FreeBSD 6.2 Postfix 2.4.5 DSpam 3.8.0 Clamav 0.91 Apache 2.2.8 If anyone's interested, I've got LDAP authentication working for the WebUI between Novell and Apache22.
Two things needed to be done: 1. Make sure Apache is compiled with LDAP support and the appropriate module is loaded... LoadModule authnz_ldap_module libexec/apache22/mod_authnz_ldap.so ...In httpd.conf, set up Apache to authenticate via LDAP in the WebUI's directory tags: AuthType basic AuthName "DSPAM Control Center" AuthBasicProvider ldap AuthLDAPRemoteUserIsDN on AuthzLDAPAuthoritative off AuthLDAPURL "ldap://YOUR_LDAP_SERVER_HOSTNAME/o=YOUR_ROOT?cn?sub"; Require valid-user ...make sure the "o=" matches your organization. Also "cn" is sometimes "uid" in Novell. The search will cover all subdirectories (hence the "sub"), so it's important each cn (or uid) is unique in the directory. 2. Modify dspam.cgi to look up the user's "mail" via LDAP based on the context passed in as "ENV{'REMOTE_USER'}". For example, REMOTE_USER may appear to be "cn=YOUR_USERNAME,ou=YOUR_DEPT,o=YOUR_ROOT" after LDAP authentication. This needs to be converted to an email address for the web interface to work. Below is the code I used; it replaces the "CURRENT_USER = ..." line and the "#Determine admin status" block at around lines 60 through 80 in dspam.cgi: ### ### Begin MCIT ### use vars qw { $LDAP_SERVER $LDAP_BASE @LDAP_ATTRS $LDAP @FIELDS $RESULT $EMAIL $ENTRY }; use Net::LDAP; $LDAP_SERVER = "YOUR_LDAP_SERVER_HOSTNAME"; $LDAP_BASE = "o=YOUR_ROOT"; @LDAP_ATTRS = ["mail"]; # Initialize the ldap object. $LDAP = Net::LDAP->new($LDAP_SERVER) or die "Could not initialize LDAP object."; # Connect to the ldap server. $LDAP->bind or die "Could not connect to LDAP server."; # Get the cn from the supplied $REMOTE_NAME. @FIELDS = split(/\,/, $ENV{'REMOTE_USER'}) or die "Could not split cn= tag from the REMOTE_NAME."; $RESULT = $LDAP->search (base => $LDAP_BASE, scope => "sub", filter => "($FIELDS[0])", attrs => @LDAP_ATTRS); if ($RESULT->code) { die "Could not connect to LDAP server." }; $EMAIL = "[EMAIL PROTECTED]"; foreach $ENTRY ($RESULT->entries) { $EMAIL = lc($ENTRY->get_value("mail")); }; $CURRENT_USER = $EMAIL; # Determine admin status $CONFIG{'ADMIN'} = 0; if ($CURRENT_USER ne "") { open(FILE, "<./admins"); while(<FILE>) { chomp; if ($_ eq $CURRENT_USER) { $CONFIG{'ADMIN'} = 1; } } close(FILE); } ### ### End MCIT ### ...we no longer need to manage local accounts on the Dspam server. The end users use their Novell username and password and they're in. Thanks, -Gary ~~~~~~~~~~~~~~~~~~~~~~~~~~ Gary J. Waters Jr. Mohave County Information Technology 700 W. Beale St. Kingman, AZ 86401 (928)753-0740x4137 [EMAIL PROTECTED] http://www.co.mohave.az.us
