benno_mailarchiv
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
benno_mailarchiv [2018/08/13 09:00] – angelegt matthias | benno_mailarchiv [2019/11/25 18:33] (aktuell) – matthias | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
====== benno Mailarchiv ====== | ====== benno Mailarchiv ====== | ||
- | Siehe: | ||
- | https:// | + | =====Integration in die Univention Managemnt Console (Web UI)===== |
+ | https:// | ||
- | https:// | ||
+ | Vereinfacht die etwas komplizierte Aktion wie hier beschrieben [[https:// | ||
- | Schema: | ||
- | < | + | =====benno auf eigenem Server===== |
- | ## Attribute (1.3.6.1.4.1.30259.1.2.1) | + | Für den Betrieb eines vom Kopan-Server getrennten Benno-Servers ist eine manuelle Anpassung der Postfix-Configuration auf dem Kopano-Server nötig: |
- | # global attributes | + | ucr set mail/ |
- | attributetype ( 1.3.6.1.4.1.30259.1.2.1.1 NAME ' | + | ucr set mail/ |
- | DESC 'Benno Container the user has access to' | + | |
- | | + | ucr set mail/ |
- | | + | ucr set mail/ |
+ | |||
+ | ucr commit / | ||
+ | systemctl restart postfix | ||
- | # user attributes | + | Auf dem Benno Server muss die Datei / |
- | attributetype ( 1.3.6.1.4.1.30259.1.2.1.2 NAME ' | + | |
- | DESC ' | + | |
- | EQUALITY caseIgnoreIA5Match | + | |
- | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) | + | |
- | attributetype ( 1.3.6.1.4.1.30259.1.2.1.3 NAME ' | + | SOCKET auskommentieren oder löschen: |
- | DESC 'Role of the user: [USER|ADMIN|REVISOR]' | + | # |
- | | + | Einfügen: |
- | | + | |
+ | | ||
- | ## Objektklassen (1.3.6.1.4.1.30259.1.2.2) | + | :!: benno-milter unterstützt kein IPv6 :!: |
- | objectclass ( 1.3.6.1.4.1.30259.1.1.2.2 NAME ' | + | ===== LDAP Authentisierung ===== |
- | DESC ' | + | / |
- | | + | < |
- | </ | + | # |
+ | # LDAP Authentication configuration file | ||
+ | # | ||
+ | # This file must be readable by the user of the web server | ||
+ | # | ||
- | Schema anlegen: | + | # LDAP host |
+ | # | ||
+ | # < | ||
+ | # | ||
+ | # Univention UCS + Samba4: < | ||
+ | # | ||
+ | host = ucs.domain.lan: | ||
- | < | ||
- | export UNIVENTION_APP_IDENTIFIER=" | ||
- | . / | ||
- | ucs_registerLDAPExtension --schema / | ||
- | </ | ||
- | Syntax File: | + | # LDAP base dn |
+ | # | ||
+ | # Base dn of the ldap directory, the bind dn will be determined by a search | ||
+ | # | ||
+ | # request the user uid | ||
+ | # | ||
+ | basedn = dc=domain, | ||
- | <code benno.py> | ||
- | from univention.admin.syntax import select | ||
+ | # User id attribute | ||
+ | # | ||
+ | # The attribute which holds the user id for authentication | ||
+ | # | ||
+ | # Windows AD: userattr = sAMAccountName | ||
+ | #userattr = uid | ||
- | class bennoRole(select): | + | # user rdn |
+ | # | ||
+ | # Authentication will be performed as: $userattr=USERLOGIN, | ||
+ | # | ||
+ | # If disabled, a LDAP search operation will be performed to detect the user dn | ||
+ | usersuffix = cn=users, | ||
- | choices = [ | ||
- | (' | ||
- | (' | ||
- | (' | ||
- | ] | ||
- | </ | ||
- | GUI-Attribute anlegen: | ||
- | < | ||
- | eval " | ||
- | univention-directory-manager settings/ | + | # User objectclas |
- | --position=" | + | # |
- | --set name=" | + | # Objectclass of user object |
- | --set CLIName=" | + | # |
- | --set shortDescription="benno Container auf den der Benuzter Zugriff hat" \ | + | # Windows AD: objectclass |
- | --set module=users/ | + | objectclass |
- | --set module=groups/ | + | |
- | --set objectClass=" | + | |
- | --set ldapMapping=" | + | |
- | --set tabName=" | + | |
- | --set mayChange=1 \ | + | |
- | --set multivalue=1 \ | + | |
- | --set syntax=string | + | |
- | univention-directory-manager settings/ | + | # Encrypt LDAP connection with TLS if set to "true" |
- | --position=" | + | tls = true |
- | --set name="bennoEmailAddress" | + | |
- | --set CLIName=" | + | |
- | --set shortDescription=" | + | |
- | --set module=users/ | + | |
- | --set module=groups/ | + | |
- | --set objectClass=" | + | |
- | --set ldapMapping=" | + | |
- | --set tabName=" | + | |
- | --set mayChange=1 \ | + | |
- | --set multivalue=1 \ | + | |
- | --set syntax=string | + | |
+ | # DN to bind for search requests | ||
+ | # | ||
+ | # Dn of an user with permissions to search at the ldap tree. | ||
+ | # Enable if anonymous search is not permitted! | ||
+ | # | ||
+ | # Windows AD: binddn = < | ||
+ | #binddn = | ||
- | univention-directory-manager settings/ | + | # Password of the admin user |
- | --position=" | + | # |
- | --set name=" | + | # |
- | --set CLIName=" | + | |
- | --set shortDescription=" | + | |
- | --set module=users/ | + | |
- | --set module=groups/ | + | |
- | --set objectClass=" | + | |
- | --set ldapMapping=" | + | |
- | --set tabName=" | + | |
- | --set mayChange=1 \ | + | |
- | --set multivalue=0 \ | + | |
- | --set syntax=bennoRole | + | |
- | ucs_registerLDAPExtension | + | ## User is allowed to access his own email adresses and |
+ | ## addtional adresses | ||
+ | |||
+ | # Email address attribute | ||
+ | # Univention UCS: mailPrimaryAddress | ||
+ | email = mailPrimaryAddress | ||
+ | |||
+ | # Email alias attribute | ||
+ | # Windows AD: proxyAddress | proxyAddresses | ||
+ | # Univention UCS: mailAlternativeAddress | ||
+ | alias = mailAlternativeAddress, | ||
+ | |||
+ | # Allow access to additional email addresses | ||
+ | addemail = bennoEmailAddress | ||
+ | |||
+ | |||
+ | # Benno role attribute | ||
+ | role = bennoRole | ||
+ | |||
+ | # Benno container name attribute | ||
+ | container = bennoContainer | ||
+ | |||
+ | # Default container (if containerattr not set in LDAP) | ||
+ | default_container = BennoContainer | ||
+ | |||
+ | # Username who will always assigned the admin role | ||
+ | adminuser = Administrator | ||
+ | |||
+ | |||
+ | # remove domain from username during authentication if set to " | ||
+ | # | ||
</ | </ | ||
+ | |||
+ | LDAP-Modul aktivieren: | ||
+ | |||
+ | cd / | ||
+ | ln -s / | ||
+ | |||
+ | Die Datei / | ||
+ | |||
+ | EXTERNAL_AUTH = / | ||
+ | |||
+ | ===== Mailadressen ausschliessen und Kopano ===== | ||
+ | |||
+ | Für das Filtern von Mails in Benno sind nur die Evnelope-Adressen sinnvolles Ziel. Postfix kann X-Original-To Headere einfügen. Per Default ist das aber mit Kopano am UCS nicht so. Dazu müssen folgende Anpassungen vorgenommen werden: | ||
+ | |||
+ | / | ||
+ | kopano unix - | ||
+ | |||
+ | / | ||
+ | kopano_destination_recipient_limit = 1 | ||
+ | |||
+ | Aktivieren: | ||
+ | ucr set mail/ | ||
+ | ucr commit / | ||
+ | systemctl restart postfix | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | Dann noch auf dem Benno Server der Datei / | ||
+ | |||
+ | < | ||
+ | |||
+ | =====Kopano Plugin installieren===== | ||
+ | |||
+ | echo "deb https:// | ||
+ | wget -O - https:// | ||
+ | apt update | ||
+ | apt install benno-kopano-webapp-plugin | ||
+ |
benno_mailarchiv.1534150842.txt.gz · Zuletzt geändert: 2018/08/13 09:00 von matthias