• roundcubemail/config/defaults.inc.php
• How to set the default domain for a new Roundcube webmail user?

• Сервис MySQL
• Настройка MTA на релеинг почты на основе аутентификации

# apt install roundcube

# cat /var/lib/roundcube/config/config.inc.php

...
$config['default_host'] = 'localhost';
$rcmail_config['mail_domain'] = 'corpX.un';
...
//https://treeone.ru/roundcube-smtp-error-code-1-connection-failed-after-upgrade-debian/
//or add port 587 to mta
$config['smtp_server'] = 'localhost:25';  
...

# cat /etc/apache2/conf-enabled/roundcube.conf

...
     Alias /mail /var/lib/roundcube
...

• Roundcube LDAP Addressbook

# apt install php-net-ldap3

# cat /var/lib/roundcube/config/config.inc.php

...
$config['ldap_public']['ldap'] = array(
  'name'          => 'Global Addresses',
  'hosts'         => array('server.corpX.un'),
//  'hosts'         => array('server2.corpX.un'),
  'port'          => 389,
  'use_tls'       => false,
  'ldap_version'  => 3,       // using LDAPv3
  'network_timeout' => 10,    // The timeout (in seconds) for connect + bind arrempts. This is only supported in PHP >= 5.3.0 with OpenLDAP 2.x
  'user_specific' => false,   // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login.

//  'base_dn'       => 'ou=People,dc=corpX,dc=un',

  'base_dn'       => 'cn=Users,dc=corpX,dc=un',
//  'base_dn'       => 'dc=corpX,dc=un',
  'bind_dn'       => 'cn=Administrator,cn=Users,dc=corpX,dc=un',
  'bind_pass'     => 'Pa$$w0rd',

  'search_filter'  => '',   // e.g. '(&(objectClass=posixAccount)(uid=%u))'
  'fieldmap' => array(
    // Roundcube  => LDAP:limit
    'name'        => 'cn',
    'surname'     => 'sn',
    'firstname'   => 'givenName',
    'jobtitle'    => 'title',
    'email'       => 'mail:*',
    'phone:home'  => 'homePhone',
    'phone:work'  => 'telephoneNumber',
    'phone:mobile' => 'mobile',
    'phone:pager' => 'pager',
    'phone:workfax' => 'facsimileTelephoneNumber',
    'street'      => 'street',
    'zipcode'     => 'postalCode',
    'region'      => 'st',
    'locality'    => 'l',
    // if you country is a complex object, you need to configure 'sub_fields' below
    'country'      => 'c',
    'organization' => 'o',
    'department'   => 'ou',
    'jobtitle'     => 'title',
    'notes'        => 'description',
    'photo'        => 'jpegPhoto',
    // these currently don't work:
    // 'manager'       => 'manager',
    // 'assistant'     => 'secretary',
  ),
  'sort'           => 'cn',         // The field to sort the listing by.
  'scope'          => 'sub',        // search mode: sub|base|list
  'filter'         => '(mail=*)',      // used for basic listing (if not empty) and will be &'d with search queries. example: status=act
  'fuzzy_search'   => true,         // server allows wildcard search
  'vlv'            => false,        // Enable Virtual List View to more efficiently fetch paginated data (if server supports it)
  'vlv_search'     => false,        // Use Virtual List View functions for autocompletion searches (if server supports it)
  'numsub_filter'  => '(objectClass=organizationalUnit)',   // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting
  'config_root_dn' => 'cn=config',  // Root DN to search config entries (e.g. vlv indexes)
  'sizelimit'      => '0',          // Enables you to limit the count of entries fetched. Setting this to 0 means no limit.
  'timelimit'      => '0',          // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit.
  'referrals'      => false,        // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups
  'dereference'    => 0,            // Sets the LDAP_OPT_DEREF option. One of: LDAP_DEREF_NEVER, LDAP_DEREF_SEARCHING, LDAP_DEREF_FINDING, LDAP_DEREF_ALWAYS
                                    // Used where addressbook contains aliases to objects elsewhere in the LDAP tree.

);

# service apache2 restart

• This integration describes how to use Roundcube's oauth support with authentik to automatically sign into an email account
• Configuration: OAuth2 - roundcube/roundcubemail Wiki
• Configuration: OAuth2
• [SOLVED] Keycloak and Roundcube problem

debian12# cat /var/lib/roundcube/config/config.inc.php

...
$config['oauth_provider'] = 'generic';
$config['oauth_provider_name'] = 'Keycloak corp13';
$config['oauth_client_id'] = "any-client";
$config['oauth_client_secret'] = "anystring";
$config['oauth_auth_uri'] = "https://keycloak.corp13.un/realms/corp13/protocol/openid-connect/auth";
$config['oauth_token_uri'] = "https://keycloak.corp13.un/realms/corp13/protocol/openid-connect/token";
$config['oauth_identity_uri'] = "https://keycloak.corp13.un/realms/corp13/protocol/openid-connect/userinfo";
$config['oauth_verify_peer'] = false;
$config['oauth_scope'] = "email profile openid";
$config['oauth_auth_parameters'] = [];
$config['oauth_identity_fields'] = ['preferred_username'];
$config['oauth_login_redirect'] = false;
$config['login_password_maxlen'] = 4096;

debian12# cat /usr/share/roundcube/program/include/rcmail_oauth.php

...
         //$oauth_token_uri     = $this->options['token_uri'];
         //$oauth_client_id     = $this->options['client_id'];
         //$oauth_client_secret = $this->options['client_secret'];
         //$oauth_identity_uri  = $this->options['identity_uri'];

       $oauth_token_uri     = "https://keycloak.corp13.un/realms/corp13/protocol/openid-connect/token";
       $oauth_client_id     = "any-client";
       $oauth_client_secret = "anystring";
       $oauth_identity_uri  = "https://keycloak.corp13.un/realms/corp13/protocol/openid-connect/userinfo";
...

• Сервер dovecot OAuth аутентификация

• Internationalization
• Сервис HTTP, управление модулями http сервера (Модуль php)

[server:~] # pkg install squirrelmail

[server:~] # cd /usr/local/www/squirrelmail && ./configure

“2. Server Settings” → “1. Domain” → corpX.un

“3. Folder Defaults”

“10. Languages” → “1. Default Language” → ru_UA

[server:~] # cat /usr/local/etc/apache2?/httpd.conf

...
<IfModule alias_module>

    Alias /mail /usr/local/www/squirrelmail
    <Directory /usr/local/www/squirrelmail>
         Require all granted
    </Directory>
...

• Локализация окружения

root@server:~# apt install squirrelmail

root@server:~# /usr/sbin/squirrelmail-configure

“2. Server Settings” → “1. Domain” → corpX.un

“3. Folder Defaults”

“10. Languages” → “1. Default Language” → ru_RU

root@server:~# cat /etc/apache2/sites-available/*default.conf

...
     Alias /mail /usr/share/squirrelmail
...

# cd /usr/ports/mail/openwebmail

# make install clean

# wget http://openwebmail.org/openwebmail/download/debian/owm2.53-2.deb

# dpkg -i owm2.53-2.deb

# apt-get install openwebmail

# apt-get -f install

Проверка:

http://server.corpX.un/cgi-bin/openwebmail/openwebmail.pl