LDAP and Claws Mail

From Claws Mail FAQ
Jump to navigationJump to search

LDAP and Claws Mail HOWTO based on Kubuntu (7.10)

Exaple describes installation and configuration on Ubuntu 7.10 but should be valid for other distributions also. It covers:

  • openldap installation and configuration
  • claws-mail configuration to use with LDAP


  • In case slapd is already installed, either go to point 4 or reinstall it with commands:
sudo apt-get purge slapd
sudo rm -rf /etc/ldap
(in case your LDAP configuration is not yet in use)
sudo rm -rf /var/run/slapd
(in case your LDAP database is not yet filled)


  • Install slapd:
sudo apt-get install slapd
during installation ubuntu usually asks you for ldap admin password - use any - even empty - later we can change it anyway


  • make sure to shut down LDAP server after installation:
sudo /etc/init.d/slapd stop
  • folder for storing data:
make directory where you LDAP will store data - by default it is /var/run/slapd bud I don't recommend it for backup purposes (in case your root partition is to be reinstalled - OS crashed or whatever - then LDAP db is also vanished - my proposal is to use i.e. directory /home/ldap
sudo mkdir /home/ldap
Because Ubuntu by default runs slapd daemon as user openldap (created automatically during slapd installation), then we must change the ownership of this directory:
sudo chown -R openldap:openldap /home/ldap
as an alternative is to change default behaviour of slapd in file /etc/default/slapd the line:
should be changed to:
and in this case slapd runs as root and changing ownership is not needed - in this HOWTO we change the ownership to avoid the mismatch with Ubuntu default settings
  • main config file creation: /etc/ldap/slapd.conf
copy current config file:
sudo cp /etc/ldap/slapd.conf /etc/ldap/slapd.conf-org
create main password for ldap:
slappasswd -s "your_password"
where "your_password" is any string without quotes of course
as an output you get for example:
this is your password encrypted to be used later in config file
modify configuration file
sudo gedit (or kedit) /etc/ldap/slapd.conf
and put there (instead of everything what you find there):
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
schemacheck     on
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        0
modulepath	/usr/lib/ldap
moduleload	back_bdb
backend		bdb
checkpoint 512 30

database        bdb
suffix          "dc=nodomain"
rootdn          "cn=admin,dc=nodomain"
rootpw		here_output_of_your_password i.e. {SSHA}QqvOMErMXSJXRfLdmoIjMHEey129M5Qt
directory       "/home/ldap"
index           objectClass eq
lastmod         on
create database config file:
sudo gedit (or kedit) /home/ldap/DB_CONFIG 
set_cachesize 	0	2097152		0
set_lg_bsize	524288
set_lk_max_objects      5000
set_lk_max_locks        5000
set_lk_max_lockers	5000
these are default settings, not needed to be changed at this point
if you changde /home/ldap to be owned by openldap user then it must be repeated at this point at least for this created file:
sudo chown openldap:openldap /home/ldap/DB_CONFIG


  • start ldap to see if it is working:
sudo /etc/init.d/slapd start
and check if working:
ps -ef | grep slapd  | grep -v grep
if you see something like this:
openldap  8662     1  0 10:43 ?        00:00:00 /usr/sbin/slapd -g openldap -u openldap
then this means it works (ldap server)
if not just start command:
sudo slapd -d 256 
and see any errors which may occure and ... try to find out problem by yourself (use google, or contact me)


  • now, ldap is working but empty, lets configure top of it:
gedit (or kedit) /tmp/1.ldif  
and put there:
dn: dc=nodomain
objectclass: dcObject
objectclass: organization
o: My Computer LDAP
dc: nodomain

dn: cn=admin,dc=nodomain
objectclass: organizationalRole
cn: admin
  • now import it to ldap:
ldapadd -x -D "cn=admin,dc=nodomain" -W -f /tmp/1.ldif
it will ask you for your LDAP password
proper output should be:
<code>Enter LDAP Password: 
adding new entry "dc=nodomain"

adding new entry "cn=admin,dc=nodomain"