User Tools

Site Tools


web_интерфейс_к_почте

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
web_интерфейс_к_почте [2020/08/28 08:42]
val [roundcube]
web_интерфейс_к_почте [2024/02/16 10:34] (current)
val [Roundcube]
Line 3: Line 3:
 ===== Web интерфейс к протоколу imap4 ===== ===== Web интерфейс к протоколу imap4 =====
  
-==== roundcube ====+==== Roundcube ==== 
 + 
 +  * [[https://​github.com/​roundcube/​roundcubemail/​blob/​master/​config/​defaults.inc.php|roundcubemail/​config/​defaults.inc.php]] 
 +  * [[https://​unix.stackexchange.com/​questions/​108611/​how-to-set-the-default-domain-for-a-new-roundcube-webmail-user|How to set the default domain for a new Roundcube webmail user?]] 
 + 
 +==Базовая конфигурация ​===
  
   * [[Сервис MySQL]]   * [[Сервис MySQL]]
Line 15: Line 20:
 ... ...
 $config['​default_host'​] = '​localhost';​ $config['​default_host'​] = '​localhost';​
 +$rcmail_config['​mail_domain'​] = '​corpX.un';​
 ... ...
 </​code><​code>​ </​code><​code>​
Line 20: Line 26:
 </​code><​code>​ </​code><​code>​
 ... ...
-     Alias /roundcube ​/​var/​lib/​roundcube+     Alias /mail /​var/​lib/​roundcube
 ... ...
 </​code>​ </​code>​
 +
 +=== Roundcube LDAP Addressbook ===
 +
 +  * [[http://​www.productionmonkeys.net/​guides/​qmail-server/​addons/​ldap-addressbook/​roundcube-ldap-addressbook|Roundcube LDAP Addressbook]]
 +
 +<​code>​
 +# apt install php-net-ldap3
 +
 +# cat /​var/​lib/​roundcube/​config/​config.inc.php
 +</​code><​code>​
 +...
 +$config['​ldap_public'​]['​ldap'​] = array(
 +  '​name' ​         => '​Global Addresses',​
 +  '​hosts' ​        => array('​server.corpX.un'​),​
 +//  '​hosts' ​        => array('​server2.corpX.un'​),​
 +  '​port' ​         => 389,
 +  '​use_tls' ​      => false,
 +  '​ldap_version' ​ => 3,       // using LDAPv3
 +  '​network_timeout'​ => 10,    // The timeout (in seconds) for connect + bind arrempts. This is only supported in PHP >= 5.3.0 with OpenLDAP 2.x
 +  '​user_specific'​ => false, ​  // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login.
 +
 +//  '​base_dn' ​      => '​ou=People,​dc=corpX,​dc=un',​
 +
 +  '​base_dn' ​      => '​cn=Users,​dc=corpX,​dc=un',​
 +//  '​base_dn' ​      => '​dc=corpX,​dc=un',​
 +  '​bind_dn' ​      => '​cn=Administrator,​cn=Users,​dc=corpX,​dc=un',​
 +  '​bind_pass' ​    => '​Pa$$w0rd',​
 +
 +  '​search_filter' ​ => '', ​  // e.g. '​(&​(objectClass=posixAccount)(uid=%u))'​
 +  '​fieldmap'​ => array(
 +    // Roundcube ​ => LDAP:limit
 +    '​name' ​       => '​cn',​
 +    '​surname' ​    => '​sn',​
 +    '​firstname' ​  => '​givenName',​
 +    '​jobtitle' ​   => '​title',​
 +    '​email' ​      => '​mail:​*',​
 +    '​phone:​home' ​ => '​homePhone',​
 +    '​phone:​work' ​ => '​telephoneNumber',​
 +    '​phone:​mobile'​ => '​mobile',​
 +    '​phone:​pager'​ => '​pager',​
 +    '​phone:​workfax'​ => '​facsimileTelephoneNumber',​
 +    '​street' ​     => '​street',​
 +    '​zipcode' ​    => '​postalCode',​
 +    '​region' ​     => '​st',​
 +    '​locality' ​   => '​l',​
 +    // if you country is a complex object, you need to configure '​sub_fields'​ below
 +    '​country' ​     => '​c',​
 +    '​organization'​ => '​o',​
 +    '​department' ​  => '​ou',​
 +    '​jobtitle' ​    => '​title',​
 +    '​notes' ​       => '​description',​
 +    '​photo' ​       => '​jpegPhoto',​
 +    // these currently don't work:
 +    // '​manager' ​      => '​manager',​
 +    // '​assistant' ​    => '​secretary',​
 +  ),
 +  '​sort' ​          => '​cn', ​        // The field to sort the listing by.
 +  '​scope' ​         => '​sub', ​       // search mode: sub|base|list
 +  '​filter' ​        => '​(mail=*)', ​     // used for basic listing (if not empty) and will be &'​d with search queries. example: status=act
 +  '​fuzzy_search' ​  => true,         // server allows wildcard search
 +  '​vlv' ​           => false, ​       // Enable Virtual List View to more efficiently fetch paginated data (if server supports it)
 +  '​vlv_search' ​    => false, ​       // Use Virtual List View functions for autocompletion searches (if server supports it)
 +  '​numsub_filter' ​ => '​(objectClass=organizationalUnit)', ​  // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting
 +  '​config_root_dn'​ => '​cn=config', ​ // Root DN to search config entries (e.g. vlv indexes)
 +  '​sizelimit' ​     => '​0', ​         // Enables you to limit the count of entries fetched. Setting this to 0 means no limit.
 +  '​timelimit' ​     => '​0', ​         // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit.
 +  '​referrals' ​     => false, ​       // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups
 +  '​dereference' ​   => 0,            // Sets the LDAP_OPT_DEREF option. One of: LDAP_DEREF_NEVER,​ LDAP_DEREF_SEARCHING,​ LDAP_DEREF_FINDING,​ LDAP_DEREF_ALWAYS
 +                                    // Used where addressbook contains aliases to objects elsewhere in the LDAP tree.
 +
 +);
 +</​code><​code>​
 +# service apache2 restart
 +</​code>​
 +
 +=== OpenID аутентификация ===
 +
 +  * [[https://​goauthentik.io/​integrations/​services/​roundcube/​|This integration describes how to use Roundcube'​s oauth support with authentik to automatically sign into an email account]]
 +  * [[https://​github-wiki-see.page/​m/​roundcube/​roundcubemail/​wiki/​Configuration:​-OAuth2|Configuration:​ OAuth2 - roundcube/​roundcubemail Wiki]]
 +  * [[https://​github.com/​roundcube/​roundcubemail/​wiki/​Configuration:​-OAuth2|Configuration:​ OAuth2]]
 +  * [[https://​www.roundcubeforum.net/​index.php?​topic=29984.0|[SOLVED] Keycloak and Roundcube problem]]
 +
 +<​code>​
 +debian12# cat /​var/​lib/​roundcube/​config/​config.inc.php
 +</​code><​code>​
 +...
 +$config['​oauth_provider'​] = '​generic';​
 +$config['​oauth_provider_name'​] = '​Keycloak corp13';​
 +$config['​oauth_client_id'​] = "​any-client";​
 +$config['​oauth_client_secret'​] = "​anystring";​
 +$config['​oauth_auth_uri'​] = "​https://​keycloak.corp13.un/​realms/​corp13/​protocol/​openid-connect/​auth";​
 +$config['​oauth_token_uri'​] = "​https://​keycloak.corp13.un/​realms/​corp13/​protocol/​openid-connect/​token";​
 +$config['​oauth_identity_uri'​] = "​https://​keycloak.corp13.un/​realms/​corp13/​protocol/​openid-connect/​userinfo";​
 +$config['​oauth_verify_peer'​] = false;
 +$config['​oauth_scope'​] = "email profile openid";​
 +$config['​oauth_auth_parameters'​] = [];
 +$config['​oauth_identity_fields'​] = ['​preferred_username'​];​
 +$config['​oauth_login_redirect'​] = false;
 +$config['​login_password_maxlen'​] = 4096;
 +</​code><​code>​
 +debian12# cat /​usr/​share/​roundcube/​program/​include/​rcmail_oauth.php
 +</​code><​code>​
 +...
 +         //​$oauth_token_uri ​    = $this->​options['​token_uri'​];​
 +         //​$oauth_client_id ​    = $this->​options['​client_id'​];​
 +         //​$oauth_client_secret = $this->​options['​client_secret'​];​
 +         //​$oauth_identity_uri ​ = $this->​options['​identity_uri'​];​
 +
 +       ​$oauth_token_uri ​    = "​https://​keycloak.corp13.un/​realms/​corp13/​protocol/​openid-connect/​token";​
 +       ​$oauth_client_id ​    = "​any-client";​
 +       ​$oauth_client_secret = "​anystring";​
 +       ​$oauth_identity_uri ​ = "​https://​keycloak.corp13.un/​realms/​corp13/​protocol/​openid-connect/​userinfo";​
 +...
 +</​code>​
 +
 +  * Сервер dovecot [[Сервер dovecot#​OAuth аутентификация]]
 +
 +===== Дополнительные материалы =====
 +
 ==== squirrelmail ==== ==== squirrelmail ====
  
Line 76: Line 201:
 </​code>​ </​code>​
  
- 
- 
-===== Дополнительные материалы ===== 
  
 ==== Web интерфейс к почтовым ящикам формата mbox и к протоколу pop3 (пакет openwebmail) ==== ==== Web интерфейс к почтовым ящикам формата mbox и к протоколу pop3 (пакет openwebmail) ====
web_интерфейс_к_почте.1598593320.txt.gz · Last modified: 2020/08/28 08:42 by val