1 Topic by tenhi

  • tenhi
  • Member
  • Offline
  • Registered: 2015-10-16
  • Posts: 13

Topic: Need help with AD

=======
- iRedMail version: 0.9.2
- Linux/BSD distribution name and version: Centos 6
- Store mail accounts in LDAP:
- Web server on Nginx:
- Manage mail accounts with iRedAdmin-Pro? no, cause using Active Directory auth
====
I configure ad integration with help of this instruction http://www.iredmail.org/docs/active.directory.html
everything works correct, but i need smth spectial:

in my ad upn is user1@somedomain.com
a need to make postfix auth users via roundcube and mail-programms with just name(user1), but create ang manage mail domain maildomain1. How make it to work?

it should work like this. I have some mail domains(maildomain1.com,maildomain2.com,maildomain3.com) and i have ad with domain somedomain1. Also i have a groups as a classificator to manage access to usage domains.

groups are: maildomain1,maildomain2,maildomain3
users1 is on group maildomain1 and can send mail from domain maildomain1
users2 is on group maildomain2 and can send mail from domain maildomain2
users3 is on group maildomain3 and can send mail from domain maildomain3

i need help with configs of postfix and dovecot.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: Need help with AD

tenhi wrote:

a need to make postfix auth users via roundcube and mail-programms with just name(user1), but create ang manage mail domain maildomain1. How make it to work?

We have a document for you:
http://www.iredmail.org/docs/authentica … .name.html

tenhi wrote:

groups are: maildomain1,maildomain2,maildomain3
users1 is on group maildomain1 and can send mail from domain maildomain1
users2 is on group maildomain2 and can send mail from domain maildomain2
users3 is on group maildomain3 and can send mail from domain maildomain3

This is implemented in iRedAPD (plugin `reject_sender_login_mismatch`), but it doesn't work with AD.

3 Reply by tenhi

  • tenhi
  • Member
  • Offline
  • Registered: 2015-10-16
  • Posts: 13

Re: Need help with AD

ok. Thanks you.
I works. But now i need to customize my addressbook.
upn of user in AD is someuser@domain1.com
but i need to make roundcube change domain to domain2

someuser@domain2.com

i do this
/var/www/roundcubemail/config/config.inc.php

    // mapping of contact fields to directory attributes
    'fieldmap' => array(
        'name'          => 'cn',
        'surname'       => 'sn',
        'firstname'     => 'givenName',
        'title'         => 'title',
        'email'         => 'sAMAccountName',
        'phone:work'    => 'telephoneNumber',
        'phone:mobile'  => 'mobile',
        'street'        => 'street',
        'zipcode'       => 'postalCode',
        'locality'      => 'l',
        'department'    => 'departmentNumber',
        'notes'         => 'description',
        'name'          => 'cn',
        'surname'       => 'sn',
        'firstname'     => 'givenName',
        'title'         => 'title',
        'phone:work'    => 'telephoneNumber',
        'phone:mobile'  => 'mobile',
        'phone:workfax' => 'facsimileTelephoneNumber',
        'street'        => 'street',
        'zipcode'       => 'postalCode',
        'locality'      => 'l',
        'department'    => 'departmentNumber',
        'notes'         => 'description',
        'photo'         => 'jpegPhoto',
    ),
    'sort'          => 'cn',
    'scope'         => 'sub',

i have no attributes in AD wich may help. I just need to add custom appendix for domain "@domain2"
now i see just someuser@127.0.0.1
how can i do it?

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: Need help with AD

I'm afraid that you should use PHP array in "$config['username_domain']".

5 Reply by tenhi

  • tenhi
  • Member
  • Offline
  • Registered: 2015-10-16
  • Posts: 13

Re: Need help with AD

ok. Maybe for single domain i dont need use it?
Where is default domain localed?

i edit $config['username_domain'] = 'somedomain2';
but it`s 127.0.0.1 again

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: Need help with AD

Try this:

$rcmail_config['username_domain'] = array(
  '127.0.0.1' => 'somedomain1',
  '127.0.0.1' => 'somedomain2',
);

7 Reply by tenhi

  • tenhi
  • Member
  • Offline
  • Registered: 2015-10-16
  • Posts: 13

Re: Need help with AD

no) You don`s understand.
I need just 1 domain now.
It works just
$config['username_domain'] = 'somedomain.com';
i can send mail, recieve mail.

but doesn`t work address book(it works with  'email' => 'sAMAccountName' and problem is with autocomplete domain for address book ( user@127.0.0.1)
I have try to do this 'mail' => '{givenname}@somedomain.com'
but nothing works

8 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: Need help with AD

You can just list one domain:

$rcmail_config['username_domain'] = array(
  '127.0.0.1' => 'somedomain2',
);

9 Reply by tenhi

  • tenhi
  • Member
  • Offline
  • Registered: 2015-10-16
  • Posts: 13

Re: Need help with AD

nothings works)
it`s just help to add domain for sender. But not for contact in addressbook.

// PLUGINS
$config['plugins'] = array('managesieve', 'password');
$config['autocomplete_addressbooks'] = array("sql", "somedomain2.com");
$config['ldap_public']["global_ldap_abook"] = array(
    'name'              => 'global_ldap_abook',
    'hosts'             => array("dc1.somedomain1.int"),
    'port'              => 389,
    'use_tls'           => false,
    'ldap_version'      => '3',
    'network_timeout'   => 10,
    'user_specific'     => false,
    'base_dn'           => "OU=Users,OU=LOQ,DC=somedomain1,DC=int",
    'bind_dn'           => "vmail",
    'bind_pass'         => "veryStR0ngPasswd",
    'writable'          => false,
    'search_fields' => array('mail', 'cn', 'sAMAccountName', 'displayname', 'sn', 'givenName'),

    'fieldmap' => array(
        'name'          => 'cn',
        'surname'       => 'sn',
        'firstname'     => 'givenName',
        'title'         => 'title',
        'email'         => 'sAMAccountName',
        'phone:work'    => 'telephoneNumber',
        'phone:mobile'  => 'mobile',
        'street'        => 'street',
        'zipcode'       => 'postalCode',
        'locality'      => 'l',
        'department'    => 'departmentNumber',
        'notes'         => 'description',
        'name'          => 'cn',
        'surname'       => 'sn',
        'firstname'     => 'givenName',
        'title'         => 'title',
        'phone:work'    => 'telephoneNumber',
        'phone:mobile'  => 'mobile',
        'phone:workfax' => 'facsimileTelephoneNumber',
        'street'        => 'street',
        'zipcode'       => 'postalCode',
        'locality'      => 'l',
        'department'    => 'departmentNumber',
        'notes'         => 'description',
        'photo'         => 'jpegPhoto',
    ),

    'sort'          => 'cn',
    'scope'         => 'sub',
    'filter'        => "(&(objectClass=person)(memberOf:1.2.840.113556.1.4.1941:=cn=Mail_Users_somedomain1_int,OU=Groups,OU=LOQ,DC=somedomain1,DC=int))",
    'fuzzy_search'  => true,
    'vlv'           => false,   // Enable Virtual List View to more efficiently fetch paginated data (if server supports it)
    'sizelimit'     => '0',     // Enables you to limit the count of entries fetched. Setting this to 0 means no limit.
    'timelimit'     => '0',     // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit.
    'referrals'     => true,  // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups
);
$config['autocomplete_addressbooks'] = array('sql', 'global_ldap_abook');

with 

$rcmail_config['username_domain'] = array(
  '127.0.0.1' => 'somedomain2',
);

or

$config['username_domain'] = array(
  '127.0.0.1' => 'somedomain2',
);

or

$config['username_domain'] =  'somedomain2',

it`s just one result - change of sender`s domain name. But nothing for contacts in AddressBook.

In  /var/www/roundcubemail/config/defaults.inc.php i see intresting thing

 'autovalues' => array(
  // 'uid'  => 'md5(microtime())',               // You may specify PHP code snippets which are then eval'ed
  // 'mail' => '{givenname}.{sn}@mydomain.com',  // or composite strings with placeholders for existing attributes
  ),

but when i add this 

 'autovalues' => array(
  'mail' => '{sAMAccountName}@somedomain2',
  ),

array after fieldmap array it`s not working.
--
Roundcube recieve just a username. I need to add domain, but nothing works.

10 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: Need help with AD

I suggest you try to get help in Roundcube mailing list:
http://trac.roundcube.net/wiki/MailingLists

11 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: Need help with AD

By the way, you use 'mail' or 'email' in fieldmap?

12 Reply by tenhi

  • tenhi
  • Member
  • Offline
  • Registered: 2015-10-16
  • Posts: 13

Re: Need help with AD

I correct it and it works. I will describe it later.
(also i did 2 userdb and 2 passdb for dovecot)

But now i have a problem.

i have user
samaccountname user1
proxyAddresses mail1@jjs.com sup@ps.la
i need parse sup@ps.la
in dovecot-ldap i configure 

user_attrs      = =home=/var/vmail/vmail1/%Ld/%{ldap:proxyAddresses)}/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%{ldap:proxyAddresses}/Maildir/

but it`s not correct foldername create. I need filter multiple field. How to do it here?

user_attrs      = =home=/var/vmail/vmail1/%Ld/%{ldap:proxyAddresses)}/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%{ldap:proxyAddresses}/Maildir/

i try do this

user_attrs      = =home=/var/vmail/vmail1/%Ld/%{ldap:proxyAddresses=*@ps.la)}/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%{ldap:proxyAddresses=*@ps.la}/Maildir/

but it doesnt work

13 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: Need help with AD

No idea, i don't think Dovecot supports filter in this setting. You'd better check Dovecot document or ask support in Dovecot mailing list instead.