1 (edited by CrashXRU 2024-02-01 22:33:24)

Topic: Request [SASL Auth] for iRedMail Free / Pro

Tutorial

Managing users in the admin panel iRedMail
SASL Authorization via Active Directory

apt install sasl2-bin

adduser openldap sasl

systemctl enable saslauthd

saslauthd -v

nano /etc/saslauthd.conf

ldap_servers: ldap://dc.notdev.local
ldap_search_base: dc=notdev,dc=local
ldap_timeout: 10
ldap_filter: sAMAccountName=%U
ldap_bind_dn: notdev\iredmail
ldap_password: supa_password
ldap_deref: never
ldap_restart: yes
ldap_scope: sub
ldap_use_sasl: no
ldap_start_tls: no
ldap_version: 3
ldap_auth_method: bind

nano /etc/default/saslauthd
add

# Should saslauthd run automatically on startup? (default: no)
START=yes

edit

MECHANISMS="ldap"

nano /etc/ldap/sasl2/slapd.conf

pwcheck_method: saslauthd
saslauthd_path: /var/run/saslauthd/mux


service saslauthd restart
service slapd restart
service postfix restart
testsaslauthd -u test2@notdev.local -p 123123

EDIT user in OpenLDAP

userPassword    {SASL}test2@notdev.local

Now authorization for this user will work through Active Directory
and all functions of the administrative panel will also work


Now I'm trying to do the same with the SQL version, but so far there is no result

Please add the ability to specify SASL in the password field

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Request [SASL Auth] for iRedMail Free / Pro

Is it possible to either add this method to iRedAdmin?

this will allow for tight integration into external LDAP for authorization and at the same time have all the functions of the Administrative Panel


due to the inconvenience of working with OpenLDAP from the console, I would like to be able to work with accounts from the web panel

For the SQL version I have not yet been able to make transparent authorization

3

Re: Request [SASL Auth] for iRedMail Free / Pro

Did you try this?
https://docs.iredmail.org/active.directory.html

4

Re: Request [SASL Auth] for iRedMail Free / Pro

That integration does not allow you to manage from your admin panel


my de method only redirects authentication to an external server

please add this authentication method to the admin panel


this will allow integration into other LDAP servers and leave control to “iredadmin”

5

Re: Request [SASL Auth] for iRedMail Free / Pro

This method allows you to have simple control from "iredadmin" and redirect authentication for the required accounts to an external server

This is done by specifying in the password field {SASL}user@ad-domain