1 (edited by zippydan 2023-01-19 14:48:59)

Topic: Attempting AD integration: some errata and questions regarding guide

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.2 OPENLDAP edition.
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version: Ubuntu Server 22.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? no
====

I'm following the guide here to setup iRedMail with AD:

https://docs.iredmail.org/active.directory.html

Some comments on this guide:

  • For ldapsearch command, -h argument is now deprecated.  I needed to use -H ldap://ad.example.com even for non-TLS connection.

  • For ldapsearch command, -D vmail argument did not work for me.  I needed to use -D vmail@example.com to successfully query LDAP.

  • When creating files /etc/postfix/ad_sender_login_maps.cf, /etc/postfix/ad_virtual_mailbox_maps.cf, /etc/postfix/ad_virtual_group_maps.cf, and /etc/dovecot/dovecot-ldap.conf I similarly needed to use bind_dn = vmail@example.com for successful queries.

  • Guide says I should remove setting check_policy_service inet:127.0.0.1:7777 from /etc/postfix/main.cf, however this setting appears twice: once under smtp_recipient_restrictions= and again under smtp_end_of_data_restrictions=.  Should both be removed (commented out)?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Attempting AD integration: some errata and questions regarding guide

Guide says I should remove setting check_policy_service inet:127.0.0.1:7777 from /etc/postfix/main.cf, however this setting appears twice: once under smtp_recipient_restrictions= and again under smtp_end_of_data_restrictions=.  Should both be removed (commented out)?

Yes, both should be removed.