User Tools
web_интерфейс_к_почте
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
web_интерфейс_к_почте [2021/10/12 17:04] val [roundcube] |
web_интерфейс_к_почте [2024/02/16 10:34] (current) val [Roundcube] |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| ===== Web интерфейс к протоколу imap4 ===== | ===== Web интерфейс к протоколу imap4 ===== | ||
| - | ==== roundcube ==== | + | ==== Roundcube ==== |
| * [[https://github.com/roundcube/roundcubemail/blob/master/config/defaults.inc.php|roundcubemail/config/defaults.inc.php]] | * [[https://github.com/roundcube/roundcubemail/blob/master/config/defaults.inc.php|roundcubemail/config/defaults.inc.php]] | ||
| * [[https://unix.stackexchange.com/questions/108611/how-to-set-the-default-domain-for-a-new-roundcube-webmail-user|How to set the default domain for a new Roundcube webmail user?]] | * [[https://unix.stackexchange.com/questions/108611/how-to-set-the-default-domain-for-a-new-roundcube-webmail-user|How to set the default domain for a new Roundcube webmail user?]] | ||
| + | |||
| + | === Базовая конфигурация === | ||
| + | |||
| * [[Сервис MySQL]] | * [[Сервис MySQL]] | ||
| * [[Сервис MTA#Настройка MTA на релеинг почты на основе аутентификации]] | * [[Сервис MTA#Настройка MTA на релеинг почты на основе аутентификации]] | ||
| Line 25: | Line 28: | ||
| Alias /mail /var/lib/roundcube | Alias /mail /var/lib/roundcube | ||
| ... | ... | ||
| - | </code><code> | + | </code> |
| + | |||
| + | === Roundcube LDAP Addressbook === | ||
| + | |||
| + | * [[http://www.productionmonkeys.net/guides/qmail-server/addons/ldap-addressbook/roundcube-ldap-addressbook|Roundcube LDAP Addressbook]] | ||
| + | |||
| + | <code> | ||
| # apt install php-net-ldap3 | # apt install php-net-ldap3 | ||
| Line 33: | Line 42: | ||
| $config['ldap_public']['ldap'] = array( | $config['ldap_public']['ldap'] = array( | ||
| 'name' => 'Global Addresses', | 'name' => 'Global Addresses', | ||
| - | 'hosts' => array('server.corp13.un'), | + | 'hosts' => array('server.corpX.un'), |
| + | // 'hosts' => array('server2.corpX.un'), | ||
| 'port' => 389, | 'port' => 389, | ||
| 'use_tls' => false, | 'use_tls' => false, | ||
| Line 39: | Line 49: | ||
| 'network_timeout' => 10, // The timeout (in seconds) for connect + bind arrempts. This is only supported in PHP >= 5.3.0 with OpenLDAP 2.x | 'network_timeout' => 10, // The timeout (in seconds) for connect + bind arrempts. This is only supported in PHP >= 5.3.0 with OpenLDAP 2.x | ||
| 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. | 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. | ||
| - | 'base_dn' => 'ou=People,dc=corp13,dc=un', | + | |
| + | // 'base_dn' => 'ou=People,dc=corpX,dc=un', | ||
| + | |||
| + | 'base_dn' => 'cn=Users,dc=corpX,dc=un', | ||
| + | // 'base_dn' => 'dc=corpX,dc=un', | ||
| + | 'bind_dn' => 'cn=Administrator,cn=Users,dc=corpX,dc=un', | ||
| + | 'bind_pass' => 'Pa$$w0rd', | ||
| 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' | 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' | ||
| 'fieldmap' => array( | 'fieldmap' => array( | ||
| Line 70: | Line 87: | ||
| 'sort' => 'cn', // The field to sort the listing by. | 'sort' => 'cn', // The field to sort the listing by. | ||
| 'scope' => 'sub', // search mode: sub|base|list | 'scope' => 'sub', // search mode: sub|base|list | ||
| - | 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act | + | 'filter' => '(mail=*)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act |
| 'fuzzy_search' => true, // server allows wildcard search | 'fuzzy_search' => true, // server allows wildcard search | ||
| 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) | 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) | ||
| Line 83: | Line 100: | ||
| ); | ); | ||
| + | </code><code> | ||
| + | # service apache2 restart | ||
| + | </code> | ||
| + | === OpenID аутентификация === | ||
| + | |||
| + | * [[https://goauthentik.io/integrations/services/roundcube/|This integration describes how to use Roundcube's oauth support with authentik to automatically sign into an email account]] | ||
| + | * [[https://github-wiki-see.page/m/roundcube/roundcubemail/wiki/Configuration:-OAuth2|Configuration: OAuth2 - roundcube/roundcubemail Wiki]] | ||
| + | * [[https://github.com/roundcube/roundcubemail/wiki/Configuration:-OAuth2|Configuration: OAuth2]] | ||
| + | * [[https://www.roundcubeforum.net/index.php?topic=29984.0|[SOLVED] Keycloak and Roundcube problem]] | ||
| + | |||
| + | <code> | ||
| + | debian12# cat /var/lib/roundcube/config/config.inc.php | ||
| + | </code><code> | ||
| + | ... | ||
| + | $config['oauth_provider'] = 'generic'; | ||
| + | $config['oauth_provider_name'] = 'Keycloak corp13'; | ||
| + | $config['oauth_client_id'] = "any-client"; | ||
| + | $config['oauth_client_secret'] = "anystring"; | ||
| + | $config['oauth_auth_uri'] = "https://keycloak.corp13.un/realms/corp13/protocol/openid-connect/auth"; | ||
| + | $config['oauth_token_uri'] = "https://keycloak.corp13.un/realms/corp13/protocol/openid-connect/token"; | ||
| + | $config['oauth_identity_uri'] = "https://keycloak.corp13.un/realms/corp13/protocol/openid-connect/userinfo"; | ||
| + | $config['oauth_verify_peer'] = false; | ||
| + | $config['oauth_scope'] = "email profile openid"; | ||
| + | $config['oauth_auth_parameters'] = []; | ||
| + | $config['oauth_identity_fields'] = ['preferred_username']; | ||
| + | $config['oauth_login_redirect'] = false; | ||
| + | $config['login_password_maxlen'] = 4096; | ||
| + | </code><code> | ||
| + | debian12# cat /usr/share/roundcube/program/include/rcmail_oauth.php | ||
| + | </code><code> | ||
| + | ... | ||
| + | //$oauth_token_uri = $this->options['token_uri']; | ||
| + | //$oauth_client_id = $this->options['client_id']; | ||
| + | //$oauth_client_secret = $this->options['client_secret']; | ||
| + | //$oauth_identity_uri = $this->options['identity_uri']; | ||
| + | |||
| + | $oauth_token_uri = "https://keycloak.corp13.un/realms/corp13/protocol/openid-connect/token"; | ||
| + | $oauth_client_id = "any-client"; | ||
| + | $oauth_client_secret = "anystring"; | ||
| + | $oauth_identity_uri = "https://keycloak.corp13.un/realms/corp13/protocol/openid-connect/userinfo"; | ||
| + | ... | ||
| </code> | </code> | ||
| + | |||
| + | * Сервер dovecot [[Сервер dovecot#OAuth аутентификация]] | ||
| + | |||
| + | ===== Дополнительные материалы ===== | ||
| ==== squirrelmail ==== | ==== squirrelmail ==== | ||
| Line 139: | Line 201: | ||
| </code> | </code> | ||
| - | |||
| - | |||
| - | ===== Дополнительные материалы ===== | ||
| ==== Web интерфейс к почтовым ящикам формата mbox и к протоколу pop3 (пакет openwebmail) ==== | ==== Web интерфейс к почтовым ящикам формата mbox и к протоколу pop3 (пакет openwebmail) ==== | ||
web_интерфейс_к_почте.1634047478.txt.gz · Last modified: 2021/10/12 17:04 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
