| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| <!-- Generated by Apache Maven Doxia at 2021-11-12 --> |
| <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> |
| <head> |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> |
| <title>Apache James Project – Using LDAP</title> |
| <style type="text/css" media="all"> |
| @import url("../../css/james.css"); |
| @import url("../../css/maven-base.css"); |
| @import url("../../css/maven-theme.css"); |
| @import url("../../css/site.css"); |
| @import url("../../js/jquery/css/custom-theme/jquery-ui-1.8.5.custom.css"); |
| @import url("../../js/jquery/css/print.css"); |
| @import url("../../js/fancybox/jquery.fancybox-1.3.4.css"); |
| </style> |
| <script type="text/javascript" src="../../js/jquery/js/jquery-1.4.2.min.js"></script> |
| <script type="text/javascript" src="../../js/jquery/js/jquery-ui-1.8.5.custom.min.js"></script> |
| <script type="text/javascript" src="../../js/fancybox/jquery.fancybox-1.3.4.js"></script> |
| <link rel="stylesheet" href="../../css/print.css" type="text/css" media="print" /> |
| <meta name="author" content="Charles Benett" /> |
| <meta name="Date-Revision-yyyymmdd" content="20211112" /> |
| <meta http-equiv="Content-Language" content="en" /> |
| |
| <!-- Google Analytics --> |
| <script type="text/javascript"> |
| |
| var _gaq = _gaq || []; |
| _gaq.push(['_setAccount', 'UA-1384591-1']); |
| _gaq.push(['_trackPageview']); |
| |
| (function() { |
| var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; |
| ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; |
| var s = document.getElementsByTagName('script').item(0); s.parentNode.insertBefore(ga, s); |
| })(); |
| |
| </script> |
| </head> |
| <body class="composite"> |
| <div id="banner"> |
| <a href="../../index.html" id="bannerLeft" title="james-logo.png"> |
| |
| |
| <img src="../../images/logos/james-logo.png" alt="James Project" /> |
| </a> |
| <a href="https://www.apache.org/index.html" id="bannerRight"> |
| |
| |
| <img src="images/logos/asf_logo_small.png" alt="The Apache Software Foundation" /> |
| </a> |
| <div class="clear"> |
| <hr/> |
| </div> |
| </div> |
| <div id="breadcrumbs"> |
| |
| |
| <div class="xleft"> |
| <span id="publishDate">Last Published: 2021-11-12</span> |
| </div> |
| <div class="xright"> <a href="../../index.html" title="Home">Home</a> |
| | |
| <a href="../../documentation.html" title="James">James</a> |
| | |
| <a href="../../mime4j/index.html" title="Mime4J">Mime4J</a> |
| | |
| <a href="../../jsieve/index.html" title="jSieve">jSieve</a> |
| | |
| <a href="../../jspf/index.html" title="jSPF">jSPF</a> |
| | |
| <a href="../../jdkim/index.html" title="jDKIM">jDKIM</a> |
| |
| |
| </div> |
| <div class="clear"> |
| <hr/> |
| </div> |
| </div> |
| <div id="leftColumn"> |
| <div id="navcolumn"> |
| |
| |
| <h5>James components</h5> |
| <ul> |
| <li class="collapsed"> |
| <a href="../../documentation.html" title="About James">About James</a> |
| </li> |
| <li class="collapsed"> |
| <a href="../../server/index.html" title="Server">Server</a> |
| </li> |
| <li class="collapsed"> |
| <a href="../../mailet/index.html" title="Mailets">Mailets</a> |
| </li> |
| <li class="collapsed"> |
| <a href="../../mailbox/index.html" title="Mailbox">Mailbox</a> |
| </li> |
| <li class="collapsed"> |
| <a href="../../protocols/index.html" title="Protocols">Protocols</a> |
| </li> |
| <li class="collapsed"> |
| <a href="../../mpt/index.html" title="MPT">MPT</a> |
| </li> |
| </ul> |
| <h5>Apache Software Foundation</h5> |
| <ul> |
| <li> |
| <strong> |
| <a title="ASF" href="http://www.apache.org/">ASF</a> |
| </strong> |
| </li> |
| <li> |
| <a title="Get Involved" href="http://www.apache.org/foundation/getinvolved.html">Get Involved</a> |
| </li> |
| <li> |
| <a title="FAQ" href="http://www.apache.org/foundation/faq.html">FAQ</a> |
| </li> |
| <li> |
| <a title="License" href="http://www.apache.org/licenses/" >License</a> |
| </li> |
| <li> |
| <a title="Sponsorship" href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a> |
| </li> |
| <li> |
| <a title="Thanks" href="http://www.apache.org/foundation/thanks.html">Thanks</a> |
| </li> |
| <li> |
| <a title="Security" href="http://www.apache.org/security/">Security</a> |
| </li> |
| </ul> |
| <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy"> |
| <img class="poweredBy" alt="Built by Maven" src="../../images/logos/maven-feather.png" /> |
| </a> |
| |
| |
| </div> |
| </div> |
| <div id="bodyColumn"> |
| <div id="contentBox"> |
| |
| |
| |
| |
| <section> |
| <h2><a name="James_1.2_-_Using_an_LDAP_Directory_as_a_Users_Repository"></a>James 1.2 - Using an LDAP Directory as a Users Repository</h2> |
| |
| |
| <p> |
| This document explains how to enable JAMES to use an LDAP directory as a |
| Users Repository. |
| </p> |
| </section> |
| |
| <section> |
| <h2><a name="Summary"></a>Summary</h2> |
| |
| |
| <p> |
| We have tried to make the LDAP implementation of UsersRepository as |
| flexible a possible, recognising that each installation will have a unique |
| directory schema. |
| <br />We assume that all users that a James Mailserver will handle fall |
| within one single-rooted tree. The root of this tree, ie the lowest node |
| in the directory which is an ancestor for all users served by this |
| mailserver and the mailserver, is called the LDAPRoot. (See diagram) |
| </br> |
| <br />It is entirely possible that an organization may have more than one |
| mail server. Consequently, the fact that a user is in the Directory does |
| not imply that this mailserver should handle mail for them. |
| </br> |
| <br />This implementation of UsersRepository creates one node (object) for |
| each set of mail users. The set called 'LocalUsers' is the set of users |
| whose mail is handled by this server. Other sets include any mail-lists |
| handled by the server. Each member of a set is recorded as an attribute |
| of these objects. These nodes are child nodes of the mailserver. |
| </br> |
| <br />The mailserver will accept mail for local delivery if the user part of |
| the email address matches a member of LocalUsers and if the domain/host |
| part of the email address matches the first servername . |
| (Set servernames autodetect to false and enter the domain served as the |
| first servername, e.g. apache.org). |
| </br> |
| <br />For POP3 authentication, the mailserver first finds the user entry in |
| the directory, underLDAPRoot, whose attribute, specified as |
| MailAttribute in conf, matches user@domain. The mailserver authenticates |
| the POP3 user if it can bind to the directory as that user entry with |
| the offered password. |
| </br> |
| <br /> |
| This implementation does not set passwords in the directory. Use a dummy |
| password when invoking adduser in RemoteManger. |
| </br> |
| <br /> |
| If ManageGroupAttribute is set to TRUE (as it is by default), then the |
| RemoteManger will add/remove the full DN of the email group to/from the |
| user entry. This facilty allows users to ask the directory what is my |
| mailserver and what email lists am I subscribed to? |
| </br> |
| |
| </p> |
| |
| |
| <table border="0" class="bodyTable" cellspacing="0"> |
| |
| <tr class="a"> |
| |
| <td> </td> |
| |
| <td align="center">Root of Directory |
| <br />Example: dc=org</br> |
| <br />May not be referenced in conf.xml</br> |
| <br />|</br> |
| <br />|</br> |
| </td> |
| |
| <td> </td> |
| </tr> |
| |
| <tr class="b"> |
| |
| <td colspan="3" align="center">-------------------------------------------------------------------------------------------------</td> |
| |
| </tr> |
| |
| <tr class="a"> |
| |
| <td align="center" valign="top">| |
| <br />Subtree not served by James</br> |
| <br /> e.g.: dc=w3c, dc=org</br> |
| </td> |
| |
| <td align="center" valign="top">| |
| <br />Subtree served by James</br> |
| <br /> e.g.: dc=apache, dc=org </br> |
| <br />"LDAPRoot"</br> |
| <br />|</br> |
| </td> |
| |
| <td align="center" valign="top">| |
| <br />Subtree not served by James</br> |
| <br /> e.g.: dc=xml, dc=org</br> |
| </td> |
| </tr> |
| |
| <tr class="b"> |
| |
| <td> </td> |
| |
| <td> |
| |
| <table border="0" class="bodyTable"> |
| |
| <tr class="a"> |
| |
| <td colspan="4" align="center">----------------------------------------------------</td> |
| </tr> |
| |
| <tr class="b"> |
| |
| <td align="center" valign="top">| |
| <br />This mailserver </br> |
| <br />cn=mailserver.apache.org</br> |
| <br />|</br> |
| <br />---------------</br> |
| </td> |
| |
| <td align="center" valign="top">| |
| <br />A user </br> |
| <br />cn=King Arthur</br> |
| <br /> memberOfGroup=</br> |
| <br />cn=LocalUsers etc</br> |
| </td> |
| |
| <td align="center" valign="top">| |
| <br />A user </br> |
| <br />cn=Morgan LeFay </br> |
| </td> |
| |
| <td align="center" valign="top">| |
| <br />Another mailserver </br> |
| <br />cn=oldmail.apache.org</br> |
| </td> |
| </tr> |
| |
| <tr class="a"> |
| |
| <td> |
| |
| <table border="0" class="bodyTable"> |
| |
| <tr class="b"> |
| |
| <td align="center" valign="top"> | |
| <br />LocalUsers</br> |
| <br />member=Arthur</br> |
| </td> |
| |
| <td align="center" valign="top"> | |
| <br />list-james</br> |
| <br />member=Arthur</br> |
| </td> |
| </tr> |
| </table> |
| </td> |
| |
| <td> </td> |
| |
| <td> </td> |
| |
| <td> </td> |
| </tr> |
| </table> |
| </td> |
| |
| <td> </td> |
| </tr> |
| </table> |
| </section> |
| |
| <section> |
| <h2><a name="Installation"></a>Installation</h2> |
| |
| |
| <p> |
| Six entries in JAMES.conf.xml must be set for this to work: |
| </p> |
| <ul> |
| |
| <li>change usersManager - type to ldap.</li> |
| |
| <li>Set the ldapServer element to point to the correct host and port</li> |
| |
| <li>Set LDAPRoot and ThsServerRDN.</li> |
| |
| <li>Set the direcory FDN and password that should be used to write to the directory.</li> |
| |
| <li>Unless all your users have email addresses of the form, name@the-machine-running-James, set servernames-autodetect to false and apecify the your email domain as the first servername.</li> |
| </ul> |
| |
| |
| </section> |
| |
| |
| |
| </div> |
| </div> |
| <div class="clear"> |
| <hr/> |
| </div> |
| <div id="footer"> |
| <div class="xright">Copyright © 2006-2021 |
| <a href="https://www.apache.org/">The Apache Software Foundation</a>. |
| All Rights Reserved. |
| |
| </div> |
| <div class="clear"> |
| <hr/> |
| </div> |
| </div> |
| </body> |
| </html> |