benno_mailarchiv
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung | ||
benno_mailarchiv [2018/08/13 09:10] – matthias | benno_mailarchiv [2019/11/25 18:33] (aktuell) – matthias | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
====== benno Mailarchiv ====== | ====== benno Mailarchiv ====== | ||
- | Siehe: | ||
- | https:// | + | =====Integration in die Univention Managemnt Console (Web UI)===== |
+ | https:// | ||
- | https:// | ||
- | Schema: benno.schema | + | Vereinfacht die etwas komplizierte Aktion wie hier beschrieben [[https://wiki.benno-mailarchiv.de/doku.php/ |
- | < | + | |
- | ## Attribute (1.3.6.1.4.1.30259.1.2.1) | + | |
- | # global attributes | ||
- | attributetype ( 1.3.6.1.4.1.30259.1.2.1.1 NAME ' | ||
- | DESC 'Benno Container the user has access to' | ||
- | EQUALITY caseExactMatch | ||
- | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) | ||
- | # user attributes | + | =====benno auf eigenem Server===== |
- | attributetype ( 1.3.6.1.4.1.30259.1.2.1.2 NAME ' | + | Für den Betrieb eines vom Kopan-Server getrennten Benno-Servers ist eine manuelle Anpassung der Postfix-Configuration auf dem Kopano-Server nötig: |
- | DESC ' | + | |
- | EQUALITY caseIgnoreIA5Match | + | |
- | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) | + | |
- | attributetype ( 1.3.6.1.4.1.30259.1.2.1.3 NAME ' | + | ucr set mail/ |
- | DESC 'Role of the user: [USER|ADMIN|REVISOR]' | + | ucr set mail/ |
- | | + | |
- | | + | ucr set mail/ |
+ | ucr set mail/ | ||
+ | |||
+ | ucr commit / | ||
+ | systemctl restart postfix | ||
- | ## Objektklassen (1.3.6.1.4.1.30259.1.2.2) | + | Auf dem Benno Server muss die Datei / |
- | objectclass ( 1.3.6.1.4.1.30259.1.1.2.2 NAME ' | + | SOCKET auskommentieren oder löschen: |
- | DESC 'Per user configuration data of Benno Mailarchiv' | + | # |
- | | + | Einfügen: |
- | </ | + | |
+ | | ||
- | Schema anlegen: | + | :!: benno-milter unterstützt kein IPv6 :!: |
+ | ===== LDAP Authentisierung ===== | ||
+ | / | ||
< | < | ||
- | export UNIVENTION_APP_IDENTIFIER=" | + | # |
- | . / | + | # LDAP Authentication configuration file |
- | ucs_registerLDAPExtension --schema / | + | # |
- | </ | + | # This file must be readable by the user of the web server |
+ | # | ||
- | Syntaxfile: benno.py | + | # LDAP host |
+ | # | ||
+ | # < | ||
+ | # | ||
+ | # Univention UCS + Samba4: < | ||
+ | # | ||
+ | host = ucs.domain.lan: | ||
- | <code benno.py> | ||
- | from univention.admin.syntax import select | ||
+ | # LDAP base dn | ||
+ | # | ||
+ | # Base dn of the ldap directory, the bind dn will be determined by a search | ||
+ | # | ||
+ | # request the user uid | ||
+ | # | ||
+ | basedn = dc=domain, | ||
- | class bennoRole(select): | ||
- | choices = [ | + | # User id attribute |
- | (' | + | # |
- | (' | + | # The attribute which holds the user id for authentication |
- | (' | + | # |
- | ] | + | # Windows AD: userattr = sAMAccountName |
- | </ | + | #userattr = uid |
- | Syntaxfile installieren: | + | # user rdn |
- | < | + | # |
- | export UNIVENTION_APP_IDENTIFIER="Benno MailArchiv" | + | # Authentication will be performed as: $userattr=USERLOGIN, |
- | . / | + | # |
- | ucs_registerLDAPExtension | + | # If disabled, a LDAP search operation will be performed to detect the user dn |
- | </ | + | usersuffix = cn=users, |
- | GUI-Attribute anlegen: | ||
- | < | ||
- | eval " | ||
- | univention-directory-manager settings/ | + | # User objectclas |
- | --position=" | + | # |
- | --set name=" | + | # Objectclass of user object |
- | --set CLIName=" | + | # |
- | --set shortDescription="benno Container auf den der Benuzter Zugriff hat" \ | + | # Windows AD: objectclass |
- | --set module=users/ | + | objectclass |
- | --set module=groups/ | + | |
- | --set objectClass=" | + | |
- | --set ldapMapping=" | + | |
- | --set tabName=" | + | |
- | --set mayChange=1 \ | + | |
- | --set multivalue=1 \ | + | |
- | --set syntax=string | + | |
- | univention-directory-manager settings/ | + | # Encrypt LDAP connection with TLS if set to "true" |
- | --position=" | + | tls = true |
- | --set name="bennoEmailAddress" | + | |
- | --set CLIName=" | + | |
- | --set shortDescription=" | + | |
- | --set module=users/ | + | |
- | --set module=groups/ | + | |
- | --set objectClass=" | + | |
- | --set ldapMapping=" | + | |
- | --set tabName=" | + | |
- | --set mayChange=1 \ | + | |
- | --set multivalue=1 \ | + | |
- | --set syntax=string | + | |
+ | # DN to bind for search requests | ||
+ | # | ||
+ | # Dn of an user with permissions to search at the ldap tree. | ||
+ | # Enable if anonymous search is not permitted! | ||
+ | # | ||
+ | # Windows AD: binddn = < | ||
+ | #binddn = | ||
- | univention-directory-manager settings/ | + | # Password of the admin user |
- | --position="cn=custom attributes, | + | # |
- | --set name=" | + | # |
- | --set CLIName="bennoRole" \ | + | |
- | --set shortDescription=" | + | ## User is allowed to access his own email adresses and |
- | --set module=users/user \ | + | ## addtional adresses |
- | --set module=groups/ | + | |
- | --set objectClass=" | + | # Email address attribute |
- | --set ldapMapping=" | + | # Univention UCS: mailPrimaryAddress |
- | --set tabName="Benno Mailarchiv" | + | email = mailPrimaryAddress |
- | --set mayChange=1 \ | + | |
- | --set multivalue=0 \ | + | # Email alias attribute |
- | --set syntax=bennoRole | + | # Windows AD: proxyAddress | proxyAddresses |
+ | # Univention UCS: mailAlternativeAddress | ||
+ | alias = mailAlternativeAddress,bennoEmailAddress | ||
+ | |||
+ | # Allow access to additional email addresses | ||
+ | addemail | ||
+ | |||
+ | |||
+ | # Benno role attribute | ||
+ | role = bennoRole | ||
+ | |||
+ | # Benno container name attribute | ||
+ | container | ||
+ | |||
+ | # Default container (if containerattr not set in LDAP) | ||
+ | default_container | ||
+ | |||
+ | # Username who will always assigned the admin role | ||
+ | adminuser | ||
+ | |||
+ | |||
+ | # remove domain from username during authentication if set to "true" | ||
+ | # | ||
</ | </ | ||
+ | |||
+ | LDAP-Modul aktivieren: | ||
+ | |||
+ | cd / | ||
+ | ln -s / | ||
+ | |||
+ | Die Datei / | ||
+ | |||
+ | EXTERNAL_AUTH = / | ||
+ | |||
+ | ===== Mailadressen ausschliessen und Kopano ===== | ||
+ | |||
+ | Für das Filtern von Mails in Benno sind nur die Evnelope-Adressen sinnvolles Ziel. Postfix kann X-Original-To Headere einfügen. Per Default ist das aber mit Kopano am UCS nicht so. Dazu müssen folgende Anpassungen vorgenommen werden: | ||
+ | |||
+ | / | ||
+ | kopano unix - | ||
+ | |||
+ | / | ||
+ | kopano_destination_recipient_limit = 1 | ||
+ | |||
+ | Aktivieren: | ||
+ | ucr set mail/ | ||
+ | ucr commit / | ||
+ | systemctl restart postfix | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | Dann noch auf dem Benno Server der Datei / | ||
+ | |||
+ | < | ||
+ | |||
+ | =====Kopano Plugin installieren===== | ||
+ | |||
+ | echo "deb https:// | ||
+ | wget -O - https:// | ||
+ | apt update | ||
+ | apt install benno-kopano-webapp-plugin | ||
benno_mailarchiv.1534151423.txt.gz · Zuletzt geändert: 2018/08/13 09:10 von matthias