1

Topic: Only allow specific AD users to login.

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.4.0 OPENLDAP edition.
- Deployed with iRedMail Easy or the downloadable installer? Downloadable installer
- Linux/BSD distribution name and version: CentOS 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx):Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hello,

I just finished setting up iredmail and followed these instructions to allow AD users to login: https://docs.iredmail.org/active.directory.html but I have a question, how do I make so only AD users that are members of a specific AD group can log in? at the moment it seems that every user in AD can login.

I tried messing with the query_filter in /etc/postfix/ad_virtual_group_maps.cf to see if I could make it only return users that are members of the "mailgroup" group in AD but no bueno, I (of course) tried searching for a solution but I couldn't find anything about it oddly.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Only allow specific AD users to login.

IMO, the only solution is tuning your LDAP filter to return expected result.

3

Re: Only allow specific AD users to login.

ZhangHuangbin wrote:

IMO, the only solution is tuning your LDAP filter to return expected result.

Ah fair enough then, this is the first time I've played with LDAP filters, guess I'll just have to try again. Thanks anyways smile