        => 'street',
        'zipcode'       => 'postalCode',
        'locality'      => 'l',
        'department'    => 'department',
        'notes'         => 'description',
        'photo'         => 'jpegPhoto',
    ),
    'sort'          => 'cn',
    'scope'         => 'sub',
    'filter'        => '(&(|(objectclass=person))(!(mail=archive@example.tld))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))',
    'fuzzy_search'  => true,
    'vlv'           => false,
    'sizelimit'     => '0',
    'timelimit'     => '0',
    'referrals'     => false,
    'group_filters' => array(
        'departments' => array(
            'name'    => 'Lists',
            'scope'   => 'sub',
            'base_dn' => 'OU=Email,OU=ACME,DC=example,DC=tld',
            'filter'  => '(objectClass=group)',
        ),
    ),
);

// Samba AD DC Address Book

$config['autocomplete_addressbooks'] = array(

'sql',

'global_ldap_abook'

);

$config['ldap_public']["global_ldap_abook"] = array(

'name' => 'Mailboxes',

'hosts' => array('dc.example.tld'),

'port' => 389,

'use_tls' => false,

'ldap_version' => '3',

'network_timeout' => 10,

'user_specific' => false,

'base_dn' => 'OU=ACME,DC=example,DC=tld',

'bind_dn' => '[email protected]',

'bind_pass' => '[email protected]$w0rd.345',

'writable' => false,

'search_fields' => array(

'mail',

'cn',

'sAMAccountName',

'displayName',

'sn',

'givenName',

'fieldmap' => array(

'name' => 'cn',

'surname' => 'sn',

'firstname' => 'givenName',

'title' => 'title',

'email' => 'mail:*',

'phone:work' => 'telephoneNumber',

'phone:mobile' => 'mobile',

'phone:workfax' => 'facsimileTelephoneNumber',

'street' => 'street',

'zipcode' => 'postalCode',

'locality' => 'l',

'department' => 'department',

'notes' => 'description',

'photo' => 'jpegPhoto',

'sort' => 'cn',

'scope' => 'sub',

'filter' => '(&(|(objectclass=person))(!([email protected]))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))',

'fuzzy_search' => true,

'vlv' => false,

'sizelimit' => '0',

'timelimit' => '0',

'referrals' => false,

'group_filters' => array(

'departments' => array(

'name' => 'Lists',

'scope' => 'sub',

'base_dn' => 'OU=Email,OU=ACME,DC=example,DC=tld',

'filter' => '(objectClass=group)',

);

Como referencia, debajo se muestra la lista de artículos de esta serie.

Guía para la implementación de servicios integrados a Samba4 como Active Directory Domain Controller (AD DC) en Debian 9/10 – Parte 8

Instalación y configuración de Postfix/Dovecot Mail Server e integración con Samba AD DC.

Instalación de paquetes necesarios

Configuración del sistema

Integración con Samba AD DC

Configuración de Postfix

Comprobaciones

Configuración del servicio Dovecot

Integración con Samba AD DC

Instalación y configuración del servicio Webmail

Variante Nginx

Variante Apache

Integración con Samba AD DC

Relacionado

1 comentario

Dejar una contestacion