Topic: Active directory Integration - multi domain
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.2 OPENLDAP edition
- Deployed with the downloadable installer?
- Linux/BSD distribution name and version: Centos 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
I'm currently evaluating this product to migrate our existing mail server but I have issues with Active Directory integration using multiple domains.
It works fine with users that is the same with Windows AD default domain. However, if users is from other domain authentication failed.
I followed this guide but its only works for single domain integration:
https://docs.iredmail.org/active.direct … in-dovecot
Windows Active Directory Domain:
Default domain: corp.mydomain.com
user@mydomain.com
UPN suffixes:
mydomain1.com - use@mydomain1.com
mydomain2.com - user@mydomain2.com
mydomain3.com - user@mydomain3.com
Configuration:
===========================================
/etc/postfix/ad_sender_login_maps.cf
===========================================
server_host = dc.corp.mydomain.com
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = vmail
bind_pw = password_of_vmail
search_base = cn=users,dc=corp,dc=mydomain,dc=com
scope = sub
query_filter = (&(userPrincipalName=%s)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
result_attribute= userPrincipalName
debuglevel = 0
===========================================
/etc/postfix/ad_virtual_mailbox_maps.cf
===========================================
server_host = dc.corp.mydomain.com
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = vmail
bind_pw = passwd_of_vmail
search_base = cn=users,dc=corp,dc=mydomain,dc=com
scope = sub
query_filter = (&(objectclass=person)(userPrincipalName=%s))
result_attribute= userPrincipalName
result_format = %d/%u/Maildir/
debuglevel = 0
=============================================
/etc/postfix/ad_virtual_group_maps.cf
=============================================
server_host = dc.corp.mydomain.com
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = vmail
bind_pw = password_of_vmail
search_base = cn=users,dc=corp,dc=mydomain,dc=com
scope = sub
#query_filter = (&(objectClass=group)(mail=%s))
query_filter = (&(objectClass=group)(sAMAccountName=%u))
special_result_attribute = member
#leaf_result_attribute = mail
result_attribute= userPrincipalName
debuglevel = 0
=========================================
/etc/dovecot/dovecot-ldap.conf
=========================================
hosts = dc.corp.mydomain.com:389
ldap_version = 3
auth_bind = yes
dn = vmail
dnpass = passwd_of_vmail
base = cn=users,dc=corp,dc=mydomain,dc=com
scope = subtree
deref = never
# Below two are required by command 'doveadm mailbox ...'
iterate_attrs = userPrincipalName=user
iterate_filter = (&(userPrincipalName=*)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
user_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs = userPassword=password
default_pass_scheme = CRYPT
user_attrs = =home=/var/vmail/vmail1/%Ld/%Ln/,=mail=maildir:~/Maildir/
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.