WARNING:  USE AT YOUR OWN RISK!
This software comes with NO WARRANTY.
I make no guarantees that this software will work on your system, 
that it will compile on your system, or that it won't
irrecoverably destroy your system.  Nothing bad should happen,
but as soon as you say it is usually when it does.

Active Directory Qmail programs:
checkadpassword
ad_getpw
create_alias_files

REQUIREMENTS:
the LDAP libraries and header files must be present to 
compile, as well as most of the standard C header files and libs.
You can get LDAP here:
http://www.openldap.org

TO INSTALL:

1)	Create the control files.

Typically in /var/qmail/control, these files must be created.  
These are the default names, they can be changed in ad_func.h 
if you really want to:

ad_uid - The user id of the local user that will handle 
         delivering the mail.  This user should have rights to 
         all of the mail delivery directories
ad_gid - The group id of the local user that will handle
         delivering the mail.  This group should probably be
         restrictive so that malicious mail users are limited.
ad_defaultuserdn - The full distinguished name of the general
         user that has rights to search the active
         directory.
ad_defaultpass - The password of the general user for active 
         directory.  This file should be chmod 640 and
         chgrp nofiles.
ad_servername - The server name of the active directory server.
         Should be a fully qualified domain name or ip address.
ad_basedn - The base dn that the search will start from.
ad_domain - The domain in which the email will be found.
ad_shell - The default shell of the local user.  /bin/false is a 
         good choice.
ad_mailroot - The root directory in which the mail user's mail directory
         can be found.  Right now the mail delivery directory must
         be the same as the email user's login name.
         eg. /mailroot/mailuser

Make sure you chmod 640 on ad_defaultpass to keep anyone besides root and
the nofiles group (needed for qmail-adgetpw to access the active directory)
from lookin in that file for a password.
something like:

# chmod 640 ad_defaultpass
# chgrp nofiles ad_defaultpass


The general Active Directory LDAP lookup user doesn't really need much rights, 
only enough to do general queries and bind to the Active Directory server.
Unfortunately, it's rather difficult to restrict rights in AD 
without completely restricting access to the AD...


2)	Update some of the stuff in ad_func.h or create_alias_files.h to whatever you want.
	To use SSL or not, the file locations, etc.


3)	Compile.
	
	$ make

	You should be able to just run make all to compile the code.
	I didn't spend a lot of time with the Makefile so it basically
	does exactly the commands below.  There really isn't any configuration
	for different builds.

	gcc -Wall -O2 -lldap checkadpassword.c ad_func.c -o checkadpassword
	gcc -Wall -O2 -lldap qmail-adgetpw.c ad_func.c -o qmail-adgetpw
	gcc -Wall -O2 -lldap create_alias_files.c ad_func.c -o create_alias_files	

3b)	If you feel like removing the debugging symbols then:
	
	strip -s ./checkadpassword
	strip -s ./ad_getpw
	strip -s ./create_alias_files


4a)	Test
	Make sure that all the files are in the right place and that it
	actually talks to whatever its going to talk to.
	
	qmail-popup blah checkadpassword id

	Put in a valid username and password and it should give you the results
	of id.  Do the same with pwd to make sure that the user, group and
	directory are correct.

	Do it again with an invalid username and password to verify that it will
	actually reject failures.
	
	Check the auth log to verify that the failure occurred.
	
	
4b)	Test some more
	Next test the ad_getpw
	
	ad_getpw user
	It should return the user, uid, gid, homedir, separated by NUL character '\0'


4c)	Just using create_alias_files will let you know if it works...
	Do ./create_alias_files -h for more info.


5)	Copy the compiled programs someplace.
	After your done, make sure that you copy the files somewhere nice:
	checkadpassword
		/usr/bin or /usr/local/bin.  
		chmod 700 checkadpassword
		for security's sake.
	qmail-adgetpw
		/var/qmail/bin or whereever your qmail/bin dir is.
		chown root.qmail qmail-adgetpw
		chmod 711 qmail-adgetpw
		Copy the original someplace and rename:
		mv ./qmail-getpw ./qmail-getpw_old; mv ./qmail-adgetpw ./qmail-getpw
	create_alias_files
		Since root or someone important will need to use it
		because of the file rights:
		chown root.root create_alias_files
		chmod 700 create_alias_files
		Move somewhere like /usr/sbin or wherever you want.
		
6)	Relax with a nice beer and some cheese maybe, then update your qmail pop
	scripts and restart.  Run some trial tests.  Have another beer.


