1 Topic by sergiocesar

  • sergiocesar
  • Member
  • Offline
  • Registered: 2014-04-28
  • Posts: 94

Topic: ldap and AD authentication same server

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7 OPENLDAP edition.
- Linux/BSD distribution name and version: Centos 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): configured for AD
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? NO
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
I have it working ok authenticating with my win2012 AD.
is there anyway I can create account within iredmail and keep the one in the AD so users in AD and local to ired will work?
I have some 120 users in AD and some 200 not in AD. My customer requires that we have a license for each user in AD and the users NOT in AD only needs email access.

I try to add to postfix the configuration:
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ad_virtual_mailbox_maps.cf,proxy:ldap:/etc/postfix/ldap/virtual_mailbox_maps.cf
but I have no idea how to configure dovecot or roundcube and sogo.

Thanks

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: ldap and AD authentication same server

sergiocesar wrote:

is there anyway I can create account within iredmail and keep the one in the AD so users in AD and local to ired will work?

Sure.

sergiocesar wrote:

but I have no idea how to configure dovecot or roundcube and sogo.

Similar to Postfix. You need to create extra "userdb" and "passdb" in Dovecot config file.

3 Reply by sergiocesar

  • sergiocesar
  • Member
  • Offline
  • Registered: 2014-04-28
  • Posts: 94

Re: ldap and AD authentication same server

Do you mean duplicating the userdb and passdb entries in the file, something like this?

create the AD file ovecot-ldap-ad.conf

edit /etc/dovecot.dovecot.conf file and add the lines below:

# Virtual mail accounts.
##dovecot will used this for authentication using the local samba AD
## add users via iremail management
userdb {
    args = /etc/dovecot/dovecot-ldap.conf
    driver = ldap
}
passdb {
    args = /etc/dovecot/dovecot-ldap.conf
    driver = ldap
}

##dovecot will used this for authentication using the windows AD
## Add users in the windows AD machine
userdb {
    args = /etc/dovecot/dovecot-ldap-ad.conf
    driver = ldap
}
passdb {
    args = /etc/dovecot/dovecot-ldap-ad.conf
    driver = ldap
}

4 Reply by sergiocesar

  • sergiocesar
  • Member
  • Offline
  • Registered: 2014-04-28
  • Posts: 94

Re: ldap and AD authentication same server

It worked, this works with roundcube as installed by iRed.
The only thing now is to get SOGO to authenticate I have yet to figure that out. any hints would be appreciated.
This allow me to add users via ired admin or on the AD server. This way I dont needto buy  Micro$oft licenses for each user that need no AD account.

here is the configuration,

/etc/dovecot/dovecot.conf
# Virtual mail accounts.
userdb {
    args = /etc/dovecot/dovecot-ldap.conf
    driver = ldap
  skip = never
  result_failure = continue
  result_internalfail = continue
  result_success = return-ok
}
passdb {
    args = /etc/dovecot/dovecot-ldap.conf
    driver = ldap
}
#
userdb {
    args = /etc/dovecot/dovecot-ldap-ired.conf
    driver = ldap
}
passdb {
    args = /etc/dovecot/dovecot-ldap-ired.conf
    driver = ldap
}
------------------------------------------------
dovecot-ldap.conf
hosts           = AD.servername.domain.com:389
ldap_version    = 3
auth_bind       = yes
dn              = vmail
dnpass          = AD server password
base            = cn=users,dc=domain,dc=com
scope           = subtree
deref           = never
user_filter     = (&(objectCategory=person)(objectClass=user)(mail=%u))
pass_filter     = (&(objectCategory=person)(objectClass=user)(mail=%u)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs      = userPassword=password
user_attrs      = =home=/var/vmail/vmail1/%Ld/%Ln/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/
default_pass_scheme = MD5

-------------------------------------------------

dovecot-ldap-ired.conf
#This is the original file created by ired install with few changes for my local config
hosts           = 127.0.0.1:389
ldap_version    = 3
auth_bind       = yes
dn              = cn=vmail,dc=domain,dc=com
dnpass          = ired-ldap-password
base            = o=domains,dc=domain,dc=com
scope           = subtree
deref           = never

# Below two are required by command 'doveadm mailbox ...'
iterate_attrs   = mail=user
iterate_filter  = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail))

user_filter     = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
##user_attrs      = mail=user,homeDirectory=home,=mail=maildir:~/Maildir/,mailQuota=quota_rule=*:bytes=%$
user_attrs      = =home=/var/vmail/vmail1/%Ld/%Ln/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/,mailQuota=quota_rule=*:bytes=%$
pass_filter     = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
pass_attrs      = mail=user,userPassword=password
default_pass_scheme = CRYPT

--------------------------------------------------------