STEPS TO AUTHENTICATE JAMES WİTH LDAP(ApacheDS for this case)
Delete record about JPA in James's conf/usersrepository.xml
and add below lines, the last ivew must be like this:
<xml>
<repository name="LocalUsers"
class="org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository"
ldapHost="ldap://localhost:10389"
principal="uid=admin,ou=system" credentials="secret" userObjectClass="inetOrgPerson" userBase="ou=users,ou=system"
userIdAttribute="uid">
<UsersDomain>example.com</UsersDomain>
<LDAPRoot>dc=example,dc=com</LDAPRoot>
<MailAddressAttribute>mail</MailAddressAttribute>
<IdentityAttribute>uid</IdentityAttribute>
<AuthenticationType>simple</AuthenticationType>
<ManagePasswordAttribute>TRUE</ManagePasswordAttribute>
<PasswordAttribute>userPassword</PasswordAttribute>
</repository>
</xml>
To explain a little;
In ApacheDS's default construction, there is a root having "dc=example,dc=com"
Because of this, the lines should be added:
<UsersDomain>example.com</UsersDomain>
<LDAPRoot>dc=example,dc=com</LDAPRoot>
And a domain called "example.com" should be added to James, it saves the info about domains still in JPA.
${james_root}/container-spring/target/appassembler/bin/james-cli.sh -h localhost adddomain
example.com
ApacheDS's admin is admin under "ou=system" entry, and its default password is "secret" thus, we need below attributes:
principal="uid=admin,ou=system" credentials="secret"
In ApacheDS when you want to add an entry it requires object classes, it should be selected, "inetOrgPerson" and it put a few more automatically thus the atribute should be aaded in configuration:
userObjectClass="inetOrgPerson"
Users are under entry "ou=users,ou=system" , thus the attribute should be added:
userBase="ou=users,ou=system"
For ApacheDS, userIdAttribute is "uid", thus it is specified:
userIdAttribute="uid"
In ApacheDS new users should be added under "ou=users,ou=system"
, with a "uid"
and a "userPassword"
attributes.
Also while adding new user, the DN should contain "uid"
.
While querying James using e.g. POP3,
USER yourUsersUID@example.com
PASS yourUsersPassword
should be used.