Baixe o pacote phamm-0.5.18.tar.gz de:
Descompacte:
# tar xvzf phpamm-0.5.18.tar.gz
Copie todos os schemas do diretório /schema após ter descompactado para /etc/openldap/schema.
Copie alguns schemas adicionais de
http://open.rhx.it/phamm/schema/ para /etc/openldap/schema.
Você irá precisar dos seguintes schemas:
phamm.schema, perversia.net.schema, ISPEnv2.schema, amavis.schema, pureftpd.schema,samba.schema,dnsdomain2.schema
Copie o conteúdo descompactado para o diretório raiz do webserver (ex.: /var/www/html/phamm - eu sugiro /var/www/html/admin).
Construa seu arquivo de configuração do openldap (slapd.conf) parecido com o exemplo fornecido.
Para gerar um novo hash de password do rootdn use, copiando e colando a saída para o slapd.conf.
# slappasswd
Configuração inicial da database:
# cp /usr/share/doc/openldap-servers-2.4.15/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
# chown ldap:ldap /var/lib/ldap/DB_CONFIG
# chmod 600 /var/lib/ldap/DB_CONFIG
/etc/openldap/slapd.conf:
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
#include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
#include /etc/openldap/schema/duaconf.schema
#include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
#include /etc/openldap/schema/java.schema
#include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
#include /etc/openldap/schema/ppolicy.schema
#include /etc/openldap/schema/collective.schema
include /etc/openldap/schema/phamm.schema
include /etc/openldap/schema/ISPEnv2.schema
include /etc/openldap/schema/amavis.schema
include /etc/openldap/schema/dnsdomain2.schema
include /etc/openldap/schema/pureftpd.schema
include /etc/openldap/schema/samba.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
# modulepath /usr/lib/openldap # or /usr/lib64/openldap
# moduleload accesslog.la
# moduleload auditlog.la
# moduleload back_sql.la
# moduleload denyop.la
# moduleload dyngroup.la
# moduleload dynlist.la
# moduleload lastmod.la
# moduleload pcache.la
# moduleload ppolicy.la
# moduleload refint.la
# moduleload retcode.la
# moduleload rwm.la
# moduleload syncprov.la
# moduleload translucent.la
# moduleload unique.la
# moduleload valsort.la
# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it. Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
access to dn.one="dc=example,dc=tld"
by self write
by users read
by anonymous auth
access to * by dn.exact,expand="cn=postmaster,vd=$1,o=hosting,dc=example,dc=tld" write
by * write
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=example,dc=tld"
checkpoint 1024 15
rootdn "cn=admin,dc=example,dc=tld"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}hz1xghfgh4FiTpTZHSVfY7L5sgObSaiFk
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain for this database
# index objectClass eq,pres
# index ou,cn,mail,surname,givenname eq,pres,sub
# index uidNumber,gidNumber,loginShell eq,pres
# index uid,memberUid eq,pres,sub
# index nisMapName,nisMapEntry eq,pres,sub
# specific for mail
index objectClass eq
index cn,mail,givenname eq,subinitial
index vd,delete eq,pres
index accountActive,forwardActive eq,pres
index smtpAuth eq,pres
index associatedDomain pres,eq,sub
index aAAARecord pres,eq
index aRecord pres,eq
index sn,displayName pres,eq,sub
index uid,uidNumber,gidNumber,memberUid eq
index default sub
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com@EXAMPLE.COM
# enable monitoring
database monitor
# allow onlu rootdn to read the monitor
#access to *
# by dn.exact="cn=Manager,dc=my-domain,dc=com" read
# by * none
Copie o arquivo config.inc.example.php para config.inc.php, ele deve se parecer com o exemplo abaixo, está localizado no diretório root do phamm.
<?php
/*
* Phamm - http://www.phamm.org - <team AT phamm DOT org>
* Copyright (C) 2004,2008 Alessandro De Zorzi and Mirko Grava
* Project sponsored by RHX Studio Snc - www.rhx.it
*
* Phamm is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* Phamm is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
* The main Phamm config file
*
* @package Phamm
* @subpackage configuration
* @author Alessandro De Zorzi <adezorzi AT rhx DOT it>
**/
// *============================*
// *=== LDAP Server Settings ===*
// *============================*
// The server address (To use ldapssl change to ldaps://localhost)
define ('LDAP_HOST_NAME','localhost');
// The protocol version [2,3]
define ('LDAP_PROTOCOL_VERSION','3');
// The server port (To use ldapssl change to 636)
define ('LDAP_PORT','389');
// Set LDAP_TLS to 1 if you want to use TLS
define ('LDAP_TLS',0);
// The container
define ('SUFFIX','dc=example,dc=tld');
// The admin bind dn (could be rootdn)
define ('BINDDN','cn=admin,dc=example,dc=tld');
// The Phamm container
define ('LDAP_BASE','o=hosting,dc=example,dc=tld');
// *============================*
// *=== Layout Settings ===*
// *============================*
// Page title
define('ORG_TITLE','Phamm');
// URL
define('ORG_URL','http://www.phamm.org');
// Logo
define('ORG_LOGO', './img/phamm_100.png');
// CSS Style
$style = 'phamm';
// Default language
define ('DEFAULT_LANGUAGE','en_GB');
// The languages available
$supported_languages = array();
$supported_languages["de_DE"] = "Deutsch";
$supported_languages["en_GB"] = "English";
$supported_languages["es_ES"] = "Español";
$supported_languages["fr_FR"] = "French";
$supported_languages["hu_HU"] = "Hungarian";
$supported_languages["it_IT"] = "Italiano";
$supported_languages["pl_PL"] = "Polish";
$supported_languages["ru_RU"] = "Russian";
$supported_languages["vi_VN"] = "Tiếng Việt"; // Vietnamese
$supported_languages["da_DK"] = "Dansk"; // Danish
// $supported_languages["ll_CC"] = "Your language here";
// This TLDs menu
$tld = array();
$tld[] = ".com";
$tld[] = ".org";
$tld[] = ".net";
// $tld[] = ".biz";
// $tld[] = ".info";
// $tld[] = ".eu";
// $tld[] = ".it";
// $tld[] = ".fr";
// $tld[] = ".de";
// *============================*
// *=== Plugins Settings ===*
// *============================*
// The default plugin
define ('DEFAULT_PLUGIN','mail');
// This array contains the active plugins
// NOTE the display order reflect this order
$plugins = array();
$plugins[] = "mail";
$plugins[] = "alias";
//$plugins[] = "dns";
//$plugins[] = "ftp";
//$plugins[] = "proxy";
//$plugins[] = "radius";
//$plugins[] = "radius_stats";
//$plugins[] = "rates";
//$plugins[] = "person";
//$plugins[] = "jabber";
//$plugins[] = "davical";
// Account can be mail OR alias
$plugins_exclusion = array("mail","alias");
// *============================*
// *=== System Settings ===*
// *============================*
// Phamm Version (+ indicate a CVS version)
define ('VERSION','0.5.18');
// Useful if you want hide the version [0,1]
define ('HIDE_VERSION',0);
// Useful if you wish force SSL through PHP [0,1]
define ('FORCE_SSL',0);
// Min password length
define ('PASSWORD_MIN_LENGHT',3);
// Seconds after refresh page
define ('REFRESH_TIME',1);
// A Domain administrator (example: postmaster)
define ('PHAMM_DOMAIN_ADMIN_NAME','postmaster');
// Welcome message
define ('SEND_WELCOME',0);
$welcome_msg = '../welcome_message.txt';
$welcome_subject = 'Welcome!';
# $welcome_sender = 'postmaster@localhost';
# $welcome_bcc = 'postmaster@localhost';
// *============================*
// *=== Advanced Settings ===*
// *============================*
// Debug level [0,1]
define ('DEBUG',0);
// PHP Error Level [0,1,2,10]
define ('ERROR_LEVEL',2);
// Log level 0->don't log [0,1,2]
define ('PHAMM_LOG',0);
// Log file path
define ('LOG_FILE','/var/log/phamm.log');
// Standard LDAP encryption type [CRYPT,MD5,CLEAR]
define ('ENC_TYPE','CRYPT');
// Permit login without @domain (use it with carefull)
// define ('DEFAULT_DOMAIN','example.tld');
?>
Inicie o ldap (service ldap start) ou (service slapd start). Para o Fedora 12 em diante, você deve fazer o backward compatibility (mv /etc/openldap/slapd.d /etc/openldap/disabled).
Popule as base conforme os ldifs fornecidos nos exemplos do phamm.
# ldapadd -v -x -D "cn=admin,dc=example,dc=tld" -W -h localhost -f examples/ldif/sample-main.ldif
# ldapadd -v -x -D "cn=admin,dc=example,dc=tld" -W -h localhost -f examples/ldif/sample-mail.ldif
Tente acessar através de um browser o phamm no servidor acessando o diretório /phamm no diretório root do apache.
Tente logar-se usando usuário admin com a senha que você criou.
Neste momento você já deve poder criar domínios e contas de emails através do phamm, se não puder, comece tudo novamente pois existe algo de errado.
OPCIONAL - Você pode instalar o phpldapadmin para visualizar seu diretório ldap (yum install phpldapadmin) Atenção! Use o phpldapadmin somente para debug, ou seja, visualizar em detalhes sua base ldap. Nunca use o phpldapadmin para gerenciar as contas e domínios de seu mail server, para isso, deixe o phamm fazer seu trabalho.