Yadda ake Haɗa iRedMail Roundcube tare da Samba4 AD DC - Kashi na 12


Roundcube, ɗaya daga cikin wakilin mai amfani da gidan yanar gizo da aka fi amfani da shi a cikin Linux, yana ba da hanyar haɗin yanar gizo na zamani don masu amfani da ƙarshen mu'amala da duk sabis ɗin wasiƙa don karantawa, tsarawa da aika imel. Roundcube yana goyan bayan ka'idojin imel iri-iri, gami da amintattun, irin su IMAPS, POP3S ko ƙaddamarwa.

A cikin wannan batu za mu tattauna yadda ake saita Roundcube a cikin iRedMail tare da IMAPS da ƙaddamar da tashar jiragen ruwa masu tsaro don dawo da aika imel don asusun Samba4 AD, yadda ake samun damar iRedMail Roundcube yanar gizo daga mai bincike da ƙara adireshin gidan yanar gizo, yadda ake kunna Samba4 Haɗin AD don Littafin adireshi na LDAP na Duniya da kuma yadda ake kashe wasu ayyukan iRedMail da ba a buƙata ba.

  1. Yadda ake Sanya iRedMail akan CentOS 7 don Haɗin Samba4 AD
  2. Shigar da iRedMail akan CentOS 7 don Haɗin Samba4 AD

Mataki 1: ayyana Adireshin Imel don Asusun Domain a Samba4 AD DC

1. Domin aikawa da karɓar wasiku don asusun yankin Samba4 AD DC, kuna buƙatar gyara kowane asusun mai amfani kuma a sarari saita imel ɗin da aka yi tare da adireshin imel ɗin da ya dace ta buɗe kayan aikin ADUC daga injin Windows tare da kayan aikin RSAT da aka shigar kuma haɗa zuwa Samba4 AD kamar yadda aka kwatanta a hoton da ke ƙasa.

2. Hakazalika, don amfani da lissafin wasiku, kuna buƙatar ƙirƙirar ƙungiyoyi a ADUC, ƙara adireshin imel ɗin daidai ga kowane rukuni sannan sanya asusun masu amfani da ya dace a matsayin membobin ƙungiyar.

Tare da wannan saitin da aka ƙirƙira azaman jerin wasiƙa, duk akwatunan wasikun mambobi na ƙungiyar Samba4 AD za su karɓi saƙon da aka ƙaddara don adireshin imel ɗin ƙungiyar AD. Yi amfani da hotunan kariyar kwamfuta na ƙasa azaman jagora don ayyana imel ɗin da aka shigar don asusun ƙungiyar Samba4 kuma ƙara masu amfani da yanki azaman membobin ƙungiyar.

Tabbatar cewa duk membobin asusun da aka ƙara zuwa ƙungiya an bayyana adireshin imel ɗin su.

A cikin wannan misalin, duk wasiƙun da aka aika zuwa adireshin imel [email kare ] da aka ayyana don rukunin 'Masu Gudanarwa' za a karɓi su ta kowane akwatin saƙon memba na wannan rukunin.

3. Wata hanyar da za ku iya amfani da ita don bayyana adireshin imel ɗin Samba4 AD shine ta hanyar ƙirƙirar mai amfani ko ƙungiya tare da layin umarni na samba-tool kai tsaye daga ɗaya daga cikin na'urorin AD DC kuma saka adireshin imel ɗin. tare da tutar --mail-address.

Yi amfani da ɗayan waɗannan umarni masu zuwa don ƙirƙirar mai amfani tare da ƙayyadadden adireshin imel:

# samba-tool user add  --mail-address=user_[email   --surname=your_surname  --given-name=your_given_name  your_ad_user

Ƙirƙiri ƙungiya tare da ƙayyadaddun adireshin imel:

# samba-tool group add  [email   your_ad_group

Don ƙara mambobi zuwa rukuni:

# samba-tool group addmembers your_group user1,user2,userX

Don jera duk samammun filayen umarni na kayan aikin samba don mai amfani ko ƙungiya yi amfani da maƙasudi mai zuwa:

# samba-tool user add -h
# samba-tool group add -h

Mataki 3: Amintaccen saƙon gidan yanar gizo na Roundcube

4. Kafin gyara fayil ɗin sanyi na Roundcube, da farko, yi amfani da Dovecot da Postfix sauraron kuma tabbatar da cewa amintattun tashoshin jiragen ruwa (993 don IMAPS da 587 don ƙaddamarwa) suna aiki kuma suna kunna.

# netstat -tulpn| egrep 'dovecot|master'

5. Don tilasta liyafar mail da canja wuri tsakanin sabis ɗin Roundcube da iRedMail akan amintattun IMAP da tashoshin SMTP, buɗe fayil ɗin sanyi na Roundcube wanda ke cikin /var/www/roundcubemail/config/config.inc.php kuma tabbatar kun canza layin masu zuwa, don localhost a cikin wannan yanayin, kamar yadda aka nuna a cikin taƙaitaccen bayanin da ke ƙasa:

// For IMAPS
$config['default_host'] = 'ssl://127.0.0.1';
$config['default_port'] = 993;
$config['imap_auth_type'] = 'LOGIN';

// For SMTP
$config['smtp_server'] = 'tls://127.0.0.1';
$config['smtp_port'] = 587;
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['smtp_auth_type'] = 'LOGIN';

Ana ba da shawarar wannan saitin idan an shigar da Roudcube akan mai watsa shiri mai nisa fiye da wanda ke ba da sabis na saƙo (IMAP, POP3 ko SMTP daems).

6. Na gaba, kar a rufe fayil ɗin daidaitawa, bincika kuma yi ƙananan canje-canjen don a ziyartan Roundcube ta hanyar HTTPS kawai, don ɓoye lambar sigar kuma ta atomatik saka sunan yankin don asusun da suka shiga cikin gidan yanar gizon. dubawa.

$config['force_https'] = true;
$config['useragent'] = 'Your Webmail'; // Hide version number
$config['username_domain'] = 'domain.tld'

7. Har ila yau, musaki plugins masu zuwa: sarrafa da kalmar sirri ta ƙara sharhi (//) a gaban layin da ke farawa da $config['plugins'].

Masu amfani za su canza kalmar sirri daga na'urar Windows ko Linux da aka haɗa zuwa Samba4 AD DC da zarar sun shiga kuma su tabbatar da yankin. Sysadmin zai sarrafa duk ƙa'idodin sieve don asusun yanki a duk duniya.

// $config['plugins'] = array('managesieve', 'password');

8. A ƙarshe, ajiye da rufe fayil ɗin sanyi kuma ziyarci Roundcube Webmail ta buɗe mai bincike kuma kewaya zuwa adireshin IP na iRedMail ko FQDN/mail wuri ta hanyar HTTPS yarjejeniya.

A karon farko idan ka ziyarci Roundcube faɗakarwa ya kamata ya bayyana akan mai binciken saboda Takaddun Sa hannu na Kai da sabar gidan yanar gizon ke amfani da shi. Karɓi takaddun shaida kuma ku shiga tare da takaddun shaidar asusu na Samba AD.

https://iredmail-FQDN/mail

Mataki 3: Kunna Samba AD Lambobin sadarwa a cikin Roundcube

9. Don saita littafin adireshi na Samba AD Global LDAP don bayyana Roundcube Lambobin sadarwa, sake buɗe fayil ɗin sanyi na Roundcube don gyara kuma yi canje-canje masu zuwa:

Kewaya zuwa kasan fayil ɗin kuma gano sashin da ya fara da '# Global LDAP Address Book with AD', share duk abubuwan da ke cikinsa har zuwa ƙarshen fayil ɗin kuma musanya shi da toshe lambar mai zuwa:

# Global LDAP Address Book with AD.
#
$config['ldap_public']["global_ldap_abook"] = array(
    'name'          => 'tecmint.lan',
    'hosts'         => array("tecmint.lan"),
    'port'          => 389,
    'use_tls'       => false,
    'ldap_version'  => '3',
    'network_timeout' => 10,
    'user_specific' => false,

    'base_dn'       => "dc=tecmint,dc=lan",
    'bind_dn'       => "[email ",
    'bind_pass'     => "your_password",
    'writable'      => false,

    'search_fields' => array('mail', 'cn', 'sAMAccountName', 'displayname', 'sn', 'givenName'),
	
    'fieldmap' => array(
        'name'        => 'cn',
        'surname'     => 'sn',
        'firstname'   => 'givenName',
        'title'       => 'title',
        'email'       => 'mail:*',
        'phone:work'  => 'telephoneNumber',
        'phone:mobile' => 'mobile',

        'department'  => 'departmentNumber',
        'notes'       => 'description',

    ),
    'sort'          => 'cn',
    'scope'         => 'sub',
    'filter' => '(&(mail=*)(|(&(objectClass=user)(!(objectClass=computer)))(objectClass=group)))',
    'fuzzy_search'  => true,
    'vlv'           => false,
    'sizelimit'     => '0',
    'timelimit'     => '0',
    'referrals'     => false,
);

Akan wannan toshe na lambar maye gurbin suna, runduna, base_dn, bind_dn da bind_pass daidai da haka.

10. Bayan kun yi duk canje-canjen da ake buƙata, ajiyewa da rufe fayil ɗin, shiga cikin Roundcube webmail interface kuma je zuwa menu na Littafin adireshi.

Buga kan littafin adireshi na Duniya da aka zaɓa da sunan tuntuɓar duk asusun yanki (masu amfani da ƙungiyoyi) tare da ƙayyadadden adireshin imel ɗin su ya kamata a gani.

Mataki na 4: Ƙara Laƙabi don Interface Webmail na Roundcube

11. Don ziyartar Roundcube a adireshin gidan yanar gizo tare da fom mai zuwa https://webmail.domain.tld maimakon tsohon adireshin da aka bayar ta iRedMail kuna buƙatar yin canje-canje masu zuwa.

Daga injin Windows da aka haɗa tare da shigar da kayan aikin RSAT, buɗe Manajan DNS kuma ƙara sabon rikodin CNAME don iRedMail FQDN, mai suna saƙon gidan yanar gizo, kamar yadda aka kwatanta a hoto mai zuwa.

12. Na gaba, akan injin iRedMail, buɗe fayil ɗin sanyi na sabar yanar gizo na Apache SSL wanda ke cikin /etc/httpd/conf.d/ssl.conf kuma canza umarnin DocumentRoot don nunawa /var/www/roundcubemail/ tsarin tsarin.

fayil /etc/httpd/conf.d/ssl.conf yanki:

DocumentRoot “/var/www/roundcubemail/”

Sake kunna Apache daemon don aiwatar da canje-canje.

# systemctl restart httpd

13. Yanzu, nuna browser zuwa adireshin da ke gaba kuma Roundcube interface ya kamata ya bayyana. Karɓi Kuskuren Takaddun Sa hannu don Ci gaba da shiga shafin. Sauya domain.tld daga wannan misalin tare da sunan yankin ku.

https://webmail.domain.tld

Mataki 5: Kashe iRedMail Ayyukan da Ba a Yi Amfani da su ba

14. Tun da an saita iRedMail daemons don tambayar Samba4 AD DC LDAP uwar garken don bayanin asusu da sauran albarkatu, zaku iya tsayawa lafiya da kashe wasu sabis na gida akan na'urar iRedMail, kamar uwar garken bayanan LDAP da sabis na iredpad ta hanyar ba da umarni masu zuwa.

# systemctl stop slapd iredpad
# systemctl disable slapd iredpad

15. Har ila yau, musaki wasu ayyuka da aka tsara ta iRedMail, kamar LDAP database madadin da iRedPad records tracking records ta ƙara wani sharhi (#) a gaban kowane layi daga crontab fayil kamar yadda aka kwatanta a kasa screenshot.

# crontab -e

Mataki 6: Yi amfani da Laƙabin Wasiƙa a cikin Postfix

16. Don tura duk saƙon da aka samar a cikin gida (wanda aka ƙaddara don ma'aikacin gidan waya kuma daga baya aka tura shi zuwa tushen asusun) zuwa takamaiman asusun Samba4 AD, buɗe fayil ɗin sanyi na Postfix aliases wanda ke cikin /etc/postfix/aliases kuma canza tushen layin kamar haka:

root: 	[email 

17. Aiwatar da fayil ɗin laƙabi don Postfix zai iya karanta shi ta hanyarsa ta hanyar aiwatar da umarnin newaliases da gwada idan an aika saƙon zuwa asusun imel ɗin da ya dace ta hanyar ba da umarni mai zuwa.

# echo “Test mail” | mail -s “This is root’s email” root

18. Bayan an aika da wasiƙar, shiga cikin Roundcube webmail tare da asusun yankin da kuka saita don tura wasiku kuma tabbatar da cewa ya kamata a karɓi saƙon da aka aiko a baya a cikin akwatin saƙo na asusun ku.

Wannan duka! Yanzu, kuna da cikakken sabar saƙo mai aiki da aka haɗa tare da Samba4 Active Directory. Asusun yanki na iya aikawa da karɓar wasiku don yankinsu na ciki ko don wasu wuraren waje.

Za a iya samun nasarar amfani da saitunan da aka yi amfani da su a cikin wannan koyawa don haɗa sabar iRedMail zuwa Windows Server 2012 R2 ko 2016 Active Directory.