Ok, I can just install the rpm.
For now I have written this, it can help someone …
Most likely also works with Zentyal 3.4
When finished working with Zentyal 2, I try with 3…
In Zentyal server.
Enable Ubuntu old-releases repository:
sed -i -re 's/([a-z]{2}\.)?archive.ubuntu.com|security.ubuntu.com/old-releases.ubuntu.com/g' /etc/apt/sources.list
Install gnutls-bin:
sudo apt-get install gnutls-bin
Create a private key for the Certificate Authority (CA):
sudo sh -c "certtool --generate-privkey > /etc/ssl/private/cakey.pem"
Create a /etc/ssl/ca.info details file to self-sign the CA certificate containing:
cn = Example Company
ca
cert_signing_key
Now create the self-signed CA certificate:
sudo certtool --generate-self-signed --load-privkey /etc/ssl/private/cakey.pem \
--template /etc/ssl/ca.info --outfile /etc/ssl/certs/cacert.pem
Make a private key for the server:
sudo sh -c "certtool --generate-privkey > /etc/ssl/private/slapd_key.pem"
To sign the server’s certificate with the CA, create the /etc/ssl/ldap.info info file containing:
organization = Example Company
cn = ldap.example.com
tls_www_server
encryption_key
signing_key
Create the server’s certificate:
sudo certtool --generate-certificate --load-privkey /etc/ssl/private/slapd_key.pem \
--load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey /etc/ssl/private/cakey.pem \
--template /etc/ssl/ldap.info --outfile /etc/ssl/certs/slapd_cert.pem
Use ldapmodify and add ldaps:
sudo ldapmodify -Y EXTERNAL -H ldapi:///
dn: cn=config
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ssl/certs/slapd_cert.pem
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ssl/private/slapd_key.pem
[CTRL+D] to save
Add ldaps:/// to SLAPD_SERVICES:
vi /etc/init/ebox.slapd.conf
SLAPD_SERVICES="... ldaps:/// ..."
vi /etc/init/ebox.slapd-frontend.conf
SLAPD_SERVICES="... ldaps:/// ..."
Grant access to certificate:
sudo adduser openldap ssl-cert
sudo chgrp ssl-cert /etc/ssl/private/slapd_key.pem
sudo chmod g+r /etc/ssl/private/slapd_key.pem
Restart Zentyal:
sudo /etc/init.d/zentyal restart
Export users maildir.
Create script:
vi export_zentyal_maildir.sh
Copy and paste:
#!/bin/bash
# Adapted from one NethServers script.
#
# Copyright (C) 2013 Nethesis S.r.l.
# http://www.nethesis.it - support@nethesis.it
#
# NethServer is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License,
# or any later version
export LANG=C
export DRYRUN=0
destinationPort=22
function exit_help()
{
echo "Usage:
$0 [-h] [-n] [-p] -s IPADDR -d EMAIL DOMAIN
-h help message
-n dry run
-p PORT ssh port on destination host (default 22)
-s IPADDR rsync to destination host IPADDR
-d EMAILDOMAIN
" 1>&2
exit 1;
}
while getopts "hns:p:d:" opt; do
case $opt in
h) # help
exit_help
;;
n) # dry run
DRYRUN=1
;;
p) # source port
destinationPort=${OPTARG}
;;
s) # source IPADDR
destinationHost=${OPTARG}
;;
d) # source type
sourceDomain=${OPTARG}
;;
\?)
exit_help
;;
esac
done
if [ -z "${destinationHost}" ]; then
echo "Missing -s IPADDR parameter!" 1>&2
exit_help
fi
if [ -z "${sourceDomain}" ]; then
echo "Invalid -d EMAIL DOMAIN parameter!"
exit_help
fi
INTCAUGHT=0
trap "INTCAUGHT=1" SIGINT
echo " "
echo "====================================="
echo "Remember: leave the passphrase empty!"
echo "====================================="
echo " "
ssh-keygen
ssh -p${destinationPort} root@${destinationHost} 'cat >> ~/.ssh/authorized_keys' < ~/.ssh/id_*.pub
echo "Set LDAP posixAccount"
echo " "
ssh root@${destinationHost} -p ${destinationPort} sed -i -re 's/shadowAccount/posixAccount/g'/usr/libexec/nethserver/list-users
ssh root@${destinationHost} -p ${destinationPort} sed -i -re 's/shadowAccount/posixAccount/g'/usr/libexec/nethserver/list-group-members
for sourceMaildir in /var/vmail/${sourceDomain}/*; do
USER=$(basename ${sourceMaildir})
echo "[INFO] `date` -- Synchronizing ${USER} Maildir/"
destinationDir="/var/lib/nethserver/vmail/$USER@$sourceDomain/Maildir"
echo ${sourceMaildir}"/ ->" ${destinationDir}
# Synchronize maildir:
if ssh root@${destinationHost} -p ${destinationPort} test -e "${destinationDir}" ; then
echo "Destination Maildir exist, OK!"
else
ssh root@${destinationHost} -p ${destinationPort} mkdir /var/lib/nethserver/vmail/$USER@$sourceDomain
echo "New Destination Maildir OK!"
fi
echo "Sync in progress, please wait..."
/usr/bin/rsync `[ ${DRYRUN} -gt 0 ] && echo '-n -i'` -r -l -t \
-e "ssh -p ${destinationPort} -l root" \
"${sourceMaildir}/" \
"$destinationHost:${destinationDir}"
if [[ $INTCAUGHT > 0 ]]; then
exit 1
fi
if [ $? -ne 0 ]; then
echo "[ERROR] rsync failed for ${USER}"
continue
fi
# Fix permissions on destination maildir:
if [ ${DRYRUN} -eq 0 ]; then
ssh root@${destinationHost} -p ${destinationPort} chown -R 'vmail.vmail' "${destinationDir}"
ssh root@${destinationHost} -p ${destinationPort} chmod -R 'g-rwxXst,o=g' "${destinationDir}"
fi
done
Set:
chmod +x export_zentyal_maildir.sh
Test:
./export_zentyal_maildir.sh -n -p <NETHSERVER SSH PORT> -s <NETHSERVER IP> -d <EMAIL DOMAIN>
Go:
./export_zentyal_maildir.sh -s -p <NETHSERVER SSH PORT> <NETHSERVER IP> -d <EMAIL DOMAIN>
