1

Topic: what to do after Integrate Microsoft Active Directory ?

hi there !
I'm new to Iredmail and mail servers in general (still a student)
I want to use my iredMail server with my windows server 2012 domain. I followed the documentation page named "Integrate Microsoft Active Directory for user authentication and address book" I did all the steps without probleme but in the end of the page i have no information on how to use the active directory users to connect in roundcube and send emails to each others.

if someone could explain to me what i didn't understand or just tell me what am i missing ?

(sorry for my bad english)

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: what to do after Integrate Microsoft Active Directory ?

ybkdm wrote:

i have no information on how to use the active directory users to connect in roundcube and send emails to each others.

Just login to webmail with full email address as username, and your AD password as login password. smile

3

Re: what to do after Integrate Microsoft Active Directory ?

HI thanks for the respond !

i tried to login like you said, it worked but only with users member of the OU named "USERS". I would like to login with anyone on the domain regardeless the OU, can i do that ?

4

Re: what to do after Integrate Microsoft Active Directory ?

ybkdm wrote:

I would like to login with anyone on the domain regardeless the OU, can i do that ?

Updated the ldap base dn to the proper one which contains all users.

For example:

- in /etc/postfix/ad_*.cf, update `search_base` parameter.
- in /etc/dovecot/dovecot-ldap.conf, update `base` parameter.

5

Re: what to do after Integrate Microsoft Active Directory ?

For example
works if the mail field is filled in the user profile in DC
https://clip2net.com/clip/m133812/31ac8-clip-26kb.png

dovecot-ldap.conf

hosts           = dc2.domain.local:389
ldap_version    = 3
auth_bind       = yes
dn              = domain\iredmail
dnpass          = SUPADUPAPASSWORD
base            = domain,DC=local
scope           = subtree
deref           = never

# Below two are required by command 'doveadm mailbox ...'
user_filter     = (&(mail=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_filter     = (&(mail=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs      = userPassword=password
default_pass_scheme = CRYPT
user_attrs      = =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir/

sender_login_maps.cf

server_host     = dc2.domain.local
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = iredmail@domain.local
bind_pw         = SUPADUPAPASSWORD
search_base     = DC=domain,DC=local
scope           = sub
query_filter    = (&(mail=%s)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
result_attribute= mail
debuglevel      = 0

virtual_group_maps.cf

server_host     = dc2.domain.local
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = iredmail@domain.local
bind_pw         = SUPADUPAPASSWORD
search_base     = DC=domain,DC=local
scope           = sub
query_filter    = (&(objectClass=group)(mail=%s))
special_result_attribute = member
leaf_result_attribute = mail
result_attribute= mail
debuglevel      = 0


virtual_mailbox_maps.cf

server_host     = dc2.domain.local
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = iredmail@domain.local
bind_pw         = SUPADUPAPASSWORD
search_base     = DC=domain,DC=local
scope           = sub
query_filter    = (&(mail=%s)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
result_attribute= mail
result_format   = %d/%u/Maildir/
debuglevel      = 0

6

Re: what to do after Integrate Microsoft Active Directory ?

you May want to modify the ldap filter to query the account you want. Default is “(mail=%s)”, it queries the ldap attribute “mail”.

7

Re: what to do after Integrate Microsoft Active Directory ?

dovecot-ldap.conf

hosts           = dc2.domain.local:389
ldap_version    = 3
auth_bind       = yes
dn              = domain\iredmail
dnpass          = SUPADUPAPASSWORD
base            = domain,DC=local
scope           = subtree
deref           = never

# Below two are required by command 'doveadm mailbox ...'
user_filter     = (&(mail=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_filter     = (&(mail=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs      = userPassword=password
default_pass_scheme = CRYPT
user_attrs      = =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir/

thanks for your reply but i still don't get it, I have a probleme with dovecot authentification after changing the 4 file just like "CrashXRU" did i tried the postmap command to verify sender login it worked without probleme but when i tried the commande :
dovecot auth test vmail@ybkdm.com
it return "auth failed", so i don't know how to fix this issue

8

Re: what to do after Integrate Microsoft Active Directory ?

Please turn on debug mode in Dovecot and read its detailed log carefully:
https://docs.iredmail.org/debug.dovecot.html