1

Topic: active directory - authorization only

Hello.
Maybe someone can suggest how I can create the following configuration:
Iredmail + iRedAdmin-Pro, which normally operates. However, SMTP and IMAP users authorized by the AD server. For user identification can be used userPrincipalName. Or is likely to use nss_ldap, pam_ldap for this?
Are there any recommendations or suggestions in this regard?
The AD server is Windows 2008 R2.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: active directory - authorization only

Aha, you can integrate iRedMail with Active Directory by following this wiki artitle:
http://www.iredmail.org/wiki/index.php? … y.iRedMail

You can manage accounts with AD, iRedAdmin-Pro doesn't support it.

3

Re: active directory - authorization only

OK. I will try to explain in detail.

integration between iRedAdmin-Pro and AD is not required.
is a normally operating iRedMail and iRedAdmin-Pro.

There are two user databases: iredmail ldap (or mysql) and the AD user database. Mail system use iredmail ldap (or MySQL) database (transport maps, Aliases, etc.)
But AD is only used for user authorization for IMAP and SMTP services.
AD and iredmail user database is not necessary to somehow synchronize, it will be done manually.

Can you recommend a solution to the user authorization to AD?
Perhaps there may be something to do with PAM, using it for SMTP and IMAP authorization?






ZhangHuangbin wrote:

Aha, you can integrate iRedMail with Active Directory by following this wiki artitle:
http://www.iredmail.org/wiki/index.php? … y.iRedMail

You can manage accounts with AD, iRedAdmin-Pro doesn't support it.

4

Re: active directory - authorization only

hrens wrote:

But AD is only used for user authorization for IMAP and SMTP services.
AD and iredmail user database is not necessary to somehow synchronize, it will be done manually.

AD is another kind of LDAP server, it serves client via standard LDAP protocol.

Since Postfix & Dovecot support LDAP query, so you can configure them to query AD directly.
For example, in Dovecot, you have below settings to query OpenLDAP:

    passdb ldap {
        args = /etc/dovecot-ldap.conf
    }
    userdb ldap {
        args = /etc/dovecot-ldap.conf
    }

Create one more "userdb ldap {}" and "passdb ldap {}", query AD instead:

    passdb ldap {
        args = /etc/dovecot-ad.conf
    }
    userdb ldap {
        args = /etc/dovecot-ad.conf
    }

In Postfix, just append related query in query maps, for example:

virtual_mailbox_maps =
    proxy:ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf,           # This is OpenLDAP
    proxy:ldap:/etc/postfix/ad_virtual_mailbox_maps.cf             # This is Active Directory.