1

Topic: iredmail with active directory with 2008 server.

==== Provide basic information to help troubleshoot ====
- iRedMail version: 6.0
- Linux/BSD distribution name and version: Centos 5.5
- Active Directory : used windows server 2008

- Any related log? Log is helpful for troubleshooting.
====
#
# Unused iRedMail special settings.
# Set them to empty value OR comment these lines.
#
virtual_mailbox_domains =  <-------------- This
virtual_alias_maps =
sender_bcc_maps =
recipient_bcc_maps =

relay_domains =
relay_recipient_maps =

#
# Add your mail domain in "smtpd_sasl_local_domain" and "virtual_mailbox_domains".
#
smtpd_sasl_local_domain = example.com
virtual_mailbox_domains = example.com   <------------ This

would be blank or with domin. that i dont understand.

other one is

postmap -q user@example.com ldap:/etc/postfix/ad_virtual_mailbox_maps.cf

this test works

postmap -q user@example.com ldap:/etc/postfix/ad_sender_login_maps.cf

this test also works fine, but

postmap -q testgroup@example.com ldap:/etc/postfix/ad_virtual_group_maps.cf
member01@example.com

this test shows blank instead of member s email id.

ive try to set "debuglevel = 1" in file "ad_sender_login_maps.cf",

even not worked properly,

please any one can guide me, to solve this problem

waiting for reply soon

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: iredmail with active directory with 2008 server.

chash27 wrote:

virtual_mailbox_domains =  <-------------- This
virtual_mailbox_domains = example.com   <------------ This

would be blank or with domin. that i dont understand.

My mistake, removed first one in wiki tutorial moment ago.

chash27 wrote:

postmap -q testgroup@example.com ldap:/etc/postfix/ad_virtual_group_maps.cf
member01@example.com

this test shows blank instead of member s email id.

Two questions:
- Do you have a mail group in AD? e.g. testgroup@example.com. If it doesn't exist, this command returns empty.
- Does this group has any members?  If it doesn't exist, this command returns empty.

Attached above two points in wiki tutorial moment ago.

chash27 wrote:

ive try to set "debuglevel = 1" in file "ad_sender_login_maps.cf", even not worked properly,

"debuglevel = 1" is used to force Postfix to print detail LDAP connection related details.
Also, if you're testing against /etc/postfix/ad_virtual_group_maps.cf, you should set 'debuglevel = 1' in /etc/postfix/ad_virtual_group_maps.cf, not /etc/postfix/ad_sender_login_maps.cf.

Thanks very much for your feedback. smile

3 (edited by chash27 2011-08-30 12:28:19)

Re: iredmail with active directory with 2008 server.

ZhangHuangbin wrote:
chash27 wrote:

virtual_mailbox_domains =  <-------------- This
virtual_mailbox_domains = example.com   <------------ This

would be blank or with domin. that i dont understand.

My mistake, removed first one in wiki tutorial moment ago.

chash27 wrote:

postmap -q testgroup@example.com ldap:/etc/postfix/ad_virtual_group_maps.cf
member01@example.com

this test shows blank instead of member s email id.

Two questions:
- Do you have a mail group in AD? e.g. testgroup@example.com. If it doesn't exist, this command returns empty.
For simplycity, ive created OU and Group with named 'testgroup'
- Does this group has any members?  If it doesn't exist, this command returns empty.
and add two member with test1 and test2 in that.

Attached above two points in wiki tutorial moment ago.

chash27 wrote:

ive try to set "debuglevel = 1" in file "ad_sender_login_maps.cf", even not worked properly,

"debuglevel = 1" is used to force Postfix to print detail LDAP connection related details.
Also, if you're testing against /etc/postfix/ad_virtual_group_maps.cf, you should set 'debuglevel = 1' in /etc/postfix/ad_virtual_group_maps.cf, not /etc/postfix/ad_sender_login_maps.cf.

Thanks very much for your feedback. smile

==== Provide basic information to help troubleshoot ====
- iRedMail version:
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====

Two questions:
- Do you have a mail group in AD? e.g. testgroup@example.com. If it doesn't exist, this command returns empty.
For simplycity, ive created OU and Group with named 'testgroup'
- Does this group has any members?  If it doesn't exist, this command returns empty.
and add two member with test1 and test2 in that.

even the reply is blank. also ive read latest updates too.

thank u very much for your kind reply and the best product too. i became a fan of you and your product.

im also interested to develop or want to learn how to modify debian,ubuntu and centos cusomization acording to our requirement. can you please guide me ?

4

Re: iredmail with active directory with 2008 server.

Could you please set 'debuglevel = 1' in /etc/postfix/ad_virtual_group_maps.cf, then print all output of below command:

# postmap -q testgroup@example.com ldap:/etc/postfix/ad_virtual_group_maps.cf

Replace 'testgroup@example.com' with the real group name you created.
Also, please paste whole content of /etc/postfix/ad_virtual_group_maps.cf, remove password before pasting.

5 (edited by chash27 2011-08-31 12:33:24)

Re: iredmail with active directory with 2008 server.

ZhangHuangbin wrote:

Could you please set 'debuglevel = 1' in /etc/postfix/ad_virtual_group_maps.cf, then print all output of below command:

# postmap -q testgroup@example.com ldap:/etc/postfix/ad_virtual_group_maps.cf

output of the above command is

[root@mail postfix]# postmap -q mydj@divyajyot.com ldap:/etc/postfix/ad_virtual_group_maps.cf
postmap: dict_ldap_debug: ldap_create
postmap: dict_ldap_debug: ldap_url_parse_ext(ldap://192.168.56.102:389)
postmap: dict_ldap_debug: ldap_sasl_bind
postmap: dict_ldap_debug: ldap_send_initial_request
postmap: dict_ldap_debug: ldap_new_connection 1 1 0
postmap: dict_ldap_debug: ldap_int_open_connection
postmap: dict_ldap_debug: ldap_connect_to_host: TCP 192.168.56.102:389
postmap: dict_ldap_debug: ldap_new_socket: 4
postmap: dict_ldap_debug: ldap_prepare_socket: 4
postmap: dict_ldap_debug: ldap_connect_to_host: Trying 192.168.56.102:389
postmap: dict_ldap_debug: ldap_connect_timeout: fd: 4 tm: 10 async: 0
postmap: dict_ldap_debug: ldap_ndelay_on: 4
postmap: dict_ldap_debug: ldap_is_sock_ready: 4
postmap: dict_ldap_debug: ldap_ndelay_off: 4
postmap: dict_ldap_debug: ldap_open_defconn: successful
postmap: dict_ldap_debug: ldap_send_server_request
postmap: dict_ldap_debug: ber_scanf fmt ({it) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({i) ber:
postmap: dict_ldap_debug: ber_flush: 28 bytes to sd 4
postmap: dict_ldap_debug: ldap_result ld 0x94ed270 msgid 1
postmap: dict_ldap_debug: wait4msg ld 0x94ed270 msgid 1 (timeout 10000000 usec)
postmap: dict_ldap_debug: wait4msg continue ld 0x94ed270 msgid 1 all 1
** ld 0x94ed270 Connections:
* host: 192.168.56.102  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Tue Aug 30 11:07:51 2011

** ld 0x94ed270 Outstanding Requests:
* msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x94ed270 Response Queue:
   Empty
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x94ed270 msgid 1 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x94ed270 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0x94ed270 msgid 1 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ber_get_next: tag 0x30 len 16 contents:
postmap: dict_ldap_debug: read1msg: ld 0x94ed270 msgid 1 message type bind
postmap: dict_ldap_debug: ber_scanf fmt ({eaa) ber:
postmap: dict_ldap_debug: read1msg: ld 0x94ed270 0 new referrals
postmap: dict_ldap_debug: read1msg:  mark request completed, ld 0x94ed270 msgid 1
postmap: dict_ldap_debug: request done: ld 0x94ed270 msgid 1
postmap: dict_ldap_debug: res_errno: 0, res_error: <>, res_matched: <>
postmap: dict_ldap_debug: ldap_free_request (origid 1, msgid 1)
postmap: dict_ldap_debug: ldap_parse_sasl_bind_result
postmap: dict_ldap_debug: ber_scanf fmt ({eaa) ber:
postmap: dict_ldap_debug: ldap_msgfree
postmap: dict_ldap_debug: ldap_search_ext
postmap: dict_ldap_debug: put_filter: "(&(objectClass=group)(mail=mydj@divyajyot.com))"
postmap: dict_ldap_debug: put_filter: AND
postmap: dict_ldap_debug: put_filter_list "(objectClass=group)(mail=mydj@divyajyot.com)"
postmap: dict_ldap_debug: put_filter: "(objectClass=group)"
postmap: dict_ldap_debug: put_filter: simple
postmap: dict_ldap_debug: put_simple_filter: "objectClass=group"
postmap: dict_ldap_debug: put_filter: "(mail=mydj@divyajyot.com)"
postmap: dict_ldap_debug: put_filter: simple
postmap: dict_ldap_debug: put_simple_filter: "mail=mydj@divyajyot.com"
postmap: dict_ldap_debug: ldap_send_initial_request
postmap: dict_ldap_debug: ldap_send_server_request
postmap: dict_ldap_debug: ber_scanf fmt ({it) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({) ber:
postmap: dict_ldap_debug: ber_flush: 141 bytes to sd 4
postmap: dict_ldap_debug: ldap_result ld 0x94ed270 msgid 2
postmap: dict_ldap_debug: wait4msg ld 0x94ed270 msgid 2 (timeout 10000000 usec)
postmap: dict_ldap_debug: wait4msg continue ld 0x94ed270 msgid 2 all 1
** ld 0x94ed270 Connections:
* host: 192.168.56.102  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Tue Aug 30 11:07:51 2011

** ld 0x94ed270 Outstanding Requests:
* msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x94ed270 Response Queue:
   Empty
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x94ed270 msgid 2 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x94ed270 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0x94ed270 msgid 2 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ber_get_next: tag 0x30 len 16 contents:
postmap: dict_ldap_debug: read1msg: ld 0x94ed270 msgid 2 message type search-result
postmap: dict_ldap_debug: ber_scanf fmt ({eaa) ber:
postmap: dict_ldap_debug: read1msg: ld 0x94ed270 0 new referrals
postmap: dict_ldap_debug: read1msg:  mark request completed, ld 0x94ed270 msgid 2
postmap: dict_ldap_debug: request done: ld 0x94ed270 msgid 2
postmap: dict_ldap_debug: res_errno: 0, res_error: <>, res_matched: <>
postmap: dict_ldap_debug: ldap_free_request (origid 2, msgid 2)
postmap: dict_ldap_debug: ldap_parse_result
postmap: dict_ldap_debug: ber_scanf fmt ({iaa) ber:
postmap: dict_ldap_debug: ber_scanf fmt (}) ber:
postmap: dict_ldap_debug: ldap_msgfree
postmap: dict_ldap_debug: ldap_free_connection 1 1
postmap: dict_ldap_debug: ldap_send_unbind
postmap: dict_ldap_debug: ber_flush: 7 bytes to sd 4
postmap: dict_ldap_debug: ldap_free_connection: actually freed
[root@mail postfix]#


Replace 'testgroup@example.com' with the real group name you created.
Also, please paste whole content of /etc/postfix/ad_virtual_group_maps.cf, remove password before pasting.

server_host     = 192.168.56.102
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = vmail
bind_pw         =
search_base     = cn=users,dc=divyajyot,dc=com
scope           = sub
query_filter    = (&(objectClass=group)(mail=%s))
special_result_attribute = member
leaf_result_attribute = mail
result_attribute= userPrincipalName
debuglevel      = 1

==== Provide basic information to help troubleshoot ====
- iRedMail version:
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====

6

Re: iredmail with active directory with 2008 server.

chash27 wrote:

search_base     = cn=users,dc=divyajyot,dc=com

Are group accounts placed under this container (cn=users,dc=divyajyot,dc=com)?

7 (edited by chash27 2011-08-31 18:43:13)

Re: iredmail with active directory with 2008 server.

ZhangHuangbin wrote:
chash27 wrote:

search_base     = cn=users,dc=divyajyot,dc=com

Are group accounts placed under this container (cn=users,dc=divyajyot,dc=com)?

nope, my group name is "mydj" and domain name is divyajyot.com. and if im not wrong all the domain users are by default member of users group.[i may be wrong too.]

so my group or users should also be the member of users group too. right let me check that and get back soon.

yes, now checked my users mydj1 and mydj2 are the member of "mydj" group as well as "users" group.


ive checked all the posibilites you told but the result is same. balnk. now i can say that there will be a step missing.

==== Provide basic information to help troubleshoot ====
- iRedMail version:
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====