一、业务要求
产业链公司柬埔寨贡布湾想使用赛轮的邮箱和论客聊天系统,要求:
- 可以和赛轮共用一套通讯录,需要隔离。
二、部署方案选择
- 1.和赛轮共用(选择):投资少、无法禁止添加组织以外的用户到个人通讯录进行聊天(因为是一套系统),需要从管理角度进行干预。
- 2.自建:50万起步,聊天授权100个起卖。
三、赛轮方面工作
协助购买3个海外域名并注册10年
- ccsez.com
- gbmlun.com
- mlunport.com
添加解析和后缀即可
- 1.添加内网DNS解析记录,因在外部访问,不需要添加内网解析
#必备
im cname im.sailuntire.com
im1 cname im1.sailuntire.com
im2 cname im2.sailuntire.com
mail cname mail.sailuntire.com
mailcn cname mailcn.sailuntire.com
#其他业务
www A 60.247.207.3- 2.添加外网DNS解析
CNAME im2 默认 im2.sailuntire.com
CNAME im1 默认 im1.sailuntire.com
CNAME im 默认 im.sailuntire.com
CNAME mail 默认 mailvn.sailuntire.com
TXT @ 默认 v=spf1 include:spf.icoremail.net ip4:120.224.84.136 ip4:119.167.65.242 ip4:219.146.246.202 ip4:113.161.176.17 ip4:23.91.191.141 -all
MX @ 5 默认 mx-sailuntire-com.icoremail.net
MX @ 10 默认 mail.ccsez.com
CNAME mail 默认 mailvn.sailuntire.com
TXT @ 默认 v=spf1 include:spf.icoremail.net ip4:120.224.84.136 ip4:119.167.65.242 ip4:219.146.246.202 ip4:113.161.176.17 ip4:23.91.191.141 -all
MX @ 5 默认 mx-sailuntire-com.icoremail.net
MX @ 10 默认 mail.gbmlun.com
CNAME mail 默认 mailvn.sailuntire.com
TXT @ 默认 v=spf1 include:spf.icoremail.net ip4:120.224.84.136 ip4:119.167.65.242 ip4:219.146.246.202 ip4:113.161.176.17 ip4:23.91.191.141 -all
MX @ 5 默认 mx-sailuntire-com.icoremail.net
MX @ 10 默认 mail.mlunport.com- 3.在AD添加域名的UPN后缀、OU及用户
四、Coremail方面工作
1.域名发给售后添加海外收发和公有云论客报备
2.添加组织和域名:
组织与用户-组织管理-新建
- 标识:gbw
- 名称:柬埔寨贡布湾
- 允许登录的管理员IP:
- 192.168.0.0-192.168.254.254,10.0.0.0-10.254.254.254,172.16.0.0-172.16.254.254,10.89.1.189,127.0.0.1
- 域名设置:ccsez.com、gbmlun.com、mlunport.com
- 服务等级:国内归档
- 增值服务:勾选组织通讯录
创建组织之后,需要在该组织下创建一个id为others的部门,名为其他用户(部门名称可以改,叫什么都可),用于存储异常用户
组织通讯里:组织内及授权用户可见
3.配置AD同步策略
#1.目录同步
/home/coremail/bin/confutil
3
directories.cf #最下方添加以下配置段cos_id=13 此对应的是新建用户默认的用户服务等级,在运维管理-用户服务等级下查看对应id)
[autoSync_gbw]
SyncType = "ldap"
SyncLocalOrg = "gbw"
cos_id = "13"
domainName = "ccsez.com"
SyncPersonTypes = "U,L,X,M"
ldap.host = "10.89.1.225"
ldap.port = "389"
ldap.baseDN = "OU=柬埔寨贡布湾,OU=公司,DC=sailuntire,DC=com"
ldap.bindDN = "coremailadmin@sailuntire.com"
ldap.bindPassword = "s@iluntyre123Qq"
#ldap.urlCharset = "gbk"
ldap.urlCharset = "utf-8"
AutoAddDomainName = "false"
PersonFailStrategy = "1"
OuFailStrategy = "1"
Person.User.DeleteStrategy = "4"
Person.User.DeletingOu="gbw/others"
Person.User.DeletingStatus = "4"
Person.MailList.DeleteStrategy = "4"
Person.MailList.DeletingOu="gbw/others"
Person.Contact.DeleteStrategy = "1"
Ou.DeleteStrategy = "1"
ldap.ou.objectClass = "organizationalUnit"
ldap.ou.attrMap.id = "objectGUID"
ldap.ou.attrMap.name = "description,ou"
ldap.person.objectClass = "person,contact,group"
ldap.person.attrMap.true_name = "displayName"
ldap.person.attrMap.email = "mail"
ldap.user.attrMap.user_status = "FacsimileTelephoneNumber"
ldap.person.attrTrans.user_status = "map:disabled=1&=0"
ldap.user.attrMap.privacy_level = "FacsimileTelephoneNumber"
ldap.person.attrTrans.privacy_level = "map:disabled=0&=4"
java.naming.referral = "follow"
java.naming.ldap.attributes.binary = "objectGUID objectSid"
TransLogFile = "$(COREMAIL_HOME)/logs/synctrans/sync.t"
DefaultPersonType = "U"
SyncPersonType.valueMap.X = "contact"
ldap.mailList.attrMap.memberEmail = "mail"
ldap.mailList.attrMap.member = "member"
ldap.person.attrMap.zipcode="postalCode"
ldap.mailList.attrMap.email = "mail"
ldap.mailList.instanceType = "4"
ldap.mailList.attrMap.true_name = "displayName"
SyncPersonType.valueMap.L = "group"
SyncPersonType.valueMap.U = "person"
ldap.person.attrMap.person_type = "objectClass"
#SyncLocalUserDefaultAttrs = "privacy_level=4"
SyncLocalAddUserAttrs="region_id=qingdao&privacy_level=4" #add region_id
Notifications.DeleteWarn.Limit = "50"
DisableBackup = "true"
ldap.person.attrMap.last_name = "givenName"
ldap.person.attrMap.first_name = "sn"
ldap.person.attrMap.mobile_number = "mobile"
ldap.person.attrMap.home_phone = "homePhone"
ldap.person.attrMap.company_phone = "telephoneNumber"
#ldap.person.attrMap.fax_number = "FacsimileTelephoneNumber"
#ldap.person.attrMap.alias="postOfficeBox"
completedTimestamp = "20260303225501"
ldap.person.attrMap.duty = "title"
Person.AutoOrder="false"
Ou.DisableOrder="true"
#2.自动同步
/home/coremail/bin/confutil
3
programs.cf #新增下面配置段
[autoSync_gubo]
ExecTime="24 * * * *"
Arguments="$(COREMAIL_HOME)/bin/sautil addressbook-sync@autoSync_gubo autoSync_gubo --force-sync"
LogFile="$(COREMAIL_HOME)/logs/syncuser_gubo.log"
LogLevel="info"
/home/coremail/bin/confutil
3
hosts.cf
在这个配置段后面新增autoSync_gubo
[mailudms]
SecurityModeUser="root"
IP="172.16.101.234"
ProgramsList="RmiServer,mssvr,udsvr,mdsvr,adminsvr,convertlog,udext,sysmonitor,searchsvr,usrbak,SysScanPeriod,mlstsvr,siosvr,LicenseExpiredRemind,mscache,autoSync_qingdao,autoSync_yuenan,autoSync_jianada,autoSync_group,autoSync_actr,autoSync_gubo,udsyncsvr,udsyncutil,udsync_checkstat,monitorsvr"
重启服务(重启定时任务所在的机器adminsvr服务)
/home/coremail/bin/coremail restart adminsvr4.AD认证同步:若还需要开镜像,需要在镜像节点也配置
中心节点
cat /home/coremail/conf/auth.cf
/home/coremail/bin/confutil
3 auth.cf #新增配置段
[ldap11]
AuthType="ldap"
AuthCategoryName="ldap"
AuthDomain="gbmlun.com"
AuthFlag="14"
ConnCount="30"
CommTimeout="10"
Server="10.89.1.225"
Port="389"
CMCharset="GBK"
LDAPCharset="utf-8"
BindUserDN="USER_ID@gbmlun.com"
Condition="sAMAccountName=USER_ID"
[ldap12]
AuthType="ldap"
AuthCategoryName="ldap"
AuthDomain="mlunport.com"
AuthFlag="14"
ConnCount="30"
CommTimeout="10"
Server="10.89.1.225"
Port="389"
CMCharset="GBK"
LDAPCharset="utf-8"
BindUserDN="USER_ID@mlunport.com"
Condition="sAMAccountName=USER_ID"
[gbw]
AuthType="ldap"
AuthCategoryName="ldap"
AuthDomain="ccsez.com"
AuthFlag="14"
ConnCount="30"
CommTimeout="10"
ServerList="#gbw#=10.89.1.225:389"
Port="389"
CMCharset="GBK"
LDAPCharset="utf-8"
BindUserDN="USER_ID@ccsez.com"
Condition="sAMAccountName=USER_ID"越南节点
cat /home/coremail/conf/auth.cf
/home/coremail/bin/confutil
3 auth.cf #新增配置段
[gbw]
AuthType="ldap"
AuthCategoryName="ldap"
AuthDomain="ccsez.com"
AuthFlag="14"
ConnCount="30"
CommTimeout="10"
ServerList="#gbw#=192.168.150.225:389"
Port="389"
CMCharset="GBK"
LDAPCharset="utf-8"
BindUserDN="USER_ID@ccsez.com"
Condition="sAMAccountName=USER_ID"
[ldap11]
AuthType="ldap"
AuthCategoryName="ldap"
AuthDomain="gbmlun.com"
AuthFlag="14"
ConnCount="30"
CommTimeout="10"
Server="192.168.150.225"
Port="389"
CMCharset="GBK"
LDAPCharset="utf-8"
BindUserDN="USER_ID@gbmlun.com"
Condition="sAMAccountName=USER_ID"
[ldap12]
AuthType="ldap"
AuthCategoryName="ldap"
AuthDomain="mlunport.com"
AuthFlag="14"
ConnCount="30"
CommTimeout="10"
Server="192.168.150.225"
Port="389"
CMCharset="GBK"
LDAPCharset="utf-8"
BindUserDN="USER_ID@mlunport.com"
Condition="sAMAccountName=USER_ID"这里要和组织ID对应上,指定这个组织到哪台AD服务器认证,重启服务使其生效
/home/coremail/bin/coremail restart udsvr6.在论客IM系统上报备域名
不要修改WebNameLookupURL把ip改成域名,否则命令执行失败
[root@mailim2 ~]# /home/coremail/bin/confutil
CoreMail Version BES2.0.4_RC2(Build Linux-211229[50230.50903.55980]-5045af8-b5719b4-ad82d2e) Copyright (c) 2000-2021 Mailtech Limited
Cmd: 0-End 1-List 2-View 3-VI 4-DL 7-DlAll 9-Flush 10-FlushAll 11-Check [risky operation: 5-UL 6-Del 8-UlAll]
3 cim.cf
WebNameLookupURL="http://172.16.101.238/query-domain/query?domain="
这个外网无法访问 需要修改cim.cf的配置文件
将其修改为
WebNameLookupURL="https://im.sailuntire.com/query-domain/query?domain="
两台前端需要 重新加载生效
curl -XPOST 'http://127.0.0.1:9900/lunkr/s/json?func=debug:appState' -H 'Content-Type: text/x-json' -d'{reloadConfig:true}' [root@mailim1 ~]# curl "http://172.16.101.238/query-domain/add?domain=ccsez.com&visitDoamin=mail.ccsez.com&provider_type=0"- 172.16.101.238表示部署了query-domain的论客服务器前端地址;
- domain=ccsez.com表示报备的域名;
- visitDomain=mail.ccsez.com表示访问邮箱的域名。
如果系统上有多个域名,需要分别进行报备。报备之后,在t_provider表中可以查到每个域名的报备信息:
A.域名报备之后,数据库中没有lookup的报备信息,需要手动添加
use query_domain;
INSERT INTO `t_template_node` (`uuid`, `type`, `username`, `uri`, `provider_id`, `enabled`) VALUES ('0e134e7ea5dc473ca457f67d82e8e033','lookup','$email','https://mail.sailuntire.com/coremail/lookup.jsp?uid=$email&type=simple','3deb01ecb0db4faa99116d8c4d5c69b7',1);- #0e134e7ea5dc473ca457f67d82e5e033 自己编一个 保证长度一致和其他的不重复即可,一般是0-9 a-f,
- #3de是从报备数据库里面查询 select * from t_provider;
B.默认报备的是 http 协议,需要手动更新为 https 协议
update t_template_node set uri='https://mail.sailuntire.com/coremail/dav/users/$email/' where type='dav';
update t_template_node set uri='https://mail.sailuntire.com/coremail/dav/users/$email/abs/default/' where type='carddav';
update t_template_node set uri='https://mail.sailuntire.com/coremail/' where type='gal';
update t_template_node set uri='https://mail.sailuntire.com/coremail/dav/users/$email/cas/' where type='caldav';实战操作:
[root@mailim1 ~]# curl "http://172.16.101.238/query-domain/add?domain=eveneve.com.cn&visitDoamin=mail.eveneve.com.cn&provider_type=0"
[root@mailimbackend ~]# /home/coremail/mysql/bin/mysql -ucoremail -p362755434 -h127.0.0.1 -P3308
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 26695
Server version: 10.5.7-MariaDB-log Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> use query_domain;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [query_domain]> select * FROM t_provider;
+----------------------------------+--------------------+--------------------+--------------------+---------------+-----------+----------+
| uuid | provider_id | domain | label | provider_type | effective | industry |
+----------------------------------+--------------------+--------------------+--------------------+---------------+-----------+----------+
| 02e2502c94c44952a000cac2b16b7f4d | cyriex.com | cyriex.com | cyriex.com | 0 | 1 | NULL |
| 0d70d1b33fe4412c9513291e21f4397e | festlogistics.com | festlogistics.com | festlogistics.com | 0 | 1 | NULL |
| 3deb01ecb0db4faa99116d8c4d5c69b7 | ccsez.com | ccsez.com | ccsez.com | 0 | 1 | NULL |
| 6b98716fe1e44691b4d9e6b944a77b6f | tireverit.com | tireverit.com | tireverit.com | 0 | 1 | NULL |
| 94e0a0d7046d491b991af379c24a2e3a | eveneve.com.cn | eveneve.com.cn | eveneve.com.cn | 0 | 1 | NULL |
| 9a11a087d8854aed9a4dfb95cef59f41 | roadxtire.vn | roadxtire.vn | roadxtire.vn | 0 | 1 | NULL |
| a1574d4df60749acb25a65f1b079e4b8 | syhtenergy.com | syhtenergy.com | syhtenergy.com | 0 | 1 | NULL |
| e0c96b92e2284d84b37f95fa55797822 | ecorubbercloud.com | ecorubbercloud.com | ecorubbercloud.com | 0 | 1 | NULL |
| e38079bf65704727bbf661b3f83daad4 | everi.com.cn | everi.com.cn | everi.com.cn | 0 | 1 | NULL |
| e69d705a88de4e928bdcf5d8f9db128c | sailuntire.com | sailuntire.com | sailuntire.com | 0 | 1 | NULL |
| e8c0f2cf4a3042a7a61598a402802c9b | stonelab.com.cn | stonelab.com.cn | stonelab.com.cn | 0 | 1 | NULL |
| eb812a93e85042f2ad48eed1bbb793db | aztema.com | aztema.com | aztema.com | 0 | 1 | NULL |
| fe535e9ef5bc473fa387f58d81e5e261 | gubotire.com | gubotire.com | gubotire.com | 0 | 1 | NULL |
+----------------------------------+--------------------+--------------------+--------------------+---------------+-----------+----------+
13 rows in set (0.000 sec)
MariaDB [query_domain]> INSERT INTO `t_template_node` (`uuid`, `type`, `username`, `uri`, `provider_id`, `enabled`) VALUES ('0e134e7ea5dc473ca457f67d82e8e033','lookup','$email','https://mail.sailuntire.com/coremail/lookup.jsp?uid=$email&type=simple','3deb01ecb0db4faa99116d8c4d5c69b7',1);
Query OK, 1 row affected (0.003 sec)
MariaDB [query_domain]> update t_template_node set uri='https://mail.sailuntire.com/coremail/dav/users/$email/' where type='dav';
Query OK, 1 row affected (0.001 sec)
Rows matched: 13 Changed: 1 Warnings: 0
MariaDB [query_domain]> update t_template_node set uri='https://mail.sailuntire.com/coremail/dav/users/$email/abs/default/' where type='carddav';
Query OK, 1 row affected (0.001 sec)
Rows matched: 13 Changed: 1 Warnings: 0
MariaDB [query_domain]> update t_template_node set uri='https://mail.sailuntire.com/coremail/' where type='gal';
Query OK, 1 row affected (0.001 sec)
Rows matched: 13 Changed: 1 Warnings: 0
MariaDB [query_domain]> update t_template_node set uri='https://mail.sailuntire.com/coremail/dav/users/$email/cas/' where type='caldav';
Query OK, 1 row affected (0.001 sec)
Rows matched: 13 Changed: 1 Warnings: 0
MariaDB [query_domain]> quit
Bye
[root@mailimbackend ~]# 设置完之后,创建一个用户手动执行下同步,在有定时任务的那台服务器
/home/coremail/bin/sautil addressbook-sync autoSync_gbw手动执行完后去管理后台看下同步效果