blob: 36faafc703e0146feef4c7a48f9792ed54a8dd84 [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?>
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">
<!-- Generated by Apache Maven Doxia at Apr 12, 2012 -->
<html xmlns="" xml:lang="en" lang="en">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>James Server -
Using LDAP</title>
<style type="text/css" media="all">
@import url("../css/james.css");
@import url("../css/maven-base.css");
@import url("../css/maven-theme.css");
@import url("../css/site.css");
@import url("../js/jquery/css/custom-theme/jquery-ui-1.8.5.custom.css");
@import url("../js/jquery/css/print.css");
@import url("../js/fancybox/jquery.fancybox-1.3.4.css");
<script type="text/javascript" src="../js/jquery/js/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="../js/jquery/js/jquery-ui-1.8.5.custom.min.js"></script>
<script type="text/javascript" src="../js/fancybox/jquery.fancybox-1.3.4.js"></script>
<link rel="stylesheet" href="../css/print.css" type="text/css" media="print" />
<meta name="author" content="Charles Benett" />
<meta name="Date-Revision-yyyymmdd" content="20120412" />
<meta http-equiv="Content-Language" content="en" />
<!-- Google Analytics -->
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-1384591-1']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '';
var s = document.getElementsByTagName('script').item(0); s.parentNode.insertBefore(ga, s);
<body class="composite">
<div id="banner">
<a href="../index.html" id="bannerLeft" title="james-server-logo.gif">
<img src="../images/logos/james-server-logo.gif" alt="James Server" />
<a href="" id="bannerRight">
<img src="images/logos/asf-logo-reduced.gif" alt="The Apache Software Foundation" />
<div class="clear">
<div id="breadcrumbs">
<div class="xleft">
<span id="publishDate">Last Published: 2012-04-12</span>
&nbsp;| <span id="projectVersion">Version: 1.6</span>
<div class="xright"> <a href="../../index.html" title="Home">Home</a>
<a href="../index.html" title="Server">Server</a>
<a href="../../hupa/index.html" title="Hupa">Hupa</a>
<a href="../../protocols/index.html" title="Protocols">Protocols</a>
<a href="../../imap/index.html" title="IMAP">IMAP</a>
<a href="../../mailet/index.html" title="Mailets">Mailets</a>
<a href="../../mailbox/index.html" title="Mailbox">Mailbox</a>
<a href="../../mime4j/index.html" title="Mime4J">Mime4J</a>
<a href="../../jsieve/index.html" title="jSieve">jSieve</a>
<a href="../../jspf/index.html" title="jSPF">jSPF</a>
<a href="../../jdkim/index.html" title="jDKIM">jDKIM</a>
<a href="../../mpt/index.html" title="MPT">MPT</a>
<a href="../../postage/index.html" title="Postage">Postage</a>
<div class="clear">
<div id="leftColumn">
<div id="navcolumn">
<h5>James Server</h5>
<li class="none">
<a href="../index.html" title="Overview">Overview</a>
<li class="none">
<a href="../design_objectives.html" title="Objectives">Objectives</a>
<li class="none">
<a href="../FAQ.html" title="Server FAQ">Server FAQ</a>
<li class="none">
<a href="../rfclist.html" title="Useful RFCs">Useful RFCs</a>
<li class="none">
<a href="" title="Issue Tracker">Issue Tracker</a>
<li class="none">
<a href="" title="Source">Source</a>
<li class="none">
<a href="../3/index.html" title="Server v3">Server v3</a>
<li class="none">
<a href="../2/index.html" title="Server v2">Server v2</a>
<li class="none">
<a href="../archive/document_archive.html" title="Archive">Archive</a>
<h5>About James</h5>
<li class="none">
<a href="../../index.html" title="Overview">Overview</a>
<li class="none">
<a href="../../newsarchive.html" title="News">News</a>
<li class="none">
<a href="../../mail.html" title="Mailing Lists">Mailing Lists</a>
<li class="none">
<a href="../../contribute.html" title="Contributing">Contributing</a>
<li class="none">
<a href="../../guidelines.html" title="Guidelines">Guidelines</a>
<li class="none">
<a href="" title="Wiki">Wiki</a>
<li class="none">
<a href="../../weare.html" title="Who We Are">Who We Are</a>
<li class="none">
<a href="../../license.html" title="License">License</a>
<li class="none">
<a href="../../download.cgi" title="Releases">Releases</a>
<li class="none">
<a href="" title="Snapshots">Snapshots</a>
<h5>Apache Software Foundation</h5>
<a title="ASF" href="">ASF</a>
<a title="Get Involved" href="">Get Involved</a>
<a title="FAQ" href="">FAQ</a>
<a title="License" href="" >License</a>
<a title="Sponsorship" href="">Sponsorship</a>
<a title="Thanks" href="">Thanks</a>
<a title="Security" href="">Security</a>
<a href="" title="Built by Maven" class="poweredBy">
<img class="poweredBy" alt="Built by Maven" src="../images/logos/maven-feather.png" />
<div id="bodyColumn">
<div id="contentBox">
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License. -->
<div class="section"><h2>James 1.2 - Using an LDAP Directory as a Users Repository<a name="James_1.2_-_Using_an_LDAP_Directory_as_a_Users_Repository"></a></h2>
This document explains how to enable JAMES to use an LDAP directory as a
Users Repository.
<div class="section"><h2>Summary<a name="Summary"></a></h2>
We have tried to make the LDAP implementation of UsersRepository as
flexible a possible, recognising that each installation will have a unique
directory schema.
<br />We assume that all users that a James Mailserver will handle fall
within one single-rooted tree. The root of this tree, ie the lowest node
in the directory which is an ancestor for all users served by this
mailserver and the mailserver, is called the LDAPRoot. (See diagram)
<br />It is entirely possible that an organization may have more than one
mail server. Consequently, the fact that a user is in the Directory does
not imply that this mailserver should handle mail for them.
<br />This implementation of UsersRepository creates one node (object) for
each set of mail users. The set called 'LocalUsers' is the set of users
whose mail is handled by this server. Other sets include any mail-lists
handled by the server. Each member of a set is recorded as an attribute
of these objects. These nodes are child nodes of the mailserver.
<br />The mailserver will accept mail for local delivery if the user part of
the email address matches a member of LocalUsers and if the domain/host
part of the email address matches the first servername .
(Set servernames autodetect to false and enter the domain served as the
first servername, e.g.
<br />For POP3 authentication, the mailserver first finds the user entry in
the directory, underLDAPRoot, whose attribute, specified as
MailAttribute in conf, matches user@domain. The mailserver authenticates
the POP3 user if it can bind to the directory as that user entry with
the offered password.
<br />
This implementation does not set passwords in the directory. Use a dummy
password when invoking adduser in RemoteManger.
<br />
If ManageGroupAttribute is set to TRUE (as it is by default), then the
RemoteManger will add/remove the full DN of the email group to/from the
user entry. This facilty allows users to ask the directory what is my
mailserver and what email lists am I subscribed to?
<table border="0" class="bodyTable" cellspacing="0">
<tr class="a">
<td> </td>
<td align="center">Root of Directory
<br />Example: dc=org</br>
<br />May not be referenced in conf.xml</br>
<br />|</br>
<br />|</br>
<td> </td>
<tr class="b">
<td colspan="3" align="center">-------------------------------------------------------------------------------------------------</td>
<tr class="a">
<td align="center" valign="top">|
<br />Subtree not served by James</br>
<br /> e.g.: dc=w3c, dc=org</br>
<td align="center" valign="top">|
<br />Subtree served by James</br>
<br /> e.g.: dc=apache, dc=org </br>
<br />&quot;LDAPRoot&quot;</br>
<br />|</br>
<td align="center" valign="top">|
<br />Subtree not served by James</br>
<br /> e.g.: dc=xml, dc=org</br>
<tr class="b">
<td> </td>
<table border="0" class="bodyTable">
<tr class="a">
<td colspan="4" align="center">----------------------------------------------------</td>
<tr class="b">
<td align="center" valign="top">|
<br />This mailserver </br>
<br /></br>
<br />|</br>
<br />---------------</br>
<td align="center" valign="top">|
<br />A user </br>
<br />cn=King Arthur</br>
<br /> memberOfGroup=</br>
<br />cn=LocalUsers etc</br>
<td align="center" valign="top">|
<br />A user </br>
<br />cn=Morgan LeFay </br>
<td align="center" valign="top">|
<br />Another mailserver </br>
<br /></br>
<tr class="a">
<table border="0" class="bodyTable">
<tr class="b">
<td align="center" valign="top"> |
<br />LocalUsers</br>
<br />member=Arthur</br>
<td align="center" valign="top"> |
<br />list-james</br>
<br />member=Arthur</br>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<div class="section"><h2>Installation<a name="Installation"></a></h2>
Six entries in JAMES.conf.xml must be set for this to work:
<li>change usersManager - type to ldap.</li>
<li>Set the ldapServer element to point to the correct host and port</li>
<li>Set LDAPRoot and ThsServerRDN.</li>
<li>Set the direcory FDN and password that should be used to write to the directory.</li>
<li>Unless all your users have email addresses of the form, name@the-machine-running-James, set servernames-autodetect to false and apecify the your email domain as the first servername.</li>
<div class="clear">
<div id="footer">
<div class="xright">Copyright &#169; 2006-2012
<a href="">The Apache Software Foundation</a>.
All Rights Reserved.
<div class="clear">