Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
centos:mail_c6:horde_9 [10.06.2013 15:33. ] – angelegt django | centos:mail_c6:horde_9 [20.04.2018 10:41. ] (aktuell) – Externe Bearbeitung 127.0.0.1 | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
+ | ====== Horde Passwortänderungen: | ||
+ | Als erste [[http:// | ||
+ | Informationen zu Installation und Konfiguration findet man auch auf der offiziellen [[http:// | ||
+ | |||
+ | ===== Installation ===== | ||
+ | Wie auch schon bei der [[centos: | ||
+ | |||
+ | Das Programmpaket holen wir und nun erst einmal auf unseren Web-Server. | ||
+ | # pear install -a -B horde/ | ||
+ | |||
+ | < | ||
+ | downloading passwd-5.0.0.tgz ... | ||
+ | Starting to download passwd-5.0.0.tgz (1,116,754 bytes) | ||
+ | .........................done: | ||
+ | install ok: channel:// | ||
+ | </ | ||
+ | |||
+ | ===== vorbereitende Konfiguration ===== | ||
+ | Die Konfiguration des Moduls **Passwd** erfolgt, wie auch bereits bei der Grundkonfiguration des Horde-Frameworks, | ||
+ | Zunächst kopieren wir uns die Vorlagedateien, | ||
+ | # cp -a / | ||
+ | Anschließend legen wir noch die besagte Backup-Datei für die Konfiguration an. | ||
+ | # touch / | ||
+ | |||
+ | Zum Schluß weisen wir noch die Datei und Besitzrechte für die Konfigurationsdatei- und dessen Verzeichnis zu. | ||
+ | # chown -R root:apache / | ||
+ | |||
+ | # chmod g+w -R / | ||
+ | |||
+ | |||
+ | ===== Konfiguration des Backend-Server-Anbindung ===== | ||
+ | Neben der Konfiguration der Anwendung selbst, müssen wir der Anwendung **IMP** auch noch mitteilen, wie es sich zum **MDA**((**M**ail **D**elivery **S**ystem)) also unserem IMAP-Server verbinden soll. | ||
+ | |||
+ | Bei diesem Konfigurationsbeispiel gehen wir von einem [[centos: | ||
+ | |||
+ | <WRAP round tip>Die mitgelieferte Konfigurationsdatei **backends.php** lassen wir unangetastet. Die Konfiguration nehmen wir über die zuvor kopierte Datei **backends.local.php** vor.</ | ||
+ | |||
+ | Hier eaktivieren wir nun den ersten Standardeintrag und konfigurieren die Passwortdetails, | ||
+ | # vim / | ||
+ | |||
+ | <file php / | ||
+ | /** | ||
+ | * This file provides defaults for backends people use to change their | ||
+ | * passwords. | ||
+ | * | ||
+ | * IMPORTANT: DO NOT EDIT THIS FILE! | ||
+ | * Local overrides MUST be placed in backends.local.php or backends.d/ | ||
+ | * If the ' | ||
+ | * use backends-servername.php. | ||
+ | * | ||
+ | * Properties that can be set for each server: | ||
+ | * =========================================== | ||
+ | * | ||
+ | * disabled: (boolean) If true, the config entry is disabled. | ||
+ | * | ||
+ | * name: (string) This is the plaintext name displayed if using the server | ||
+ | | ||
+ | * | ||
+ | * driver: The driver used to change the password. Valid drivers: | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | * | ||
+ | | ||
+ | | ||
+ | * | ||
+ | * policy: (array) The password policies for this backend. You are responsible | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | * | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | * | ||
+ | | ||
+ | | ||
+ | | ||
+ | * | ||
+ | * logout: (boolean) If true, this backend changes the password associated | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | * | ||
+ | * params: (array) Additional information that a driver needs. See examples | ||
+ | | ||
+ | * | ||
+ | * preferred: (string) Useful if you want to use the same backend.php file | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | */ | ||
+ | |||
+ | $backends[' | ||
+ | // Django : 2013-06-10 | ||
+ | // default: ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | // Django : 2013-06-10 | ||
+ | // default: ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ); | ||
+ | |||
+ | $backends[' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ' | ||
+ | $GLOBALS[' | ||
+ | array( | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ) | ||
+ | ), | ||
+ | ); | ||
+ | |||
+ | $backends[' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ); | ||
+ | |||
+ | $backends[' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ); | ||
+ | |||
+ | $backends[' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ); | ||
+ | |||
+ | $backends[' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ); | ||
+ | |||
+ | $backends[' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ); | ||
+ | |||
+ | // NOTE: to set the ldap userdn, see horde/ | ||
+ | $backends[' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | // LDAP object key attribute. | ||
+ | ' | ||
+ | // The attribute storing the password. | ||
+ | ' | ||
+ | // These attributes will enable shadow password policies. | ||
+ | // ' | ||
+ | // ' | ||
+ | // This will be appended to the username when looking for the userdn. | ||
+ | ' | ||
+ | // Use this filter when searching for the user's DN. | ||
+ | ' | ||
+ | // Hash method to use when storing the password | ||
+ | ' | ||
+ | // Whether to enable TLS for this LDAP connection | ||
+ | // Note: make sure that the host matches cn in the server certificate. | ||
+ | ' | ||
+ | // Determine the user's DN. %u will be replaced by the user's ID. | ||
+ | //' | ||
+ | ), | ||
+ | ); | ||
+ | |||
+ | // NOTE: to set the ldap userdn, see horde/ | ||
+ | $backends[' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | // LDAP object key attribute. | ||
+ | ' | ||
+ | // The attribute storing the password. | ||
+ | ' | ||
+ | // These attributes will enable shadow password policies. | ||
+ | // ' | ||
+ | // ' | ||
+ | // This will be appended to the username when looking for the userdn. | ||
+ | ' | ||
+ | // Use this filter when searching for the user's DN. | ||
+ | ' | ||
+ | // Hash method to use when storing the password | ||
+ | ' | ||
+ | // If set, should be 0 or 1. See the LDAP documentation about the | ||
+ | // corresponding parameter REFERRALS. | ||
+ | // Windows 2003 Server require to set this parameter to 0 | ||
+ | // ' | ||
+ | // Whether to enable TLS for this LDAP connection | ||
+ | // Note: make sure that the host matches cn in the server certificate. | ||
+ | ' | ||
+ | ), | ||
+ | ); | ||
+ | |||
+ | // NOTE: to set the ldap userdn, see horde/ | ||
+ | // NOTE: to make work with samba 2.x schema you must change lm_attribute and | ||
+ | // nt_attribute | ||
+ | $backends[' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | // LDAP object key attribute. | ||
+ | ' | ||
+ | // The attribute storing the password. | ||
+ | ' | ||
+ | // This will be appended to the username when looking for the userdn. | ||
+ | ' | ||
+ | // Use this filter when searching for the user's DN. | ||
+ | ' | ||
+ | // Hash method to use when storing the password | ||
+ | ' | ||
+ | // Whether to enable TLS for this LDAP connection | ||
+ | // Note: make sure that the host matches cn in the server certificate. | ||
+ | ' | ||
+ | // Determine the user's DN. %u will be replaced by the user's ID. | ||
+ | //' | ||
+ | // If any of the following attributes are commented out, they | ||
+ | // won't be set on the LDAP server. | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | // The number of days until samba passwords expire. If this | ||
+ | // is commented out, passwords will never expire. | ||
+ | ' | ||
+ | ), | ||
+ | ); | ||
+ | |||
+ | $backends[' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | // The following two settings allow you to specify custom queries for | ||
+ | // lookup and modify functions if special functions need to be | ||
+ | // performed. | ||
+ | // used, refer to this placeholder reference: | ||
+ | // %d -> gets substituted with the domain | ||
+ | // %u -> gets substituted with the user | ||
+ | // %U -> gets substituted with the user without a domain part | ||
+ | // %p -> gets substituted with the plaintext password | ||
+ | // %e -> gets substituted with the encrypted password | ||
+ | // | ||
+ | // ' | ||
+ | // ' | ||
+ | ), | ||
+ | ); | ||
+ | |||
+ | $backends[' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ); | ||
+ | |||
+ | $backends[' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ); | ||
+ | |||
+ | $backends[' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ' | ||
+ | // FTP server information. | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | // Connect using the just-passed-in password? | ||
+ | ' | ||
+ | // Host string to look for in the encrypted file. | ||
+ | ' | ||
+ | ), | ||
+ | ); | ||
+ | |||
+ | $backends[' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ' | ||
+ | ); | ||
+ | |||
+ | $backends[' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ); | ||
+ | |||
+ | // This is an example configuration for the http driver. | ||
+ | // connecting to an arbitrary URL that contains a password change form. | ||
+ | // The params ' | ||
+ | // set to the name of the respective form input elements on the html form. If | ||
+ | // there are additional form fields that the form requires, define them in the | ||
+ | // ' | ||
+ | // attempts to determine the success or failure based on searching the | ||
+ | // returned html page for the values listed in the ' | ||
+ | $backends[' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ), | ||
+ | ); | ||
+ | |||
+ | $backends[' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ' | ||
+ | // If this service doesn' | ||
+ | // parameters below must be specified instead. | ||
+ | ' | ||
+ | ' | ||
+ | // This is the order of the arguments to the method specified above. | ||
+ | ' | ||
+ | // These parameters are directly passed to the SoapClient object, see | ||
+ | // http:// | ||
+ | // complete list of possible parameters. | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ), | ||
+ | ); | ||
+ | |||
+ | // This is an example configuration for Postfix.admin 2.3. | ||
+ | // Set the ' | ||
+ | // In most installations you probably only need to change the | ||
+ | // hostspec and/ | ||
+ | $backends[' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | // The following two settings allow you to specify custom queries for | ||
+ | // lookup and modify functions if special functions need to be | ||
+ | // performed. | ||
+ | // used, refer to this placeholder reference: | ||
+ | // %d -> gets substituted with the domain | ||
+ | // %u -> gets substituted with the user | ||
+ | // %U -> gets substituted with the user without a domain part | ||
+ | // %p -> gets substituted with the plaintext password | ||
+ | // %e -> gets substituted with the encrypted password | ||
+ | // | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ); | ||
+ | |||
+ | // This is an example configuration for chaining multiple drivers to allow for | ||
+ | // syncing of passwords across many backends using the composite driver as a | ||
+ | // wrapper. | ||
+ | // | ||
+ | // Each of the subdrivers may contain an optional parameter called ' | ||
+ | // that, when set to true, will cause the rest of the drivers be skipped if a | ||
+ | // particular one fails. | ||
+ | $backends[' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | // ' | ||
+ | // ' | ||
+ | ), | ||
+ | ), | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | ), | ||
+ | )), | ||
+ | ); | ||
+ | </ | ||
+ | |||
+ | Damit nun die Anwendung **Passwd** die Passwortänderung vornehmen kann ist noch eine Änderung am **[[centos: | ||
+ | |||
+ | ===== Konfiguration über die WEB-GUI ===== | ||
+ | ==== Applikation Passwd ==== | ||
+ | Die Konfiguration der Applikation **IMP** erfolgt dann über die GUI des Web-Frameworks. Dazu rufen wir unseren angelegten VHOST im Webbrowser auf. | ||
+ | $ firefox https:// | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Mit einem Klick auf das Zahnradsysmbol {{: | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Hier wählen wir den Menüpunkt **// | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Da wir die Anwendung **// | ||
+ | |||
+ | Um zur Konfiguration von **Passwd** zu gelangen, klicken wir nun auf den Punkt **Passwort (passwd)**. | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Auf dem nun zur Verfügung stehenden Reiter, erfolgt die Konfiguration der Horde-Applikation **Passwd**. | ||
+ | |||
+ | |||
+ | === Backend Settings === | ||
+ | $conf[backend][backend_list] | ||
+ | $conf[user][change] | ||
+ | $conf[user][refused] | ||
+ | $conf[password][strengthtests] | ||
+ | |||
+ | |||
+ | Am Ende unserer Konfigurationsarbeit, | ||
+ | {{: | ||
+ | Die erfolgreiche Sicherung wird uns entsprechend angezeigt. | ||
+ | {{ : | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ==== Horde Framework ==== | ||
+ | Abhängig davon, welchen Backendserver wir ansprechen wollen und werden, passen wir noch die **Authentication Settings** des Horde Framworks, über die WEB-GUI an. | ||
+ | Die Einstellungen erreichen wir wie folgt: | ||
+ | $ firefox https:// | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Mit einem Klick auf das Zahnradsysmbol {{: | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Hier wählen wir den Menüpunkt **// | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Um zur Konfiguration der **Authentication Settings** zu gelangen, klicken wir nun auf den Punkt **Horde (horde)**. | ||
+ | |||
+ | Auf dem Reiter **Authentication** passen wir nun unsere Einstellungen so an, dass Horde bei der Passwortänderung unserer Nutzer die mySQL-Datenbank von [[centos: | ||
+ | |||
+ | Die hierzu notwendigen Einstellungen haben wir bei der Definition unseres [[centos: | ||
+ | |||
+ | == Reiter Authentication == | ||
+ | **Authentication Settings** | ||
+ | |||
+ | $conf[auth][admins] | ||
+ | $conf[auth][checkip] | ||
+ | $conf[auth][checkbrowser] | ||
+ | $conf[auth][resetpassword] | ||
+ | $conf[auth][alternate_login] | ||
+ | $conf[auth][redirect_on_logout] | ||
+ | $conf[auth][list_users] | ||
+ | $conf[auth][driver] | ||
+ | $conf[auth][params][phptype] | ||
+ | $conf[auth][params][protocol] | ||
+ | $conf[auth][params][hostspec] | ||
+ | $conf[auth][params][port] | ||
+ | $conf[auth][params][username] | ||
+ | $conf[auth][params][password] | ||
+ | $conf[auth][params][database] | ||
+ | $conf[auth][params][query_auth] | ||
+ | $conf[auth][params][query_add] | ||
+ | $conf[auth][params][query_getpw] | ||
+ | $conf[auth][params][query_update] | ||
+ | $conf[auth][params][query_resetpassword] | ||
+ | $conf[auth][params][query_remove] | ||
+ | $conf[auth][params][query_list] | ||
+ | $conf[auth][params][query_exists] | ||
+ | $conf[auth][params][encryption] | ||
+ | $conf[auth][params][show_encryption] | ||
+ | $conf[auth][params][count_bad_logins] | ||
+ | $conf[auth][params][login_block] | ||
+ | $conf[auth][params][login_block_count | ||
+ | $conf[auth][params][login_block_time] | ||
+ | |||
+ | **Terms of Service Agreement** | ||
+ | $conf[tos][file] | ||
+ | |||
+ | Zum Schluß sichern wir die Konfiguration mit einem Klick auf die Schaltfläche: | ||
+ | Die erfolgreiche Sicherung wird uns entsprechend angezeigt. | ||
+ | {{ : | ||
+ | |||
+ | |||
+ | ====== Links ====== | ||
+ | * **[[centos: | ||
+ | * **[[centos: | ||
+ | * **[[wiki: | ||
+ | * **[[http:// | ||
+ | |||