1

Topic: Mysql Sync with AD

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.84
- Linux/BSD distribution name and version: debian 8 jessie
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  mysql
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? no
- Related log if you're reporting an issue:
====

I have use mysql as backend to store user and password.

But some client need to use AD to connect with mail server.

What best solution should I do for this.

What I understand I should have
1. Allow AD to authenticate with their user and password.

But
how to create,delete,edit user?
how to not allow user to login if AD is the master of authenticate.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Mysql Sync with AD

You have to add LDAP AD config to your existent config : http://www.iredmail.org/docs/active.directory.html
Users under AD will be able to authenticate using their AD password, users in MySQL DB will be able to authenticate using MySQL stored passwords.
Create an account in iRedAdmin with the mail of the AD account to be able to manage this account.

3

Re: Mysql Sync with AD

Postfix/Dovecot can query users with only one source (e.g. MySQL), but it also supports querying from multiple sources (in particular order you specified in config files), e.g. both MySQL and AD.

So just follow the tutorial @nicolasfo gave in above reply, and add extra LDAP query in Postfix.

With AD integration, you can manage mail users with AD management tool itself.

4

Re: Mysql Sync with AD

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 1.1
- Linux/BSD distribution name and version: debian 8 jessie
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  mysql
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? no
- Related log if you're reporting an issue:
===
Hi,
I have the same problem like jackavin,
Thenk you for this post it's very helpfull.
I check LDAP configuraton (http://www.iredmail.org/docs/active.directory.html) but it's not understandable for me.

I create 3 files :

/etc/postfix/ad_sender_login_maps.cf'
/etc/postfix/ad_virtual_mailbox_maps.cf'
/etc/postfix/ad_virtual_group_maps.cf'

and add new lines into /etc/postfx/main.cf

smtpd_sender_login_maps='proxy:ldap:/etc/postfix/ad_sender_login_maps.cf'
virtual_mailbox_maps='proxy:ldap:/etc/postfix/ad_virtual_mailbox_maps.cf'
virtual_alias_maps='proxy:ldap:/etc/postfix/ad_virtual_group_maps.cf'

Unfortunately it isn't work.

When i chcek congif files :
"# postmap -q user@example.com ldap:/etc/postfix/ad_sender_login_maps.cf
user@example.com"
I get answer
"postmap: fatal: unsupported dictionary type: ldap"

My LDAP configuration is ok.
I chcek it by :
"ldapsearch -x -h ad.example.com -D 'vmail' -W -b 'cn=users,dc=example,dc=com'
Enter password: password_of_vmail"

Thenk you for any help

5

Re: Mysql Sync with AD

pawel.block wrote:

"postmap: fatal: unsupported dictionary type: ldap"

Installing package "postfix-ldap" should fix this issue.

6

Re: Mysql Sync with AD

ZhangHuangbin thank you.
nstalling package "postfix-ldap" help me.

I don't get answer
"postmap: fatal: unsupported dictionary type: ldap"

When i chcek config :
"# postmap -q user@example.com ldap:/etc/postfix/ad_sender_login_maps.cf

I get noting.

/etc/postfix/ad_sender_login_maps.cf :
server_host     = 192.168.xx.xx
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = iredmail_ldap
bind_pw         = password
search_base     = CN=Gr.local_mail,OU=domein,DC=domein,DC=local
scope           = sub
query_filter    = (&(userPrincipalName=%s)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
result_attribute= userPrincipalName
debuglevel      = 1

Check commend :  postmap -q pawel@domein.pl ldap:/etc/postfix/ad_sender_login_maps.cf
Answer :
postmap: dict_ldap_debug: ldap_create
postmap: dict_ldap_debug: ldap_url_parse_ext(ldap://192.168.xx.xx:389)
postmap: dict_ldap_debug: ldap_sasl_bind
postmap: dict_ldap_debug: ldap_send_initial_request
postmap: dict_ldap_debug: ldap_new_connection 1 1 0
postmap: dict_ldap_debug: ldap_int_open_connection
postmap: dict_ldap_debug: ldap_connect_to_host: TCP 192.168.xx.xx:389
postmap: dict_ldap_debug: ldap_new_socket: 4
postmap: dict_ldap_debug: ldap_prepare_socket: 4
postmap: dict_ldap_debug: ldap_connect_to_host: Trying 192.168.xx.xx:389
postmap: dict_ldap_debug: ldap_pvt_connect: fd: 4 tm: 10 async: 0
postmap: dict_ldap_debug: ldap_ndelay_on: 4
postmap: dict_ldap_debug: attempting to connect:
postmap: dict_ldap_debug: connect errno: 115
postmap: dict_ldap_debug: ldap_int_poll: fd: 4 tm: 10
postmap: dict_ldap_debug: ldap_is_sock_ready: 4
postmap: dict_ldap_debug: ldap_ndelay_off: 4
postmap: dict_ldap_debug: ldap_pvt_connect: 0
postmap: dict_ldap_debug: ldap_open_defconn: successful
postmap: dict_ldap_debug: ldap_send_server_request
postmap: dict_ldap_debug: ber_scanf fmt ({it) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({i) ber:
postmap: dict_ldap_debug: ber_flush2: 38 bytes to sd 4
postmap: dict_ldap_debug: ldap_result ld 0x55b0fe191a20 msgid 1
postmap: dict_ldap_debug: wait4msg ld 0x55b0fe191a20 msgid 1 (timeout 10000000 usec)
postmap: dict_ldap_debug: wait4msg continue ld 0x55b0fe191a20 msgid 1 all 1
postmap: dict_ldap_debug: ** ld 0x55b0fe191a20 Connections:
postmap: dict_ldap_debug: * host: 192.168.xx.xx  port: 389  (default)
postmap: dict_ldap_debug:   refcnt: 2  status: Connected
postmap: dict_ldap_debug:   last used: Tue Mar 24 09:46:48 2020
postmap: dict_ldap_debug:
postmap: dict_ldap_debug: ** ld 0x55b0fe191a20 Outstanding Requests:
postmap: dict_ldap_debug:  * msgid 1,  origid 1, status InProgress
postmap: dict_ldap_debug:    outstanding referrals 0, parent count 0
postmap: dict_ldap_debug:   ld 0x55b0fe191a20 request count 1 (abandoned 0)
postmap: dict_ldap_debug: ** ld 0x55b0fe191a20 Response Queue:
postmap: dict_ldap_debug:    Empty
postmap: dict_ldap_debug:   ld 0x55b0fe191a20 response count 0
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x55b0fe191a20 msgid 1 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x55b0fe191a20 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0x55b0fe191a20 msgid 1 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ber_get_next: tag 0x30 len 16 contents:
postmap: dict_ldap_debug: read1msg: ld 0x55b0fe191a20 msgid 1 message type bind
postmap: dict_ldap_debug: ber_scanf fmt ({eAA) ber:
postmap: dict_ldap_debug: read1msg: ld 0x55b0fe191a20 0 new referrals
postmap: dict_ldap_debug: read1msg:  mark request completed, ld 0x55b0fe191a20 msgid 1
postmap: dict_ldap_debug: request done: ld 0x55b0fe191a20 msgid 1
postmap: dict_ldap_debug: res_errno: 0, res_error: <>, res_matched: <>
postmap: dict_ldap_debug: ldap_free_request (origid 1, msgid 1)
postmap: dict_ldap_debug: ldap_parse_result
postmap: dict_ldap_debug: ber_scanf fmt ({iAA) ber:
postmap: dict_ldap_debug: ber_scanf fmt (}) ber:
postmap: dict_ldap_debug: ldap_msgfree
postmap: dict_ldap_debug: ldap_search_ext
postmap: dict_ldap_debug: put_filter: "(&(userPrincipalName=pawel@domein.pl)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
postmap: dict_ldap_debug: put_filter: AND
postmap: dict_ldap_debug: put_filter_list "(userPrincipalName=pawel@domein.pl)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))"
postmap: dict_ldap_debug: put_filter: "(userPrincipalName=pawel@domein.pl)"
postmap: dict_ldap_debug: put_filter: simple
postmap: dict_ldap_debug: put_simple_filter: "userPrincipalName=pawel@domein.pl"
postmap: dict_ldap_debug: put_filter: "(objectClass=person)"
postmap: dict_ldap_debug: put_filter: simple
postmap: dict_ldap_debug: put_simple_filter: "objectClass=person"
postmap: dict_ldap_debug: put_filter: "(!(userAccountControl:1.2.840.113556.1.4.803:=2))"
postmap: dict_ldap_debug: put_filter: NOT
postmap: dict_ldap_debug: put_filter_list "(userAccountControl:1.2.840.113556.1.4.803:=2)"
postmap: dict_ldap_debug: put_filter: "(userAccountControl:1.2.840.113556.1.4.803:=2)"
postmap: dict_ldap_debug: put_filter: simple
postmap: dict_ldap_debug: put_simple_filter: "userAccountControl:1.2.840.113556.1.4.803:=2"
postmap: dict_ldap_debug: ldap_send_initial_request
postmap: dict_ldap_debug: ldap_send_server_request
postmap: dict_ldap_debug: ber_scanf fmt ({it) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({) ber:
postmap: dict_ldap_debug: ber_flush2: 221 bytes to sd 4
postmap: dict_ldap_debug: ldap_result ld 0x55b0fe191a20 msgid 2
postmap: dict_ldap_debug: wait4msg ld 0x55b0fe191a20 msgid 2 (timeout 10000000 usec)
postmap: dict_ldap_debug: wait4msg continue ld 0x55b0fe191a20 msgid 2 all 1
postmap: dict_ldap_debug: ** ld 0x55b0fe191a20 Connections:
postmap: dict_ldap_debug: * host: 192.168.xx.xx  port: 389  (default)
postmap: dict_ldap_debug:   refcnt: 2  status: Connected
postmap: dict_ldap_debug:   last used: Tue Mar 24 09:46:48 2020
postmap: dict_ldap_debug:
postmap: dict_ldap_debug: ** ld 0x55b0fe191a20 Outstanding Requests:
postmap: dict_ldap_debug:  * msgid 2,  origid 2, status InProgress
postmap: dict_ldap_debug:    outstanding referrals 0, parent count 0
postmap: dict_ldap_debug:   ld 0x55b0fe191a20 request count 1 (abandoned 0)
postmap: dict_ldap_debug: ** ld 0x55b0fe191a20 Response Queue:
postmap: dict_ldap_debug:    Empty
postmap: dict_ldap_debug:   ld 0x55b0fe191a20 response count 0
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x55b0fe191a20 msgid 2 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x55b0fe191a20 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0x55b0fe191a20 msgid 2 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ber_get_next: tag 0x30 len 16 contents:
postmap: dict_ldap_debug: read1msg: ld 0x55b0fe191a20 msgid 2 message type search-result
postmap: dict_ldap_debug: ber_scanf fmt ({eAA) ber:
postmap: dict_ldap_debug: read1msg: ld 0x55b0fe191a20 0 new referrals
postmap: dict_ldap_debug: read1msg:  mark request completed, ld 0x55b0fe191a20 msgid 2
postmap: dict_ldap_debug: request done: ld 0x55b0fe191a20 msgid 2
postmap: dict_ldap_debug: res_errno: 0, res_error: <>, res_matched: <>
postmap: dict_ldap_debug: ldap_free_request (origid 2, msgid 2)
postmap: dict_ldap_debug: ldap_parse_result
postmap: dict_ldap_debug: ber_scanf fmt ({iAA) ber:
postmap: dict_ldap_debug: ber_scanf fmt (}) ber:
postmap: dict_ldap_debug: ldap_msgfree
postmap: dict_ldap_debug: ldap_free_connection 1 1
postmap: dict_ldap_debug: ldap_send_unbind
postmap: dict_ldap_debug: ber_flush2: 7 bytes to sd 4
postmap: dict_ldap_debug: ldap_free_connection: actually freed

I check "userPrincipalName" for user pawel in AD : pawel@domain.local

So I change /etc/postfix/ad_sender_login_maps.cf and try again.

/etc/postfix/ad_sender_login_maps.cf :

server_host     = 192.168.xx.xx
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = iredmail_ldap
bind_pw         = password
search_base     = CN=Gr.local_mail,OU=domein,DC=domein,DC=local
scope           = sub
query_filter    = (&(mail=%s)(objectClass=person))
result_attribute= mail
debuglevel      = 1

Check commend :  postmap -q pawel@domein.pl ldap:/etc/postfix/ad_sender_login_maps.cf
Answer :

postmap: dict_ldap_debug: ldap_create
postmap: dict_ldap_debug: ldap_url_parse_ext(ldap://192.168.xx.xx:389)
postmap: dict_ldap_debug: ldap_sasl_bind
postmap: dict_ldap_debug: ldap_send_initial_request
postmap: dict_ldap_debug: ldap_new_connection 1 1 0
postmap: dict_ldap_debug: ldap_int_open_connection
postmap: dict_ldap_debug: ldap_connect_to_host: TCP 192.168.xx.xx:389
postmap: dict_ldap_debug: ldap_new_socket: 4
postmap: dict_ldap_debug: ldap_prepare_socket: 4
postmap: dict_ldap_debug: ldap_connect_to_host: Trying 192.168.xx.xx:389
postmap: dict_ldap_debug: ldap_pvt_connect: fd: 4 tm: 10 async: 0
postmap: dict_ldap_debug: ldap_ndelay_on: 4
postmap: dict_ldap_debug: attempting to connect:
postmap: dict_ldap_debug: connect errno: 115
postmap: dict_ldap_debug: ldap_int_poll: fd: 4 tm: 10
postmap: dict_ldap_debug: ldap_is_sock_ready: 4
postmap: dict_ldap_debug: ldap_ndelay_off: 4
postmap: dict_ldap_debug: ldap_pvt_connect: 0
postmap: dict_ldap_debug: ldap_open_defconn: successful
postmap: dict_ldap_debug: ldap_send_server_request
postmap: dict_ldap_debug: ber_scanf fmt ({it) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({i) ber:
postmap: dict_ldap_debug: ber_flush2: 38 bytes to sd 4
postmap: dict_ldap_debug: ldap_result ld 0x55aae4f53710 msgid 1
postmap: dict_ldap_debug: wait4msg ld 0x55aae4f53710 msgid 1 (timeout 10000000 usec)
postmap: dict_ldap_debug: wait4msg continue ld 0x55aae4f53710 msgid 1 all 1
postmap: dict_ldap_debug: ** ld 0x55aae4f53710 Connections:
postmap: dict_ldap_debug: * host: 192.168.xx.xx  port: 389  (default)
postmap: dict_ldap_debug:   refcnt: 2  status: Connected
postmap: dict_ldap_debug:   last used: Tue Mar 24 09:56:41 2020
postmap: dict_ldap_debug:
postmap: dict_ldap_debug: ** ld 0x55aae4f53710 Outstanding Requests:
postmap: dict_ldap_debug:  * msgid 1,  origid 1, status InProgress
postmap: dict_ldap_debug:    outstanding referrals 0, parent count 0
postmap: dict_ldap_debug:   ld 0x55aae4f53710 request count 1 (abandoned 0)
postmap: dict_ldap_debug: ** ld 0x55aae4f53710 Response Queue:
postmap: dict_ldap_debug:    Empty
postmap: dict_ldap_debug:   ld 0x55aae4f53710 response count 0
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x55aae4f53710 msgid 1 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x55aae4f53710 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0x55aae4f53710 msgid 1 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ber_get_next: tag 0x30 len 16 contents:
postmap: dict_ldap_debug: read1msg: ld 0x55aae4f53710 msgid 1 message type bind
postmap: dict_ldap_debug: ber_scanf fmt ({eAA) ber:
postmap: dict_ldap_debug: read1msg: ld 0x55aae4f53710 0 new referrals
postmap: dict_ldap_debug: read1msg:  mark request completed, ld 0x55aae4f53710 msgid 1
postmap: dict_ldap_debug: request done: ld 0x55aae4f53710 msgid 1
postmap: dict_ldap_debug: res_errno: 0, res_error: <>, res_matched: <>
postmap: dict_ldap_debug: ldap_free_request (origid 1, msgid 1)
postmap: dict_ldap_debug: ldap_parse_result
postmap: dict_ldap_debug: ber_scanf fmt ({iAA) ber:
postmap: dict_ldap_debug: ber_scanf fmt (}) ber:
postmap: dict_ldap_debug: ldap_msgfree
postmap: dict_ldap_debug: ldap_search_ext
postmap: dict_ldap_debug: put_filter: "(&(mail=pawel@domein.pl)(objectClass=person))"
postmap: dict_ldap_debug: put_filter: AND
postmap: dict_ldap_debug: put_filter_list "(mail=pawel@domein.pl)(objectClass=person)"
postmap: dict_ldap_debug: put_filter: "(mail=pawel@domein.pl)"
postmap: dict_ldap_debug: put_filter: simple
postmap: dict_ldap_debug: put_simple_filter: "mail=pawel@domein.pl"
postmap: dict_ldap_debug: put_filter: "(objectClass=person)"
postmap: dict_ldap_debug: put_filter: simple
postmap: dict_ldap_debug: put_simple_filter: "objectClass=person"
postmap: dict_ldap_debug: ldap_send_initial_request
postmap: dict_ldap_debug: ldap_send_server_request
postmap: dict_ldap_debug: ber_scanf fmt ({it) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({) ber:
postmap: dict_ldap_debug: ber_flush2: 144 bytes to sd 4
postmap: dict_ldap_debug: ldap_result ld 0x55aae4f53710 msgid 2
postmap: dict_ldap_debug: wait4msg ld 0x55aae4f53710 msgid 2 (timeout 10000000 usec)
postmap: dict_ldap_debug: wait4msg continue ld 0x55aae4f53710 msgid 2 all 1
postmap: dict_ldap_debug: ** ld 0x55aae4f53710 Connections:
postmap: dict_ldap_debug: * host: 192.168.xx.xx  port: 389  (default)
postmap: dict_ldap_debug:   refcnt: 2  status: Connected
postmap: dict_ldap_debug:   last used: Tue Mar 24 09:56:41 2020
postmap: dict_ldap_debug:
postmap: dict_ldap_debug: ** ld 0x55aae4f53710 Outstanding Requests:
postmap: dict_ldap_debug:  * msgid 2,  origid 2, status InProgress
postmap: dict_ldap_debug:    outstanding referrals 0, parent count 0
postmap: dict_ldap_debug:   ld 0x55aae4f53710 request count 1 (abandoned 0)
postmap: dict_ldap_debug: ** ld 0x55aae4f53710 Response Queue:
postmap: dict_ldap_debug:    Empty
postmap: dict_ldap_debug:   ld 0x55aae4f53710 response count 0
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x55aae4f53710 msgid 2 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x55aae4f53710 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0x55aae4f53710 msgid 2 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ber_get_next: tag 0x30 len 16 contents:
postmap: dict_ldap_debug: read1msg: ld 0x55aae4f53710 msgid 2 message type search-result
postmap: dict_ldap_debug: ber_scanf fmt ({eAA) ber:
postmap: dict_ldap_debug: read1msg: ld 0x55aae4f53710 0 new referrals
postmap: dict_ldap_debug: read1msg:  mark request completed, ld 0x55aae4f53710 msgid 2
postmap: dict_ldap_debug: request done: ld 0x55aae4f53710 msgid 2
postmap: dict_ldap_debug: res_errno: 0, res_error: <>, res_matched: <>
postmap: dict_ldap_debug: ldap_free_request (origid 2, msgid 2)
postmap: dict_ldap_debug: ldap_parse_result
postmap: dict_ldap_debug: ber_scanf fmt ({iAA) ber:
postmap: dict_ldap_debug: ber_scanf fmt (}) ber:
postmap: dict_ldap_debug: ldap_msgfree
postmap: dict_ldap_debug: ldap_free_connection 1 1
postmap: dict_ldap_debug: ldap_send_unbind
postmap: dict_ldap_debug: ber_flush2: 7 bytes to sd 4
postmap: dict_ldap_debug: ldap_free_connection: actually freed

Have you any ideals ?