Last updated on 05th of August 2007
Â
Â
Full-fledged Postfix using LDAP HOWTO
Postfix, LDAP, IMAP, WebMail, Virus- and spamscanning/checking mail system
by Tom Scholten and authors of likewise documents
v2.1
Special thanks to Richard from UnixGuru.nl
Â
Â
This document tens to provide a description of how to set up a ‘full fledge’ mailserver using Postfix as it’s core. It will be extended using mailing list managers and webmail on the frontend side but will feature spam- and virus detection and avoidance software to handle the backend. There will also be a backend interface for mailhandling (web-based). All software used is available from the web and open source. The solution chosen will provide capabilities for multiple users and multiple domains, so you might use it for your small/average ISP solutions. This document can be used as a HOWTO document on FreeBSD or likewise systems, but will also apply to generic Unices like Solaris or Linuces (e.g. RedHat/Ubuntu/Debian/etc. There are other documents describing how to implement Postfix and LDAP, and this howto is based upon them, but is written as a ‘from-scratch’ to ‘fully-operational’ manual, as i found a great tutorial on Postfix-Mysql including a nice PHP admin frontend besides the great JAMM approach which has also a nice, but in java (server pages), admin tool. Plans for now are to deliver both a perl/cgi interface AND a PHP interface to administrate you’re very own Postfix-LDAP mail system.
Â
Â
Â
This page describes how i installed and configured the solution on a FreeBSD 6.x system. There is no reason why this wouldn’t work on any other UN*X system, including all flavors of linux, *bsd, hpux, tru64, solaris or aix. Maybe on SCO but i don’t like either there OS nor their attitude. Ofcourse no responsibility or liability blah blah blah, to be continued
Â
Â
Â
Installed software (on FreeBSD)
Today, 05th of August 2007, I started updating this howto by building a complete new mailsystem. It should be fairly up to date and fully usable for you! Installing using the order provided might ensure you have all the packages required (due to their dependencies).
- lang/perl58 v5.8.8 (either as additional package during install or usinig ports)
- mail/p5-Mail-ClamAV and security/p5-File-Scan-ClamAV
- databases/p5-DBD-mysql50
- net/openldap23-server v2.3.37 (check dependencies first, as v2.4 might become dependent instead of v2.3)
- www/apache22 v2.2.4_2 (WITH_LDAP_MODULES=yes)
- mail/postfix (using pcre, sasl, tls, mysql, openldap, vda and test) v2.54
- lang/php5 v5.2.3 and lang/php5-extensions (at least enable openldap, mysql and imap)
- databases/mysql50-server v5.0.45
- mail/dovecot v1.0.2 (with LDAP and MYSQL enabled)
- security/clamav v0.91.1
- mail/mailscanner v4.61.7
- net/phpldapadmin
- mail/roundcube
- Optionally you could install these packages:
- procmail
- phpldapadmin
- phpmyadmin
Assumptions
Assumptions made for this howto
- The example domain name will be ‘example.org’
- The virtual users (mail)directory store will live under /usr/virtual
- The virtual user used is vmail (group vmail) uid/gid are both 2001
- The scanner runs as vscan/vscan (2002/2002)
OpenLDAP configuration
First edit /usr/local/etc/openldap/slapd.conf, the example below does NOT have a safe password (secret), which you should create using slappasswd from the commandline. It asks you to type you’re password twice and then prints out the string to be used. You can use another (than SSHA, the default) algorythm, man slappasswd for more information!
Also in the example below there are no acl’s so anyone has access to you’re information, consider RTFM on (Open)LDAP to secure you’re LDAPtree some more./usr/local/etc/openldap/slapd.conf
[code]
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
modulepath /usr/local/libexec/openldap/
moduleload back_bdb
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base=”” by * read
# access to dn.base=”cn=Subschema” by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., “access to * by * read”)
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
# OpenLDAP configuration for example.org
# Core schema’s delivered with OpenLDAP
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
# Mailserver schema used with postfix
include /usr/local/etc/openldap/schema/mailserver.schema
#
# ldbm database definitions
#
database bdb
suffix “dc=example,dc=org”
rootdn “cn=Manager,dc=example,dc=org”
rootpw secret
pidfile /var/run/openldap/slapd.pid
# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory /var/db/openldap-data
# Indices to maintain
index objectClass pres,eq
index mail,cn eq,sub
# logging
loglevel 256
access to attrs=userPassword
by self write
by anonymous auth
by peername.ip=127.0.0.1 read
by dn=”cn=dovecot,dc=example,dc=org” read
by * none
access to *
by dn=”cn=postfix,dc=example,dc=org” read
by dn=”cn=courier,dc=example,dc=org” read
by peername.ip=127.0.0.1 read
by * read
[/code]
OpenLDAP scheme for mailserver
Next, create the LDAPscheme to be used for our mailserver in /usr/local/etc/openldap/schemaDownload mailserver.schema
Ready, Aim, OpenLDAP
Now start up you’re OpenLDAP server either by hand or set slapd_enable=â€YES†in /etc/rc.conf and use /usr/local/etc/rc.d/slapd start and verify that slapd is running.If it’s running were ready to fill …
Initial LDIF
OpenLDAP tree layout and initial ldif. You can load this to your serverusing
[code] cat /home/user/ldap/initial.ldif | ldapadd -x -D “cn=Manager,dc=example,dc=org” -W
[/code]
[code]
# example
dn: dc=example, dc=org
objectClass: top
objectClass: organization
objectClass: dcObject
o: example
dc: example
# MAnager
dn: cn=Manager,dc=example,dc=org
objectClass: top
objectClass: organizationalRole
cn: Manager
# mail, example
dn: dc=mail, dc=example, dc=org
objectClass: top
objectClass: organizationalunit
objectClass: dcObject
ou: mail
dc: mail
dn: cn=postfix,dc=example,dc=org
objectClass: top
objectClass: simpleSecurityObject
objectClass: organizationalRole
userPassword:: secret
cn: postfix
dn: cn=dovecot,dc=example,dc=org
objectClass: top
objectClass: simpleSecurityObject
objectClass: organizationalRole
userPassword:: secret
cn: dovecot
# example.org, mail, example
dn: dc=example.org, dc=mail, dc=example,dc=org
accountActive: TRUE
editPostmasters: TRUE
editAccounts: TRUE
objectClass: top
objectClass: mailDomain
dc: example.org
delete: FALSE
lastChange: 111
postfixTransport: virtual:
# somenudomain.nu, mail, example
dn: dc=somenudomain.nu, dc=mail, dc=example,dc=org
accountActive: TRUE
editPostmasters: TRUE
editAccounts: TRUE
objectClass: top
objectClass: mailDomain
dc: somenudomain.nu
delete: FALSE
lastChange: 111
postfixTransport: virtual:
# someoldaccount.demon.org, mail, example
dn: dc=someoldaccount.demon.org, dc=mail, dc=example,dc=org
accountActive: TRUE
editPostmasters: TRUE
editAccounts: TRUE
objectClass: top
objectClass: mailDomain
dc: someoldaccount.demon.org
delete: FALSE
lastChange: 111
postfixTransport: virtual:
# domain3.org, mail, example
dn: dc=domain3.org, dc=mail, dc=example,dc=org
accountActive: TRUE
editPostmasters: TRUE
editAccounts: TRUE
objectClass: top
objectClass: mailDomain
dc: domain3.org
delete: FALSE
lastChange: 111
postfixTransport: virtual:
[/code]
Apache webserver
Add the following lines to your/usr/local/etc/apache22/httpd.conf and make sure ‘DirectoryIndex’ also contains index.php[code]AddType application/x-httpd-php .phpAddType application/x-httpd-php-source .phps[/code]
phpLdapAdmin
Since not all people are keen on adding/removing/changing users by hand using scripts there is also ‘phpldapadmin’ in the portstree that makes things a little easier, after installing the port (assuming apache+php are up and running!!!) add the following lines to a secure (https) instance of your webserver /usr/local/etc/apache22/extra/httpd-ssl.conf
[code]
Alias /phpldapadmin “/usr/local/www/phpldapadmin/”
AllowOverride AuthConfig
Allow from all
[/code]
And put a .htaccess file in /usr/local/www/phpldapadmin containing
[code]
AuthUserFile /usr/local/etc/apache22/htpasswd.admin
AuthName “/admin auth”
AuthType Basicrequire valid-user[/code]
Next create the htpasswd file using “htpasswd -cm /usr/local/etc/apache22/htpasswd.admin {username}†and any further users leaving the -c out.Next edit the /usr/local/www/phpldapadmin/config/config.php and change/add the following lines
[code]$ldapservers->SetValue($i,’server’,’host’,’127.0.0.1′);
$ldapservers->SetValue($i,’server’,’port’,’389′);
$ldapservers->SetValue($i,’server’,’auth_type’,’config’);
$ldapservers->SetValue($i,’login’,’dn’,’cn=Manager,dc=example,dc=org’);
$ldapservers->SetValue($i,’login’,’pass’,’secret’);
$ldapservers->SetValue($i,’server’,’tls’,false);[/code]
Restart your webserver and test if everything works The reason i use plain htpasswd authentication instead of ldap authentication (that is possible by using the example .htaccess below) is that any FU in your ldap would knock yourself out of it.Example .htaccess using ldap authentication
[code]AuthName “/auth required”
AuthType BasicAuthLDAPURL ldap://localhost/dc=employees,dc=example,dc=org?name??
require valid-user[/code]
ClamAV, virusscanner
You might want to run it by enabling clamav_clamd_enable and clamav_freshclam_enable in /etc/rc.conf
DOVECOT imap server
Copy /usr/local/etc/dovecot-example to dovecot.conf and adjust the
following lines
[code]
protocols = imaps pop3s
disable_plaintext_auth = no
syslog_facility = mail
ssl_disable = no
ssl_cert_file = /etc/ssl/certs/mailserver.pem
ssl_key_file = /etc/ssl/certs/mailserver.pem
login_user = dovecot
mail_location = maildir:/usr/virtual/%d/%n/Maildir
first_valid_uid = 500
last_valid_uid = 0
last_valid_gid = 0
valid_chroot_dirs = /usr/virtual
passdb ldap {
args = /usr/local/etc/dovecot-ldap.conf
}
userdb ldap {
args = /usr/local/etc/dovecot-ldap.conf
} [/code]
Copy /usr/local/etc/dovecot-ldap-example.conf to dovecot-ldap.conf and
adjust the following lines
[code]
hosts = localhost
dn=”cn=dovecot,dc=example,dc=org”
dnpass=”secret”
tls = no
auth_bind = no
ldap_version = 3
base = dc=mail,dc=example,dc=org
user_filter =
(&(objectClass=MailAccount)(accountActive=TRUE)(delete=FALSE))
user_attrs = mail,homeDirectory,,,,
pass_attrs = mail=user,userPassword=password
pass_attrs = mail,userPassword
pass_filter = (&(objectClass=MailAccount)(mail=%u))
default_pass_scheme = CRYPT
user_global_uid = 5000
user_global_gid = 5000[/code]
Next start dovecot using /usr/local/etc/rc.d/dovecot start
RoundCube Webmail
Make sure mysql is started (/usr/local/etc/rc.d/mysql_server start) next issue
mysql -uroot -p (depending on if you already secured your database)
[code]> create database roundcube;
> grant all on roundcube.* to roundcube@localhost identified by ’secret’;
[/code]
Issue cat /usr/ports/mail/roundcube/work/roundcube*/SQL/mysql5.initial.sql | mysql -u roundcube -psecret roundcube and add the following lines to your /usr/local/etc/apache22/extra/httpd-ssl.conf
[code]Alias /webmail /usr/local/www/roundcube>
<Directory “/usr/local/www/roundcubeâ€>
Allow from all
</Directory> [/code]
OpenLDAP scripts
Using the script provide below we can add users, according to the domain setup shown below using the following commands example· ./ldapadduser.pl vivian example.org “Secret123? mailbox | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secret· ./ldapadduser.pl alexander example.org “Dog=Cr@zy†mailbox | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secret· ./ldapadduser.pl roland_dg example.org “a1zihw†mailbox | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secret· ./ldapadduser.pl postmaster example.org alexander@example.org,vivian@example.org alias | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secret· ./ldapadduser.pl webmaster example.org john@webbuilders.com alias | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secret· ./ldapadduser.pl “*†example.org vivian@example.org alias | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secretsomenudomain.nu· ./ldapadduser.pl ian somenudomain.nu “vivian†mailbox | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secret· ./ldapadduser.pl postmaster somenudomain.nu alexander@example.org alias | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secret· ./ldapadduser.pl webmaster somenudomain.nu “w3bs1t3? mailbox | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secretsomeoldaccount.demon.org· ./ldapadduser.pl “*†someoldaccount.demon.org @somenudomain.nu alias | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secretdomain3.org· ./ldapadduser.pl postmaster domain3.org alexander@example.org alias | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secret· ./ldapadduser.pl webmaster domain3.org alexander@example.org alias | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secretAnd so, we should have created a tree looking like this, with vivian@example.org receiving all ‘non-existing-mailbox’ mail from example.org and all mail from ’someoldaccount.demon.org’ delivered to somenudomain.nu (so you can email ian@someoldaccount.demon.org and still reach ian, whom (ofcourse) should have procmail or so set up to warn people about his changed domain name, but that’s outside the scope of this document). Also mind that postmaster@example.org is delivered to BOTH alexander AND vivian. The add-script just makes to ‘maildrop’s in the LDAP tree!
MailScanner
First of all, copy all .sample files to their respective realnames (and make changes if you like) in /usr/local/etc/MailScanner and subdirectories. Do the same for /usr/local/share/MailScanner/reports/en/ (or other languages). To enable ‘autofinding’ clamav, also issue acp /usr/local/libexec/MailScanner/clamav-wrapper.sample /usr/local/libexec/MailScanner/clamav-wrapper
I recommend using clamavmodule however, this will save you overhead and time of seperate clamav processes on your precious system!
Adjust /usr/local/etc/MailScanner/MailScanner.conf with at least the following lines.
[code]
%org-name% = YourOrg
%org-long-name% = Your Full Organisation Name
%web-site% = www.example.org
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Quarantine User = postfix
Quarantine Group = www
Deliver Disinfected Files = yes
Quarantine Whole Message = yes
Information Header Value = See you’re providers webpage or
www.mailscanner.info for more information
Notify Senders = no
Required SpamAssassin Score = 3
High SpamAssassin Score = 5
Depending on your choice you might change :
#High Scoring Spam Actions = deliver header “X-Spam-Status: Yes”
High Scoring Spam Actions = store
Monitors for ClamAV Updates = /var/db/clamav/*.inc/* /var/db/clamav/*.cvd
[/code]
MailWatch (MailScanner front-end)
Download the package from http://mailwatch.sf.net and untar in /tmp and change to the directory.
[code]$ mysql -uroot -p < create.sql[/code]
[code]$ mysql -uroot -p [/code]
[mysql]mysql> GRANT ALL ON mailscanner.* TO mailwatch@localhost IDENTIFIED BY ‘secret’;
mysql> GRANT FILE ON *.* TO mailwatch@localhost IDENTIFIED BY ‘secret’;
mysql> FLUSH PRIVILEGES;
mysql > use mailscanner;
mysql > INSERT INTO users (username, password, fullname, type) VALUES (‘<username’>,md5(‘<password>’),'<name>’,’A’);[/mysql]
Edit the MailWatch.pm file and change the database configuration
[code]my($db_user) = ‘mailwatch’;
my($db_pass) = ‘secret’;[/code]
Next copy this file to the MailScanner directories : cp MailWatch.pm /usr/local/lib/MailScanner/MailScanner/CustomFunctions/Move the mailscanner directory to your webroot and “chown www:www” it (i.e. /usr/local/www/mailscanner) and add the following lines to your apache configuration
[code]Alias /mailscanner /usr/local/www/mailscanner
Directory “/usr/local/www/mailscannerâ€
Allow from all
/Directory<[/code]
Next restart your mailscanner (/usr/local/etc/rc.d/mailscanner restart) and watch the /var/log/maillog closely. If no obvious errors or warnings occur try to send yourself an email. If it all works (email received) just go ahead and browse to MailWatch to see some stats!
Configure postfix
Changes to postfix’ main.cf, also change other settings to customize you’re requirements. Setting ’soft_bounce=yes’ for testing purposes while starting out using you’re new mailserver would be a wise decision!We also need to change some things regarding to sending Postfix’ incoming mail through MailScanner first in main.cf
[code]
hash_queue_depth = 1
hash_queue_names = incoming,hold,deferred,defer
inet_protocols = all
header_checks = regexp:/usr/local/etc/postfix/header_checks
And add the following line to /usr/local/etc/postfix/header_checks
/^Received:/ HOLD
Further, change your main.cf to contain the following ldap-related stuff.
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
mail_owner = postfix
myhostname = mail.example.org
mydomain = example.org
myorigin = $mydomain
local_recipient_maps =
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = no
domains_server_host = 127.0.0.1
domains_search_base = dc=mail,dc=example,dc=org
domains_query_filter =
(&(dc=%s)(objectClass=mailDomain)(accountActive=TRUE)(delete=FALSE))
domains_result_attribute = postfixTransport
domains_bind = no
domains_scope = one
aliases_server_host = 127.0.0.1
aliases_search_base = dc=mail,dc=example,dc=org
aliases_query_filter =
(&(objectClass=mailAlias)(mail=%s)(accountActive=TRUE))
aliases_result_attribute = maildrop
aliases_bind = no
aliasalternates_server_host = 127.0.0.1
aliasalternates_search_base = dc=mail,dc=example,dc=org
aliasalternates_query_filter =
(&(objectClass=mailAlias)(mailalternateaddress=%s)(accountActive=TRUE))
aliasalternates_result_attribute = maildrop
aliasalternates_bind = no
accounts_server_host = 127.0.0.1
accounts_search_base = dc=mail,dc=example,dc=org
accounts_query_filter =
(&(objectClass=mailAccount)(mail=%s)(accountActive=TRUE)(delete=FALSE))
accounts_result_attribute = mailbox
accounts_bind = no
accountsmap_server_host = 127.0.0.1
accountsmap_search_base = dc=mail,dc=example,dc=org
accountsmap_query_filter =
(&(objectClass=mailAccount)(mail=%s)(accountActive=TRUE)(delete=FALSE))
accountsmap_result_attribute = mail
accountsmap_bind = no
accountalternates_server_host = 127.0.0.1
accountalternates_search_base = dc=mail,dc=example,dc=org
accountalternates_query_filter =
(&(objectClass=mailAccount)(mailalternateaddress=%s)(accountActive=TRUE)(del
ete=FALSE))
accountalternates_result_attribute = mail
accountalternates_bind = no
transport_maps = ldap:domains
masquerade_domains = ldap:domains
virtual_maps = ldap:accountsmap, ldap:aliases, ldap:accountalternates,
ldap:aliasalternates
virtual_transport = local
virtual_mailbox_base = /usr/virtual
virtual_mailbox_maps = ldap:accounts
virtual_mailbox_domains = ldap:domains
virtual_minimum_uid = 5000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
local_alias_maps = hash:/etc/mail/aliases
local_transport = local
mailbox_command = /usr/local/bin/procmail
mydestination = localhost.example.org, localhost
relay_domains = localhost
mynetworks = localhost, mail.example.org
owner_request_special = no
recipient_delimiter = +
unknown_local_recipient_reject_code = 550
smtpd_client_restrictions = check_client_access
hash:/usr/local/etc/postfix/access, permit
smtpd_sender_restrictions = hash:/usr/local/etc/postfix/access
header_checks = regexp:/usr/local/etc/postfix/header_checks
hash_queue_depth = 1
hash_queue_names = incoming,hold,deferred,defer
inet_protocols = all
debug_peer_level = 9
[/code]
And finally some code to protect your drive from flooding
[code] # A maximum limit of a mailbox
virtual_mailbox_limit = 1000000
# Limits only INBOX part (usefull when
# using when you have IMAP users)
virtual_mailbox_limit_inbox = yes [/code]
You may want to add a few dnsbl statements to limit the amount of unwanted
mail in your main.cf using
[code]smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination,
reject_unknown_recipient_domain,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit
[/code]
Starting you’re mailserver
Next again edit /etc/rc.conf to disable sendmail and enable postfix Insert
Comment out/remove
Verify mail sending and receiving
Verify that you can send mail by sending yourself mail. If using an address@example.org which is an alias (pointing outside one of the domains for wich your new postfix server receives mail) please check you’re headers and confirm their ok. If receiving on a mailbox address (at your new postfix server), look in /usr/virtual and confirm you have a new directory named example.org (depending on the recipient). Below that directory your mailbox name (as a directory) should emerge, containing various maildir files. Besides checking that your mail was received also check the headers!Note that users of a mailbox should have received at least one email to have their directory (and maildir files) in place When you create a new mailbox (not alias), you should send the new user a ‘welcome’ mail of some kind to let postfix create their ‘homedirectory’ in /usr/virtual. When omitted the user will receive an error when checking mail (either via imap/pop or when using webmail)
Documents and resources used
Besides RTFM on various packages used to install a number of special resources will be named below the packages linklist; (in no particular order)
Others resources used
- http://jamm.sourceforge.net everything else seems to be based upon this
- http://www.vriesman.tk detailed enough for me
Tom Scholten is consultant with Snow B.V., a Dutch Technical Consultancy Company supplying specialists in the fields of Storage, Networking and Unix  Â
 |  |
Great how-to. The one piece I’m missing is your ldapadduser.pl … or some ldap user entry examples.