1 (edited by ckykenken 2021-01-13 01:42:01)

Topic: iRedMail with active directory: different base domain

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): latest
- Deployed with iRedMail Easy or the downloadable installer? downloadable
- Linux/BSD distribution name and version: Ubuntu 20.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): NGINX
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Just finished installed iredmail and followed the guide to intergrade with Active directory. I can query a user and get the answer:

# postmap -q user@hypernite.local ldap:/etc/postfix/ad_sender_login_maps.cf
user@hypernite.local

But I want the mail domain as 's.hypernite.com' and when I query a user as:

# postmap -q user@s.hypernite.com ldap:/etc/postfix/ad_sender_login_maps.cf

It returns nothing.

My configuration of /etc/postfix/ad_sender_login_maps.cf:

server_host     = #SENSITIVE INFO MASKED
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = administrator
bind_pw         = #SENSITIVE INFO MASKED
search_base     = OU="Hyper Staff Accounts",OU=HyperGroup,DC=hypernite,DC=local
scope           = sub
query_filter    = (&(userPrincipalName=%s)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
result_attribute= userPrincipalName
debuglevel      = 0

/etc/postfix/ad_virtual_mailbox_maps.cf:

server_host     = #SENSITIVE INFO MASKED
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = administrator
bind_pw         = #SENSITIVE INFO MASKED
search_base     = OU="Hyper Staff Accounts",OU=HyperGroup,DC=hypernite,DC=local
scope           = sub
query_filter    = (&(objectclass=person)(userPrincipalName=%s))
result_attribute= userPrincipalName
result_format   = %d/%u/Maildir/
debuglevel      = 0

Last but not least /etc/postfix/ad_virtual_group_maps.cf:

server_host     = #SENSITIVE INFO MASKED
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = administrator
bind_pw         = #SENSITIVE INFO MASKED
search_base     = OU="Hyper Staff Accounts",OU=HyperGroup,DC=hypernite,DC=local
scope           = sub
query_filter    = (&(objectClass=group)(mail=%s))
special_result_attribute = member
leaf_result_attribute = mail
result_attribute= userPrincipalName
debuglevel      = 0

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: iRedMail with active directory: different base domain

Run postmap with the '-v' flag, then check performed ldap query (and search base) in console output. Do you think the query it performed will actually find any user? You need to double check to make sure some user account will be matched.