Axigen+OpenLdap+BerkeleyDB+ejabberd多域+JWchat
平台及相关软件:
OS:CentOS5.5
axigen-8.0.1.i386.rpm.run
db-4.8.30.tar.gz
openldap-2.4.28.tgz
ejabberd-2.1.11-linux-installer.bin
插件(可到axigen官网去下载):
axigen.schema
webmail-8.0.1-im.tar.gz
服务器主机名及IP:
hostname:corp.com
IP:192.168.0.11
域名1:corptest.com
域名2:heminjie.cn
域名3:minjie.net
一、首先安装Axigen Mail Server
sh axigen-8.0.1.i386.rpm.run
二、安装配置openldap
1、先安装支持编译软件gcc
yum -y install gcc
2、安装BerkeleyDB数据库
[root@localhost BerkeleyDB]# tar -zxvf db-4.8.30.tar.gz
[root@localhost BerkeleyDB]# cd db-4.8.30
[root@localhost db-4.8.24]# cd build_unix/
[root@localhost db-4.8.24]# ../dist/configure
[root@localhost db-4.8.24]# make
[root@localhost db-4.8.24]# make install
3、安装openldap
增加库路径:
# vi /etc/ld.so.conf
/usr/local/BerkeleyDB.4.8/lib
设置环境变量编译:
先安装openssl
yum install openssl*
[root@corp opt]# tar -zxvf openldap-2.4.28.tgz
[root@corp opt]# cd openldap-2.4.28
#ln -s /usr/local/ssl/lib/* /lib/
#ln -s /usr/local/ssl/lib/* /usr/local/lib/
[root@corp openldap-2.4.28]# env CPPFLAGS="-I/usr/local/BerkeleyDB.4.8/include" LDFLAGS="-L/usr/local/BerkeleyDB.4.8/lib" ./configure --prefix=/usr/local/openldap --enable-ldbm --enable-syncprov --enable-memberof --with-tls=openssl --enable-dynamic --enable-overlays --enable-accesslog
[root@corp openldap-2.4.28]# make depend
[root@corp openldap-2.4.28]# make
[root@corp openldap-2.4.28]# make test
[root@corp openldap-2.4.28]# make install
4、配置openldap
[root@corp /]# cd /usr/local/openldap/etc/openldap/
[root@corp openldap]# vi slapd.conf
#slapd.conf至少要包含下面这些配置(具体可参见附件slapd.conf配置模板):
- include /usr/local/openldap/etc/openldap/schema/core.schema
- include /usr/local/openldap/etc/openldap/schema/cosine.schema
- include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
- include /usr/local/openldap/etc/openldap/schema/misc.schema
- include /usr/local/openldap/etc/openldap/schema/axigen.schema
- pidfile /usr/local/openldap/var/run/slapd.pid
- argsfile /usr/local/openldap/var/run/slapd.args
- modulepath /usr/local/openldap/libexec/openldap
- moduleload memberof.la
- moduleload syncprov.la
- serverID 1
- database bdb
- suffix "dc=base"
- rootdn "cn=admin,dc=base"
- rootpw 123456
- directory /usr/local/openldap/var/openldap-data
- index objectClass eq
- index ou,cn,mail,surname,givenname eq,pres,sub
- index entryUUID,entryCSN eq
- overlay syncprov
- syncprov-checkpoint 100 30
- syncprov-sessionlog 100
- overlay memberof
- memberof-refint true
配置完成,需要把axigen.schema复制到/usr/local/openldap/etc/openldap/schema/目录下:
最后启动openldap服务:
[root@corp /]# cd /usr/local/openldap/libexec/
[root@corp libexec]# ./slapd
5、初始化openldap,简单的说,就像DNS,就是先定义一个根(base),然后再定义二级域(com.base/cn.base/net.base),再定义三级域(corptest.com.base/heminjie.cn.base/minjie.net.base):
[root@corp bin]# cd /usr/local/openldap/bin/
[root@corp bin]#vi users.ldif
#下面文件中后边一定不要有空格,
- dn: dc=base
- objectClass: dcObject
- objectClass: organization
- dc: base
- o: base
- dn: dc=com,dc=base
- objectClass: dcObject
- objectClass: organization
- dc: com
- o: com
- dn: dc=cn,dc=base
- objectClass: dcObject
- objectClass: organization
- dc: cn
- o: cn
- dn: dc=net,dc=base
- objectClass: dcObject
- objectClass: organization
- dc: net
- o: net
- dn: dc=corptest,dc=com,dc=base
- objectClass: dcObject
- objectClass: organization
- dc: corptest
- o: corptest
- dn: dc=heminjie,dc=cn,dc=base
- objectClass: dcObject
- objectClass: organization
- dc: heminjie
- o: heminjie
- dn: dc=minjie,dc=net,dc=base
- objectClass: dcObject
- objectClass: organization
- dc: minjie
- o: minjie
- dn: ou=users,dc=corptest,dc=com,dc=base
- objectClass: organizationalUnit
- ou: users
- dn: ou=groups,dc=corptest,dc=com,dc=base
- objectClass: organizationalUnit
- ou: groups
- dn: ou=users,dc=heminjie,dc=cn,dc=base
- objectClass: organizationalUnit
- ou: users
- dn: ou=groups,dc=heminjie,dc=cn,dc=base
- objectClass: organizationalUnit
- ou: groups
- dn: ou=users,dc=minjie,dc=net,dc=base
- objectClass: organizationalUnit
- ou: users
- dn: ou=groups,dc=minjie,dc=net,dc=base
- objectClass: organizationalUnit
- ou: groups
wq!进行保存,最后需要导入到openldap
[root@corp bin]# ./ldapadd -x -D "cn=admin,dc=base" -W -f users.ldif
Enter LDAP Password: 123456
导入成功后,可以根据下面命令进行查询(如导入出错,请核对users.ldif文件,90%原因是ldif文件有误):
./ldapsearch -b "dc=base" -x (查询所有)
./ldapsearch -b "dc=com,dc=base" -x (查询所有.com结尾)
./ldapsearch -b "dc=corptest,dc=com,dc=base" -x (查询corptest.com域)
6、停止openldap服务方法:
先查询openldap进程号,再进行kill进程号,来到达停止服务的目的:
[root@corp bin]# netstat -tunlp | grep :389
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 4200/slapd
tcp 0 0 :::389 :::* LISTEN 4200/slapd
[root@corp bin]# kill 4200
三、在Axigen上配置opneldap
1、登陆到webadmin,在左侧依次选择"Clustering"--"Clustering Setup",在"Connector List"点击"Add Connector"来增加一个ldap连接,具体主要设置参数:
LDAP Connector name: im-ldap
IP / Hostname:127.0.0.1
Port:389
Synchronization direction:Axigen to Ldap
选中Use Administrative DN
Admin DN:cn=admin,dc=base
Admin DN Password:123456
Account base DN:ou=Users,%x,dc=base
Group base DN:ou=Groups,%x,dc=base
最后点击"Update"完成添加。
2、到相应域名下开启openldap服务,并选择刚才添加的"im-ldap"连接。
四、安装配置ejabberd
1、安装ejabberd
[root@corp opt]# chmod o+x ejabberd-2.1.11-linux-installer.bin
[root@corp opt]# ./ejabberd-2.1.11-linux-installer.bin
- Please choose an option [2] :
- Do you accept this license? [y/n]: y
- Installation Directory [/opt/ejabberd-2.1.11]:
- ejabberd server domain [corp.com]: (这里要说明一下corp.com是本机的主机名,也可以设置不存在的域名,只是为了日后管理ejabberd用)
- Administrator username [admin]:
- Administrator password :123123 #输入密码
- Retype password :123123 #确认输入密码
- Cluster [y/N]: n
- Do you want to continue? [Y/n]:
- View Readme file? [Y/n]: n
2、配置ejabberd
[root@corp /]# cd /opt/ejabberd-2.1.11/conf/
[root@corp conf]# vi ejabberd.cfg
以下修改是在原配置文件上修改,其他设置还需保留。
增加主机名:
- {hosts, ["corp.com","corptest.com","heminjie.cn","minjie.net"]}. #增加corp.com域,是为了用户管理ejabberd
添加主机验证:
- %%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}.
- {host_config, "corp.com", [{auth_method, internal}]}. #设置corp.com为本地验证
- {host_config, "corptest.com", [{auth_method, ldap},
- {ldap_servers, ["corp.com"]},
- {ldap_port, 389},
- {ldap_encrypt, none},
- {ldap_uids, [{"uid", "%u"}]},
- {ldap_base, "dc=corptest,dc=com,dc=base"},
- {ldap_rootdn, "cn=admin,dc=base"},
- {ldap_password, "123456"}]}.
- {host_config, "heminjie.cn", [{auth_method, ldap},
- {ldap_servers, ["corp.com"]},
- {ldap_port, 389},
- {ldap_encrypt, none},
- {ldap_uids, [{"uid", "%u"}]},
- {ldap_base, "dc=heminjie,dc=cn,dc=base"},
- {ldap_rootdn, "cn=admin,dc=base"},
- {ldap_password, "123456"}]}.
- {host_config, "minjie.net", [{auth_method, ldap},
- {ldap_servers, ["corp.com"]},
- {ldap_port, 389},
- {ldap_encrypt, none},
- {ldap_uids, [{"uid", "%u"}]},
- {ldap_base, "dc=minjie,dc=net,dc=base"},
- {ldap_rootdn, "cn=admin,dc=base"},
- {ldap_password, "123456"}]}.
设置ejabberd管理员:
- %% The 'admin' ACL grants administrative privileges to Jabber accounts.
- %% You can put as many accounts as you want.
- %%
- {acl, admin, {user, "admin", "corp.com"}}. #这里定义管理ejabberd的帐号,默认管理帐号是admin@corp.com
添加模块:
- {mod_roster, []},
- %%{mod_service_log,[]},
- {mod_shared_roster,[]},
- %%{mod_stats, []},
- {mod_time, []},
- {mod_vcard, []},
- {mod_version, []}
- }.
以上都是公共模块,需要添加新模块,每个域名都需要添加一个。
- {host_config, "corptest.com",
- [{{add, modules}, [
- {mod_echo, [{host, "echo-service.corptest.com"}]},
- {mod_http_bind, []},
- {mod_vcard_ldap, [
- {ldap_servers, ["corp.com"]},
- {ldap_rootdn, "cn=admin,dc=base"},
- {ldap_password, "123456"},
- {ldap_base, "ou=users,dc=corptest,dc=com,dc=base"},
- {ldap_vcard_map, [
- {"NICKNAME", "%s", ["axiNickName"]},
- {"FN", "%s", ["displayName"]},
- {"FAMILY", "%s", ["sn"]},
- {"GIVEN", "%s", ["givenName"]},
- {"MIDDLE", "%s", ["axiMiddleName"]},
- {"ORGNAME", "%s", ["axiCompany"]},
- {"ORGUNIT", "%s", ["axiDepartment"]},
- {"CTRY", "%s", ["c"]},
- {"LOCALITY", "%s", ["l"]},
- {"STREET", "%s", ["street"]},
- {"REGION", "%s", ["st"]},
- {"PCODE", "%s", ["postalCode"]},
- {"TITLE", "%s", ["title"]},
- {"URL", "%s", ["wWWHomePage"]},
- {"TEL", "%s", ["mobile"]},
- {"EMAIL", "%s", ["axiPersonalEmail"]},
- {"BDAY", "%s", ["axiBirthday"]},
- {"ROLE", "%s", ["axiProfession"]} ]},
- {ldap_search_fields, [
- {"User", "%u"},
- {"Nickname", "axiNickName"},
- {"Given Name", "givenName"},
- {"Family Name", "sn"},
- {"Email", "axiPersonalEmail"} ]},
- {ldap_search_reported, [
- {"Full Name", "FN"},
- {"Given Name", "GIVEN"},
- {"Family Name", "FAMILY"},
- {"Email", "EMAIL"} ]} ]}
- ]
- }
- ]}.
- {host_config, "heminjie.cn",
- [{{add, modules}, [
- {mod_echo, [{host, "echo-service.heminjie.cn"}]},
- {mod_http_bind, []},
- {mod_vcard_ldap, [
- {ldap_servers, ["corp.com"]},
- {ldap_rootdn, "cn=admin,dc=base"},
- {ldap_password, "123456"},
- {ldap_base, "ou=users,dc=heminjie,dc=cn,dc=base"},
- {ldap_vcard_map, [
- {"NICKNAME", "%s", ["axiNickName"]},
- {"FN", "%s", ["displayName"]},
- {"FAMILY", "%s", ["sn"]},
- {"GIVEN", "%s", ["givenName"]},
- {"MIDDLE", "%s", ["axiMiddleName"]},
- {"ORGNAME", "%s", ["axiCompany"]},
- {"ORGUNIT", "%s", ["axiDepartment"]},
- {"CTRY", "%s", ["c"]},
- {"LOCALITY", "%s", ["l"]},
- {"STREET", "%s", ["street"]},
- {"REGION", "%s", ["st"]},
- {"PCODE", "%s", ["postalCode"]},
- {"TITLE", "%s", ["title"]},
- {"URL", "%s", ["wWWHomePage"]},
- {"TEL", "%s", ["mobile"]},
- {"EMAIL", "%s", ["axiPersonalEmail"]},
- {"BDAY", "%s", ["axiBirthday"]},
- {"ROLE", "%s", ["axiProfession"]} ]},
- {ldap_search_fields, [
- {"User", "%u"},
- {"Nickname", "axiNickName"},
- {"Given Name", "givenName"},
- {"Family Name", "sn"},
- {"Email", "axiPersonalEmail"} ]},
- {ldap_search_reported, [
- {"Full Name", "FN"},
- {"Given Name", "GIVEN"},
- {"Family Name", "FAMILY"},
- {"Email", "EMAIL"} ]} ]}
- ]
- }
- ]}.
- {host_config, "minjie.net",
- [{{add, modules}, [
- {mod_echo, [{host, "echo-service.minjie.net"}]},
- {mod_http_bind, []},
- {mod_vcard_ldap, [
- {ldap_servers, ["corp.com"]},
- {ldap_rootdn, "cn=admin,dc=base"},
- {ldap_password, "123456"},
- {ldap_base, "ou=users,dc=minjie,dc=net,dc=base"},
- {ldap_vcard_map, [
- {"NICKNAME", "%s", ["axiNickName"]},
- {"FN", "%s", ["displayName"]},
- {"FAMILY", "%s", ["sn"]},
- {"GIVEN", "%s", ["givenName"]},
- {"MIDDLE", "%s", ["axiMiddleName"]},
- {"ORGNAME", "%s", ["axiCompany"]},
- {"ORGUNIT", "%s", ["axiDepartment"]},
- {"CTRY", "%s", ["c"]},
- {"LOCALITY", "%s", ["l"]},
- {"STREET", "%s", ["street"]},
- {"REGION", "%s", ["st"]},
- {"PCODE", "%s", ["postalCode"]},
- {"TITLE", "%s", ["title"]},
- {"URL", "%s", ["wWWHomePage"]},
- {"TEL", "%s", ["mobile"]},
- {"EMAIL", "%s", ["axiPersonalEmail"]},
- {"BDAY", "%s", ["axiBirthday"]},
- {"ROLE", "%s", ["axiProfession"]} ]},
- {ldap_search_fields, [
- {"User", "%u"},
- {"Nickname", "axiNickName"},
- {"Given Name", "givenName"},
- {"Family Name", "sn"},
- {"Email", "axiPersonalEmail"} ]},
- {ldap_search_reported, [
- {"Full Name", "FN"},
- {"Given Name", "GIVEN"},
- {"Family Name", "FAMILY"},
- {"Email", "EMAIL"} ]} ]}
- ]
- }
- ]}.
3、启动ejabberd
[root@corp /]# cd /opt/ejabberd-2.1.11/bin/
[root@corp bin]# ./start
4、管理ejabberd
管理网址:http://192.168.0.11:5280/admin
用户名:admin@corp.com
密码:123123 #刚才安装ejabberd时设置的密码
五、配置JWchat
- [root@corp /]# cd /var/opt/axigen/
- [root@corp axigen]# mv webmail webmail.bak
- [root@test axigen]# tar -zxvf webmail-8.0.1-im.tar.gz
- [root@test axigen]# chown -R axigen:axigen webmail
- [root@corp axigen]# cd /var/opt/axigen/webmail/default/jwchat
- [root@corp jwchat]# vi config.js
#主要修改下面几个设置:
- var CONNECTION_SECURE = false;
- var IM_SERVER_URL = "http://192.168.0.11:5280/http-bind/";
- var DOMAIN_NAME = top.Axi.AccountInfo.domainname;
重启Axigen服务生效:
[root@corp jwchat]# service axigen restart
到此,所有配置已经完毕。
可以测试一下,在Axigen webadmin中开设帐号,然后登陆webmail看看右侧im帐号是否已在线。
如中间有出错,具体问题具体对待,如遇到棘手问题,可以联系我:
我的email:heminjie369@163.com
转载于:https://blog.51cto.com/heminjie/881581
991
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
