1 Topic by Farva

  • Farva
  • Member
  • Offline
  • Registered: 2020-12-04
  • Posts: 1

Topic: Trouble integrating AD with different domain

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.2 OPENLDAP edition.
- Deployed with iRedMail Easy or the downloadable installer?  Installer
- Linux/BSD distribution name and version: Debian 10
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  LDAP
- Web server (Apache or Nginx):  Apache
- Manage mail accounts with iRedAdmin-Pro?  No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi All,

I've been over and over this post:  https://forum.iredmail.org/topic3165-in … main.html, and I cannot get AD integration working.  My AD domain is domain.local, and am using a domain we bought named otherdomain.com for iredmail mail domain.  AD has no knowledge of this domain other than a forward lookup zone in DNS.  I can run ldapsearch successfully, and it returns proper results, but when I try to run postmap on any of the config files, no results are returned.

AD server is Windows Server 2016.

Config file:

server_host     = ldaps://dc.domain.local
server_port     = 636
version         = 3
bind            = yes
start_tls       = no
bind_dn         = vmail@domain.local
bind_pw         = <password>
search_base     = cn=iredmail-users,dc=domain,dc=local
scope           = sub
query_filter    = (&(userPrincipalName=%u@otherdomain.com)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
result_attribute= userPrincipalName
debuglevel      = 1


Command:  postmap -q test@domain.local ldap:/etc/postfix/ad_sender_login_maps.cf

Debug output:

postmap: dict_ldap_debug: ldap_create
postmap: dict_ldap_debug: ldap_url_parse_ext(ldaps://dc.domain.local)
postmap: dict_ldap_debug: ldap_sasl_bind
postmap: dict_ldap_debug: ldap_send_initial_request
postmap: dict_ldap_debug: ldap_new_connection 1 1 0
postmap: dict_ldap_debug: ldap_int_open_connection
postmap: dict_ldap_debug: ldap_connect_to_host: TCP dc.domain.local:636
postmap: dict_ldap_debug: ldap_new_socket: 4
postmap: dict_ldap_debug: ldap_prepare_socket: 4
postmap: dict_ldap_debug: ldap_connect_to_host: Trying 10.10.11.254:636
postmap: dict_ldap_debug: ldap_pvt_connect: fd: 4 tm: 10 async: 0
postmap: dict_ldap_debug: ldap_ndelay_on: 4
postmap: dict_ldap_debug: attempting to connect:
postmap: dict_ldap_debug: connect errno: 115
postmap: dict_ldap_debug: ldap_int_poll: fd: 4 tm: 10
postmap: dict_ldap_debug: ldap_is_sock_ready: 4
postmap: dict_ldap_debug: ldap_ndelay_off: 4
postmap: dict_ldap_debug: ldap_pvt_connect: 0
postmap: dict_ldap_debug: ldap_open_defconn: successful
postmap: dict_ldap_debug: ldap_send_server_request
postmap: dict_ldap_debug: ber_scanf fmt ({it) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({i) ber:
postmap: dict_ldap_debug: ber_flush2: 56 bytes to sd 4
postmap: dict_ldap_debug: ldap_result ld 0x5563b9c06b00 msgid 1
postmap: dict_ldap_debug: wait4msg ld 0x5563b9c06b00 msgid 1 (timeout 10000000 usec)
postmap: dict_ldap_debug: wait4msg continue ld 0x5563b9c06b00 msgid 1 all 1
postmap: dict_ldap_debug: ** ld 0x5563b9c06b00 Connections:
postmap: dict_ldap_debug: * host: dc.domain.local  port: 636  (default)
postmap: dict_ldap_debug:   refcnt: 2  status: Connected
postmap: dict_ldap_debug:   last used: Thu Dec  3 11:20:41 2020
postmap: dict_ldap_debug:
postmap: dict_ldap_debug: ** ld 0x5563b9c06b00 Outstanding Requests:
postmap: dict_ldap_debug:  * msgid 1,  origid 1, status InProgress
postmap: dict_ldap_debug:    outstanding referrals 0, parent count 0
postmap: dict_ldap_debug:   ld 0x5563b9c06b00 request count 1 (abandoned 0)
postmap: dict_ldap_debug: ** ld 0x5563b9c06b00 Response Queue:
postmap: dict_ldap_debug:    Empty
postmap: dict_ldap_debug:   ld 0x5563b9c06b00 response count 0
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x5563b9c06b00 msgid 1 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x5563b9c06b00 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0x5563b9c06b00 msgid 1 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ber_get_next: tag 0x30 len 16 contents:
postmap: dict_ldap_debug: read1msg: ld 0x5563b9c06b00 msgid 1 message type bind
postmap: dict_ldap_debug: ber_scanf fmt ({eAA) ber:
postmap: dict_ldap_debug: read1msg: ld 0x5563b9c06b00 0 new referrals
postmap: dict_ldap_debug: read1msg:  mark request completed, ld 0x5563b9c06b00 msgid 1
postmap: dict_ldap_debug: request done: ld 0x5563b9c06b00 msgid 1
postmap: dict_ldap_debug: res_errno: 0, res_error: <>, res_matched: <>
postmap: dict_ldap_debug: ldap_free_request (origid 1, msgid 1)
postmap: dict_ldap_debug: ldap_parse_result
postmap: dict_ldap_debug: ber_scanf fmt ({iAA) ber:
postmap: dict_ldap_debug: ber_scanf fmt (}) ber:
postmap: dict_ldap_debug: ldap_msgfree
postmap: dict_ldap_debug: ldap_search_ext
postmap: dict_ldap_debug: put_filter: "(&(userPrincipalName=test@otherdomain.com)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
postmap: dict_ldap_debug: put_filter: AND
postmap: dict_ldap_debug: put_filter_list "(userPrincipalName=test@otherdomain.com)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))"
postmap: dict_ldap_debug: put_filter: "(userPrincipalName=test@otherdomain.com)"
postmap: dict_ldap_debug: put_filter: simple
postmap: dict_ldap_debug: put_simple_filter: "userPrincipalName=test@otherdomain.com"
postmap: dict_ldap_debug: put_filter: "(objectClass=person)"
postmap: dict_ldap_debug: put_filter: simple
postmap: dict_ldap_debug: put_simple_filter: "objectClass=person"
postmap: dict_ldap_debug: put_filter: "(!(userAccountControl:1.2.840.113556.1.4.803:=2))"
postmap: dict_ldap_debug: put_filter: NOT
postmap: dict_ldap_debug: put_filter_list "(userAccountControl:1.2.840.113556.1.4.803:=2)"
postmap: dict_ldap_debug: put_filter: "(userAccountControl:1.2.840.113556.1.4.803:=2)"
postmap: dict_ldap_debug: put_filter: simple
postmap: dict_ldap_debug: put_simple_filter: "userAccountControl:1.2.840.113556.1.4.803:=2"
postmap: dict_ldap_debug: ldap_send_initial_request
postmap: dict_ldap_debug: ldap_send_server_request
postmap: dict_ldap_debug: ber_scanf fmt ({it) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({) ber:
postmap: dict_ldap_debug: ber_flush2: 222 bytes to sd 4
postmap: dict_ldap_debug: ldap_result ld 0x5563b9c06b00 msgid 2
postmap: dict_ldap_debug: wait4msg ld 0x5563b9c06b00 msgid 2 (timeout 10000000 usec)
postmap: dict_ldap_debug: wait4msg continue ld 0x5563b9c06b00 msgid 2 all 1
postmap: dict_ldap_debug: ** ld 0x5563b9c06b00 Connections:
postmap: dict_ldap_debug: * host: dc.domain.local  port: 636  (default)
postmap: dict_ldap_debug:   refcnt: 2  status: Connected
postmap: dict_ldap_debug:   last used: Thu Dec  3 11:20:41 2020
postmap: dict_ldap_debug:
postmap: dict_ldap_debug: ** ld 0x5563b9c06b00 Outstanding Requests:
postmap: dict_ldap_debug:  * msgid 2,  origid 2, status InProgress
postmap: dict_ldap_debug:    outstanding referrals 0, parent count 0
postmap: dict_ldap_debug:   ld 0x5563b9c06b00 request count 1 (abandoned 0)
postmap: dict_ldap_debug: ** ld 0x5563b9c06b00 Response Queue:
postmap: dict_ldap_debug:    Empty
postmap: dict_ldap_debug:   ld 0x5563b9c06b00 response count 0
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x5563b9c06b00 msgid 2 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x5563b9c06b00 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0x5563b9c06b00 msgid 2 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ber_get_next: tag 0x30 len 16 contents:
postmap: dict_ldap_debug: read1msg: ld 0x5563b9c06b00 msgid 2 message type search-result
postmap: dict_ldap_debug: ber_scanf fmt ({eAA) ber:
postmap: dict_ldap_debug: read1msg: ld 0x5563b9c06b00 0 new referrals
postmap: dict_ldap_debug: read1msg:  mark request completed, ld 0x5563b9c06b00 msgid 2
postmap: dict_ldap_debug: request done: ld 0x5563b9c06b00 msgid 2
postmap: dict_ldap_debug: res_errno: 0, res_error: <>, res_matched: <>
postmap: dict_ldap_debug: ldap_free_request (origid 2, msgid 2)
postmap: dict_ldap_debug: ldap_parse_result
postmap: dict_ldap_debug: ber_scanf fmt ({iAA) ber:
postmap: dict_ldap_debug: ber_scanf fmt (}) ber:
postmap: dict_ldap_debug: ldap_msgfree
postmap: dict_ldap_debug: ldap_free_connection 1 1
postmap: dict_ldap_debug: ldap_send_unbind
postmap: dict_ldap_debug: ber_flush2: 7 bytes to sd 4
postmap: dict_ldap_debug: ldap_free_connection: actually freed



Any help would be greatly appreciated.  Coffee on me as well.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Trouble integrating AD with different domain

Farva wrote:

postmap: dict_ldap_debug: put_filter: "(&(userPrincipalName=test@otherdomain.com)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"

Do you actually have an account with these LDAP attribute/value pairs?

- HAS: userPrincipalName=test@otherdomain.com
- HAS: objectClass=person
- NOT HAVE: userAccountControl:1.2.840.113556.1.4.803:=2

If you do have such account, is it stored under "cn=iredmail-users,dc=domain,dc=local"?