Adventures in CentOS-Land (Part 3)
Let’s get to work with CentOS5 now that we have set up the yum repositories and are able to install all the software we need. As a short reminder our requirements listing again. So let’s continue from last time…
Our requirements are the following:
- nagios for monitoring of
- disk space
- system load
- service availability
- openLDAP (v3 only and TLS only)
- SMTP with Sender Authentication over TLS only
- IMAPs (only, and only over TLS)
- a webmail interface for easy access from anywhere - also TLS only
Since I know Postfix best I decided to go with it, also Dovecot is a nice (and fast) IMAP server (as I learned on the way). User Information for the mail users should come from LDAP - that also makes it easy to set up some password changing webform (did I mention: TLS only).
But first the basic setup. This is where the problems started:
- no nagios in the official repositories - rpmforge has them
- it seems Dag Wieers is an official package maintainer taking part in this repo so it seems trustworthy according to some Google research
- postfix seems to be in the CentOsPlus repository
Let’s see, yum is the package manager and seems to work quite well, no sign of RPM-dependency hell any more.
O.K. - so much for a basic running service. Of course that doesn’t do that much that is useful for us. Let’s first configure slapd and a basic LDAP tree. The config of slapd is rather simple, we don’t really have any users except one so we don’t exactly need any groups. Why bother with LDAP then? Well, once you get used to having LDAP and a nice GUI tool is actually a lot
easier more convenient to deal with than with the good unix passwords. Note: I recommend to NEVER EVER put system users required to start daemons/applications in LDAP, don’t even think about it!
Now here comes the slapd.conf:
And this is our LDIF (already with the user we want to use for mailing):
Let’s see now what we have.
- Non-System users ready to use in LDAP - check
- Aliases that can be used easily - check
- a container for “real people” vs. a container for “role objects” - check
- Hopefully no typos since I made some modifications like changing the passwors (of course) the Root DSE and some DNs
Next time we’ll see how to configure Dovecot to use this information and automagically create the correct mailbox with the information provided from our LDAP tree.Server!/Horror