平台及相关软件:
OS:CentOS5.5
axigen-8.0.1.i386.rpm.run
db-4.8.30.tar.gz
openldap-2.4.28.tgz
ejabberd-2.1.11-linux-installer.bin
插件(可到axigen官网去下载):
axigen.schema
webmail-8.0.1-im.tar.gz
服务器主机名及IP:
hostname:corp.com
IP:192.168.0.11
域名1:corptest.com
域名2:heminjie.cn
域名3:minjie.net
一、首先安装Axigen Mail Server sh axigen-8.0.1.i386.rpm.run
二、安装配置openldap
1、先安装支持编译软件gcc yum -y install gcc
2、安装BerkeleyDB数据库
[root@localhost BerkeleyDB]# tar -zxvf db-4.8.30.tar.gz
[root@localhost BerkeleyDB]# cd db-4.8.30
[root@localhost db-4.8.24]# cd build_unix/
[root@localhost db-4.8.24]# ../dist/configure
[root@localhost db-4.8.24]# make
[root@localhost db-4.8.24]# make install
3、安装openldap
增加库路径:
# vi /etc/ld.so.conf
/usr/local/BerkeleyDB.4.8/lib
设置环境变量编译:
先安装openssl
yum install openssl*
[root@corp opt]# tar -zxvf openldap-2.4.28.tgz
[root@corp opt]# cd openldap-2.4.28
#ln -s /usr/local/ssl/lib/* /lib/
#ln -s /usr/local/ssl/lib/* /usr/local/lib/
[root@corp openldap-2.4.28]# env CPPFLAGS="-I/usr/local/BerkeleyDB.4.8/include" LDFLAGS="-L/usr/local/BerkeleyDB.4.8/lib" ./configure --prefix=/usr/local/openldap --enable-ldbm --enable-syncprov --enable-memberof --with-tls=openssl --enable-dynamic --enable-overlays --enable-accesslog
[root@corp openldap-2.4.28]# make depend
[root@corp openldap-2.4.28]# make
[root@corp openldap-2.4.28]# make test
[root@corp openldap-2.4.28]# make install
4、配置openldap
[root@corp /]# cd /usr/local/openldap/etc/openldap/
[root@corp openldap]# vi slapd.conf
#slapd.conf至少要包含下面这些配置(具体可参见附件slapd.conf配置模板):
/usr/local/openldap/etc/openldap/schema/core.schema include /usr/local/openldap/etc/openldap/schema/cosine.schema include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema include /usr/local/openldap/etc/openldap/schema/misc.schema include /usr/local/openldap/etc/openldap/schema/axigen.schema pidfile /usr/local/openldap/var/run/slapd.pid argsfile /usr/local/openldap/var/run/slapd.args modulepath /usr/local/openldap/libexec/openldap moduleload memberof.la moduleload syncprov.la serverID 1 database bdb suffix "dc=corp,dc=com" rootdn "cn=admin,dc=corp,dc=com" rootpw 123456 directory /usr/local/openldap/var/openldap-data index objectClass eq index ou,cn,mail,surname,givenname eq,pres,sub index entryUUID,entryCSN eq overlay syncprov syncprov-checkpoint 100 30 syncprov-sessionlog 100 overlay memberof memberof-refint true
配置完成,需要把axigen.schema复制到/usr/local/openldap/etc/openldap/schema/目录下:
最后启动openldap服务:
[root@corp /]# cd /usr/local/openldap/libexec/
[root@corp libexec]# ./slapd
5、初始化openldap,简单的说,就像DNS,就是先定义一个根(base),然后再定义二级域(com.base/cn.base/net.base),再定义三级域(corptest.com.base/heminjie.cn.base/minjie.net.base):
[root@corp bin]# cd /usr/local/openldap/bin/
[root@corp bin]#vi users.ldif
#下面文件中后边一定不要有空格,
dn: dc=base objectClass: dcObject objectClass: organization dc: base o: base dn: dc=com,dc=base objectClass: dcObject objectClass: organization dc: com o: com dn: dc=cn,dc=base objectClass: dcObject objectClass: organization dc: cn o: cn dn: dc=net,dc=base objectClass: dcObject objectClass: organization dc: net o: net dn: dc=corptest,dc=com,dc=base objectClass: dcObject objectClass: organization dc: corptest o: corptest dn: dc=heminjie,dc=cn,dc=base objectClass: dcObject objectClass: organization dc: heminjie o: heminjie dn: dc=minjie,dc=net,dc=base objectClass: dcObject objectClass: organization dc: minjie o: minjie dn: ou=users,dc=corptest,dc=com,dc=base objectClass: organizationalUnit ou: users dn: ou=groups,dc=corptest,dc=com,dc=base objectClass: organizationalUnit ou: groups dn: ou=users,dc=heminjie,dc=cn,dc=base objectClass: organizationalUnit ou: users dn: ou=groups,dc=heminjie,dc=cn,dc=base objectClass: organizationalUnit ou: groups dn: ou=users,dc=minjie,dc=net,dc=base objectClass: organizationalUnit ou: users dn: ou=groups,dc=minjie,dc=net,dc=base objectClass: organizationalUnit ou: groups
wq!进行保存,最后需要导入到openldap
[root@corp bin]# ./ldapadd -x -D "cn=admin,dc=base" -W -f users.ldif
Enter LDAP Password: 123456
导入成功后,可以根据下面命令进行查询(如导入出错,请核对users.ldif文件,90%原因是ldif文件有误):
./ldapsearch -b "dc=base" -x (查询所有)
./ldapsearch -b "dc=com,dc=base" -x (查询所有.com结尾)
./ldapsearch -b "dc=corptest,dc=com,dc=base" -x (查询corptest.com域)
6、停止openldap服务方法:
先查询openldap进程号,再进行kill进程号,来到达停止服务的目的:
[root@corp bin]# netstat -tunlp | grep :389
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 4200/slapd
tcp 0 0 :::389 :::* LISTEN 4200/slapd
[root@corp bin]# kill 4200
三、在Axigen上配置opneldap
1、登陆到webadmin,在左侧依次选择"Clustering"--"Clustering Setup",在"Connector List"点击"Add Connector"来增加一个ldap连接,具体主要设置参数:
LDAP Connector name: im-ldap
IP / Hostname:127.0.0.1
Port:389
Synchronization direction:Axigen to Ldap
选中Use Administrative DN
Admin DN:cn=admin,dc=base
Admin DN Password:123456
Account base DN:ou=Users,%x,dc=base
Group base DN:ou=Groups,%x,dc=base
最后点击"Update"完成添加。
2、到相应域名下开启openldap服务,并选择刚才添加的"im-ldap"连接。
四、安装配置ejabberd
1、安装ejabberd
[root@corp opt]# chmod o+x ejabberd-2.1.11-linux-installer.bin
[root@corp opt]# ./ejabberd-2.1.11-linux-installer.bin
Please choose an option [2] : Do you accept this license? [y/n]: y Installation Directory [/opt/ejabberd-2.1.11]: ejabberd server domain [corp.com]: Administrator username [admin]: Administrator password :123123 #输入密码 Retype password :123123 #确认输入密码 Cluster [y/N]: n Do you want to continue? [Y/n]: View Readme file? [Y/n]: n #这里要说明一下corp.com是本机的主机名,也可以设置不存在的域名,只是为了日后管理ejabberd用
2、配置ejabberd
[root@corp /]# cd /opt/ejabberd-2.1.11/conf/
[root@corp conf]# vi ejabberd.cfg
以下修改是在原配置文件上修改,其他设置还需保留。
增加主机名:
{hosts, ["corp.com","corptest.com","heminjie.cn","minjie.net"]}.
#增加corp.com域,是为了用户管理ejabberd
添加主机验证:
%%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}.
{host_config, "corp.com", [{auth_method, internal}]}. #设置corp.com为本地验证
{host_config, "corptest.com", [{auth_method, ldap},
{ldap_servers, ["corp.com"]},
{ldap_port, 389},
{ldap_encrypt, none},
{ldap_uids, [{"uid", "%u"}]},
{ldap_base, "dc=corptest,dc=com,dc=base"},
{ldap_rootdn, "cn=admin,dc=base"},
{ldap_password, "123456"}]}.
{host_config, "heminjie.cn", [{auth_method, ldap},
{ldap_servers, ["corp.com"]},
{ldap_port, 389},
{ldap_encrypt, none},
{ldap_uids, [{"uid", "%u"}]},
{ldap_base, "dc=heminjie,dc=cn,dc=base"},
{ldap_rootdn, "cn=admin,dc=base"},
{ldap_password, "123456"}]}.
{host_config, "minjie.net", [{auth_method, ldap},
{ldap_servers, ["corp.com"]},
{ldap_port, 389},
{ldap_encrypt, none},
{ldap_uids, [{"uid", "%u"}]},
{ldap_base, "dc=minjie,dc=net,dc=base"},
{ldap_rootdn, "cn=admin,dc=base"},
{ldap_password, "123456"}]}.
设置ejabberd管理员:
%% The 'admin' ACL grants administrative privileges to Jabber accounts.
%% You can put as many accounts as you want.
%%
{acl, admin, {user, "admin", "corp.com"}}.
#这里定义管理ejabberd的帐号,默认管理帐号是admin@corp.com
添加模块:
{mod_roster, []},
%%{mod_service_log,[]},
{mod_shared_roster,[]},
%%{mod_stats, []},
{mod_time, []},
{mod_vcard, []},
{mod_version, []}
]}.
#上面这些是公共模块,需要添加新模块,每个域名都需要添加一个。
{host_config, "corptest.com",
[{{add, modules}, [
{mod_echo, [{host, "echo-service.corptest.com"}]},
{mod_http_bind, []},
{mod_vcard_ldap, [
{ldap_servers, ["corp.com"]},
{ldap_rootdn, "cn=admin,dc=base"},
{ldap_password, "123456"},
{ldap_base, "ou=users,dc=corptest,dc=com,dc=base"},
{ldap_vcard_map, [
{"NICKNAME", "%s", ["axiNickName"]},
{"FN", "%s", ["displayName"]},
{"FAMILY", "%s", ["sn"]},
{"GIVEN", "%s", ["givenName"]},
{"MIDDLE", "%s", ["axiMiddleName"]},
{"ORGNAME", "%s", ["axiCompany"]},
{"ORGUNIT", "%s", ["axiDepartment"]},
{"CTRY", "%s", ["c"]},
{"LOCALITY", "%s", ["l"]},
{"STREET", "%s", ["street"]},
{"REGION", "%s", ["st"]},
{"PCODE", "%s", ["postalCode"]},
{"TITLE", "%s", ["title"]},
{"URL", "%s", ["wWWHomePage"]},
{"TEL", "%s", ["mobile"]},
{"EMAIL", "%s", ["axiPersonalEmail"]},
{"BDAY", "%s", ["axiBirthday"]},
{"ROLE", "%s", ["axiProfession"]} ]},
{ldap_search_fields, [
{"User", "%u"},
{"Nickname", "axiNickName"},
{"Given Name", "givenName"},
{"Family Name", "sn"},
{"Email", "axiPersonalEmail"} ]},
{ldap_search_reported, [
{"Full Name", "FN"},
{"Given Name", "GIVEN"},
{"Family Name", "FAMILY"},
{"Email", "EMAIL"} ]} ]}
]
}
]}.
{host_config, "heminjie.cn",
[{{add, modules}, [
{mod_echo, [{host, "echo-service.heminjie.cn"}]},
{mod_http_bind, []},
{mod_vcard_ldap, [
{ldap_servers, ["corp.com"]},
{ldap_rootdn, "cn=admin,dc=base"},
{ldap_password, "123456"},
{ldap_base, "ou=users,dc=heminjie,dc=cn,dc=base"},
{ldap_vcard_map, [
{"NICKNAME", "%s", ["axiNickName"]},
{"FN", "%s", ["displayName"]},
{"FAMILY", "%s", ["sn"]},
{"GIVEN", "%s", ["givenName"]},
{"MIDDLE", "%s", ["axiMiddleName"]},
{"ORGNAME", "%s", ["axiCompany"]},
{"ORGUNIT", "%s", ["axiDepartment"]},
{"CTRY", "%s", ["c"]},
{"LOCALITY", "%s", ["l"]},
{"STREET", "%s", ["street"]},
{"REGION", "%s", ["st"]},
{"PCODE", "%s", ["postalCode"]},
{"TITLE", "%s", ["title"]},
{"URL", "%s", ["wWWHomePage"]},
{"TEL", "%s", ["mobile"]},
{"EMAIL", "%s", ["axiPersonalEmail"]},
{"BDAY", "%s", ["axiBirthday"]},
{"ROLE", "%s", ["axiProfession"]} ]},
{ldap_search_fields, [
{"User", "%u"},
{"Nickname", "axiNickName"},
{"Given Name", "givenName"},
{"Family Name", "sn"},
{"Email", "axiPersonalEmail"} ]},
{ldap_search_reported, [
{"Full Name", "FN"},
{"Given Name", "GIVEN"},
{"Family Name", "FAMILY"},
{"Email", "EMAIL"} ]} ]}
]
}
]}.
{host_config, "minjie.net",
[{{add, modules}, [
{mod_echo, [{host, "echo-service.minjie.net"}]},
{mod_http_bind, []},
{mod_vcard_ldap, [
{ldap_servers, ["corp.com"]},
{ldap_rootdn, "cn=admin,dc=base"},
{ldap_password, "123456"},
{ldap_base, "ou=users,dc=minjie,dc=net,dc=base"},
{ldap_vcard_map, [
{"NICKNAME", "%s", ["axiNickName"]},
{"FN", "%s", ["displayName"]},
{"FAMILY", "%s", ["sn"]},
{"GIVEN", "%s", ["givenName"]},
{"MIDDLE", "%s", ["axiMiddleName"]},
{"ORGNAME", "%s", ["axiCompany"]},
{"ORGUNIT", "%s", ["axiDepartment"]},
{"CTRY", "%s", ["c"]},
{"LOCALITY", "%s", ["l"]},
{"STREET", "%s", ["street"]},
{"REGION", "%s", ["st"]},
{"PCODE", "%s", ["postalCode"]},
{"TITLE", "%s", ["title"]},
{"URL", "%s", ["wWWHomePage"]},
{"TEL", "%s", ["mobile"]},
{"EMAIL", "%s", ["axiPersonalEmail"]},
{"BDAY", "%s", ["axiBirthday"]},
{"ROLE", "%s", ["axiProfession"]} ]},
{ldap_search_fields, [
{"User", "%u"},
{"Nickname", "axiNickName"},
{"Given Name", "givenName"},
{"Family Name", "sn"},
{"Email", "axiPersonalEmail"} ]},
{ldap_search_reported, [
{"Full Name", "FN"},
{"Given Name", "GIVEN"},
{"Family Name", "FAMILY"},
{"Email", "EMAIL"} ]} ]}
]
}
]}.
3、启动ejabberd
[root@corp /]# cd /opt/ejabberd-2.1.11/bin/
[root@corp bin]# ./start
4、管理ejabberd
管理网址:http://192.168.0.11:5280/admin
用户名:admin@corp.com
密码:123123 #刚才安装ejabberd时设置的密码
五、配置JWchat
[root@corp /]# cd /var/opt/axigen/
[root@corp axigen]# mv webmail webmail.bak
[root@test axigen]# tar -zxvf webmail-8.0.1-im.tar.gz
[root@test axigen]# chown -R axigen:axigen webmail
[root@corp axigen]# cd /var/opt/axigen/webmail/default/jwchat
[root@corp jwchat]# vi config.js
#主要修改下面几个设置:
var CONNECTION_SECURE = false; var IM_SERVER_URL = "http://192.168.0.11:5280/http-bind/"; var DOMAIN_NAME = top.Axi.AccountInfo.domainname;
重启Axigen服务生效:
[root@corp jwchat]# service axigen restart
到此,所有配置已经完毕。
可以测试一下,在Axigen webadmin中开设帐号,然后登陆webmail看看右侧im帐号是否已在线。
原文链接:Axigen+OpenLdap+BerkeleyDB+ejabberd多域+JWchat,转载请注明来源!