1

Topic: Unable query ad_virtual_group_maps

==== Provide required information to help troubleshoot and get quick answer ====
- Linux/BSD distribution name and version:
- iRedMail version and backend (LDAP/MySQL):
- Any related log? Log is helpful for troubleshooting.
====
hello Mr. Developer
I've got an error when integrating my iredmail with microsoft active directory.. i've follow your wiki about this integration. i've successfully query with user on AD, but, but not able to query group.It is simply blank result. Here's something about my configruation and the debug information (Of course, It have mail grouptestgroup@konetiger.com and have some members already) :
----------------
/etc/postfix/ad_virtual_group_maps.cf
----------------
server_host     = srv1.konetiger.com
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = vmail
bind_pw         = pass_vmail
search_base     = cn=users,dc=konetiger,dc=com
scope           = sub
query_filter    = (&(objectclass=person)(userPrincipalName=%s))
result_attribute= userPrincipalName
result_format   = %d/%u/Maildir/
debuglevel      = 1
----------------
postmap -q testgroup@konetiger.com ldap:/etc/postfix/ad_virtual_group_maps.cf
----------------
postmap: dict_ldap_debug: ldap_create
postmap: dict_ldap_debug: ldap_url_parse_ext(ldap://srv1.konetiger.com:389)
postmap: dict_ldap_debug: ldap_sasl_bind
postmap: dict_ldap_debug: ldap_send_initial_request
postmap: dict_ldap_debug: ldap_new_connection 1 1 0
postmap: dict_ldap_debug: ldap_int_open_connection
postmap: dict_ldap_debug: ldap_connect_to_host: TCP srv1.konetiger.com:389
postmap: dict_ldap_debug: ldap_new_socket: 4
postmap: dict_ldap_debug: ldap_prepare_socket: 4
postmap: dict_ldap_debug: ldap_connect_to_host: Trying 10.219.9.62:389
postmap: dict_ldap_debug: ldap_pvt_connect: fd: 4 tm: 10 async: 0
postmap: dict_ldap_debug: ldap_ndelay_on: 4
postmap: dict_ldap_debug: ldap_int_poll: fd: 4 tm: 10
postmap: dict_ldap_debug: ldap_is_sock_ready: 4
postmap: dict_ldap_debug: ldap_ndelay_off: 4
postmap: dict_ldap_debug: ldap_pvt_connect: 0
postmap: dict_ldap_debug: ldap_open_defconn: successful
postmap: dict_ldap_debug: ldap_send_server_request
postmap: dict_ldap_debug: ber_scanf fmt ({it) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({i) ber:
postmap: dict_ldap_debug: ber_flush2: 27 bytes to sd 4
postmap: dict_ldap_debug: ldap_result ld 0xb8887c68 msgid 1
postmap: dict_ldap_debug: wait4msg ld 0xb8887c68 msgid 1 (timeout 10000000 usec)
postmap: dict_ldap_debug: wait4msg continue ld 0xb8887c68 msgid 1 all 1
postmap: dict_ldap_debug: ** ld 0xb8887c68 Connections:
postmap: dict_ldap_debug: * host: srv1.konetiger.com  port: 389  (default)
postmap: dict_ldap_debug:   refcnt: 2  status: Connected
postmap: dict_ldap_debug:   last used: Thu Mar 22 16:19:33 2012
postmap: dict_ldap_debug:
postmap: dict_ldap_debug: ** ld 0xb8887c68 Outstanding Requests:
postmap: dict_ldap_debug:  * msgid 1,  origid 1, status InProgress
postmap: dict_ldap_debug:    outstanding referrals 0, parent count 0
postmap: dict_ldap_debug:   ld 0xb8887c68 request count 1 (abandoned 0)
postmap: dict_ldap_debug: ** ld 0xb8887c68 Response Queue:
postmap: dict_ldap_debug:    Empty
postmap: dict_ldap_debug:   ld 0xb8887c68 response count 0
postmap: dict_ldap_debug: ldap_chkResponseList ld 0xb8887c68 msgid 1 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0xb8887c68 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0xb8887c68 msgid 1 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ber_get_next: tag 0x30 len 16 contents:
postmap: dict_ldap_debug: read1msg: ld 0xb8887c68 msgid 1 message type bind
postmap: dict_ldap_debug: ber_scanf fmt ({eAA) ber:
postmap: dict_ldap_debug: read1msg: ld 0xb8887c68 0 new referrals
postmap: dict_ldap_debug: read1msg:  mark request completed, ld 0xb8887c68 msgid 1
postmap: dict_ldap_debug: request done: ld 0xb8887c68 msgid 1
postmap: dict_ldap_debug: res_errno: 0, res_error: <>, res_matched: <>
postmap: dict_ldap_debug: ldap_free_request (origid 1, msgid 1)
postmap: dict_ldap_debug: ldap_parse_sasl_bind_result
postmap: dict_ldap_debug: ber_scanf fmt ({eAA) ber:
postmap: dict_ldap_debug: ldap_msgfree
postmap: dict_ldap_debug: ldap_search_ext
postmap: dict_ldap_debug: put_filter: "(&(objectClass=group)(mail=testgroup@konetiger.com))"
postmap: dict_ldap_debug: put_filter: AND
postmap: dict_ldap_debug: put_filter_list "(objectClass=group)(mail=testgroup@konetiger.com)"
postmap: dict_ldap_debug: put_filter: "(objectClass=group)"
postmap: dict_ldap_debug: put_filter: simple
postmap: dict_ldap_debug: put_simple_filter: "objectClass=group"
postmap: dict_ldap_debug: put_filter: "(mail=testgroup@konetiger.com)"
postmap: dict_ldap_debug: put_filter: simple
postmap: dict_ldap_debug: put_simple_filter: "mail=testgroup@konetiger.com"
postmap: dict_ldap_debug: ldap_send_initial_request
postmap: dict_ldap_debug: ldap_send_server_request
postmap: dict_ldap_debug: ber_scanf fmt ({it) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({) ber:
postmap: dict_ldap_debug: ber_flush2: 146 bytes to sd 4
postmap: dict_ldap_debug: ldap_result ld 0xb8887c68 msgid 2
postmap: dict_ldap_debug: wait4msg ld 0xb8887c68 msgid 2 (timeout 10000000 usec)
postmap: dict_ldap_debug: wait4msg continue ld 0xb8887c68 msgid 2 all 1
postmap: dict_ldap_debug: ** ld 0xb8887c68 Connections:
postmap: dict_ldap_debug: * host: srv1.konetiger.com  port: 389  (default)
postmap: dict_ldap_debug:   refcnt: 2  status: Connected
postmap: dict_ldap_debug:   last used: Thu Mar 22 16:19:33 2012
postmap: dict_ldap_debug:
postmap: dict_ldap_debug: ** ld 0xb8887c68 Outstanding Requests:
postmap: dict_ldap_debug:  * msgid 2,  origid 2, status InProgress
postmap: dict_ldap_debug:    outstanding referrals 0, parent count 0
postmap: dict_ldap_debug:   ld 0xb8887c68 request count 1 (abandoned 0)
postmap: dict_ldap_debug: ** ld 0xb8887c68 Response Queue:
postmap: dict_ldap_debug:    Empty
postmap: dict_ldap_debug:   ld 0xb8887c68 response count 0
postmap: dict_ldap_debug: ldap_chkResponseList ld 0xb8887c68 msgid 2 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0xb8887c68 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0xb8887c68 msgid 2 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ber_get_next: tag 0x30 len 16 contents:
postmap: dict_ldap_debug: read1msg: ld 0xb8887c68 msgid 2 message type search-result
postmap: dict_ldap_debug: ber_scanf fmt ({eAA) ber:
postmap: dict_ldap_debug: read1msg: ld 0xb8887c68 0 new referrals
postmap: dict_ldap_debug: read1msg:  mark request completed, ld 0xb8887c68 msgid 2
postmap: dict_ldap_debug: request done: ld 0xb8887c68 msgid 2
postmap: dict_ldap_debug: res_errno: 0, res_error: <>, res_matched: <>
postmap: dict_ldap_debug: ldap_free_request (origid 2, msgid 2)
postmap: dict_ldap_debug: ldap_parse_result
postmap: dict_ldap_debug: ber_scanf fmt ({iAA) ber:
postmap: dict_ldap_debug: ber_scanf fmt (}) ber:
postmap: dict_ldap_debug: ldap_msgfree
postmap: dict_ldap_debug: ldap_free_connection 1 1
postmap: dict_ldap_debug: ldap_send_unbind
postmap: dict_ldap_debug: ber_flush2: 7 bytes to sd 4
postmap: dict_ldap_debug: ldap_free_connection: actually freed
----------------
ldapsearch -x -h srv1.konetiger.com -D 'vmail' -W -b 'cn=users,dc=konetiger,dc=com'
----------------
# extended LDIF
#
# LDAPv3
# base <cn=users,dc=konetiger,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# Users, KONETIGER.COM
dn: CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: container
cn: Users
description: Default container for upgraded user accounts
distinguishedName: CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313215858.0Z
whenChanged: 20120313215858.0Z
uSNCreated: 4304
uSNChanged: 4304
showInAdvancedViewOnly: FALSE
name: Users
objectGUID:: HQCr9CM4zUma3yHIYSI/FA==
systemFlags: -1946157056
objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM
isCriticalSystemObject: TRUE

# Administrator, Users, KONETIGER.COM
dn: CN=Administrator,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Administrator
description: Built-in account for administering the computer/domain
distinguishedName: CN=Administrator,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313215859.0Z
whenChanged: 20120313222141.0Z
uSNCreated: 8194
memberOf: CN=Group Policy Creator Owners,CN=Users,DC=KONETIGER,DC=COM
memberOf: CN=Domain Admins,CN=Users,DC=KONETIGER,DC=COM
memberOf: CN=Enterprise Admins,CN=Users,DC=KONETIGER,DC=COM
memberOf: CN=Schema Admins,CN=Users,DC=KONETIGER,DC=COM
memberOf: CN=Administrators,CN=Builtin,DC=KONETIGER,DC=COM
uSNChanged: 13944
name: Administrator
objectGUID:: q+5SkV4od0yPpWcz38EQPg==
userAccountControl: 66048
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 129768279409316620
lastLogoff: 0
lastLogon: 129768798149516921
logonHours:: ////////////////////////////
pwdLastSet: 129761494466093750
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUU9AEAAA==
adminCount: 1
accountExpires: 0
logonCount: 27
sAMAccountName: Administrator
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM
isCriticalSystemObject: TRUE

# Guest, Users, KONETIGER.COM
dn: CN=Guest,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Guest
description: Built-in account for guest access to the computer/domain
distinguishedName: CN=Guest,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313215859.0Z
whenChanged: 20120313215859.0Z
uSNCreated: 8195
memberOf: CN=Guests,CN=Builtin,DC=KONETIGER,DC=COM
uSNChanged: 8195
name: Guest
objectGUID:: rGwxHbqAUUusheLT39ybqw==
userAccountControl: 66082
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
pwdLastSet: 0
primaryGroupID: 514
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUU9QEAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: Guest
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM
isCriticalSystemObject: TRUE

# SUPPORT_388945a0, Users, KONETIGER.COM
dn: CN=SUPPORT_388945a0,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: SUPPORT_388945a0
description: This is a vendor's account for the Help and Support Service
distinguishedName: CN=SUPPORT_388945a0,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313215859.0Z
whenChanged: 20120313215859.0Z
displayName: CN=Microsoft Corporation,L=Redmond,S=Washington,C=US
uSNCreated: 8196
memberOf: CN=HelpServicesGroup,CN=Users,DC=KONETIGER,DC=COM
uSNChanged: 8196
name: SUPPORT_388945a0
objectGUID:: 8av6bY9sPEuN6Fpoo65x5g==
userAccountControl: 66050
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
pwdLastSet: 129740226610462500
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUU6QMAAA==
accountExpires: 0
logonCount: 0
sAMAccountName: SUPPORT_388945a0
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM

# HelpServicesGroup, Users, KONETIGER.COM
dn: CN=HelpServicesGroup,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: group
cn: HelpServicesGroup
description: Group for the Help and Support Center
member: CN=SUPPORT_388945a0,CN=Users,DC=KONETIGER,DC=COM
distinguishedName: CN=HelpServicesGroup,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313215859.0Z
whenChanged: 20120313215859.0Z
uSNCreated: 8197
uSNChanged: 8198
name: HelpServicesGroup
objectGUID:: 53rd2geamEKk+wtPw2jrjw==
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUU6AMAAA==
sAMAccountName: HelpServicesGroup
sAMAccountType: 536870912
groupType: -2147483644
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM

# TelnetClients, Users, KONETIGER.COM
dn: CN=TelnetClients,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: group
cn: TelnetClients
description: Members of this group have access to Telnet Server on this system
.
distinguishedName: CN=TelnetClients,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313215859.0Z
whenChanged: 20120313215859.0Z
uSNCreated: 8199
uSNChanged: 8199
name: TelnetClients
objectGUID:: XyBNHO/MBEG4wrplC2IcSg==
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUU6gMAAA==
sAMAccountName: TelnetClients
sAMAccountType: 536870912
groupType: -2147483644
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM

# krbtgt, Users, KONETIGER.COM
dn: CN=krbtgt,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: krbtgt
description: Key Distribution Center Service Account
distinguishedName: CN=krbtgt,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313220629.0Z
whenChanged: 20120313222141.0Z
uSNCreated: 12320
uSNChanged: 13953
showInAdvancedViewOnly: TRUE
name: krbtgt
objectGUID:: 7m9s+t81kE2FzRy3t+MAHA==
userAccountControl: 514
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
pwdLastSet: 129761499893750000
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUU9gEAAA==
adminCount: 1
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: krbtgt
sAMAccountType: 805306368
servicePrincipalName: kadmin/changepw
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM
isCriticalSystemObject: TRUE

# Domain Computers, Users, KONETIGER.COM
dn: CN=Domain Computers,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: group
cn: Domain Computers
description: All workstations and servers joined to the domain
distinguishedName: CN=Domain Computers,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313220629.0Z
whenChanged: 20120313220629.0Z
uSNCreated: 12326
uSNChanged: 12328
name: Domain Computers
objectGUID:: /HksxHZVokeN+qV4439Kog==
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUUAwIAAA==
sAMAccountName: Domain Computers
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM
isCriticalSystemObject: TRUE

# Domain Controllers, Users, KONETIGER.COM
dn: CN=Domain Controllers,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: group
cn: Domain Controllers
description: All domain controllers in the domain
distinguishedName: CN=Domain Controllers,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313220629.0Z
whenChanged: 20120313222141.0Z
uSNCreated: 12329
uSNChanged: 13954
name: Domain Controllers
objectGUID:: nCm8DlbOJUeNgEX+l/0eRA==
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUUBAIAAA==
adminCount: 1
sAMAccountName: Domain Controllers
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM
isCriticalSystemObject: TRUE

# Schema Admins, Users, KONETIGER.COM
dn: CN=Schema Admins,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: group
cn: Schema Admins
description: Designated administrators of the schema
member: CN=Administrator,CN=Users,DC=KONETIGER,DC=COM
distinguishedName: CN=Schema Admins,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313220629.0Z
whenChanged: 20120313222141.0Z
uSNCreated: 12332
uSNChanged: 13942
name: Schema Admins
objectGUID:: WLQ9DVO7zUueuza6q7PeFQ==
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUUBgIAAA==
adminCount: 1
sAMAccountName: Schema Admins
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM
isCriticalSystemObject: TRUE

# Enterprise Admins, Users, KONETIGER.COM
dn: CN=Enterprise Admins,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: group
cn: Enterprise Admins
description: Designated administrators of the enterprise
member: CN=Administrator,CN=Users,DC=KONETIGER,DC=COM
distinguishedName: CN=Enterprise Admins,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313220629.0Z
whenChanged: 20120313222141.0Z
uSNCreated: 12335
memberOf: CN=Administrators,CN=Builtin,DC=KONETIGER,DC=COM
uSNChanged: 13940
name: Enterprise Admins
objectGUID:: HhcD34pXn0WICPr6qW7bLQ==
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUUBwIAAA==
adminCount: 1
sAMAccountName: Enterprise Admins
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM
isCriticalSystemObject: TRUE

# Cert Publishers, Users, KONETIGER.COM
dn: CN=Cert Publishers,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: group
cn: Cert Publishers
description: Members of this group are permitted to publish certificates to th
e Active Directory
distinguishedName: CN=Cert Publishers,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313220629.0Z
whenChanged: 20120313220629.0Z
uSNCreated: 12338
uSNChanged: 12340
name: Cert Publishers
objectGUID:: Mj0XqheRjEmhuz6+TBV7vw==
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUUBQIAAA==
sAMAccountName: Cert Publishers
sAMAccountType: 536870912
groupType: -2147483644
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM
isCriticalSystemObject: TRUE

# Domain Admins, Users, KONETIGER.COM
dn: CN=Domain Admins,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: group
cn: Domain Admins
description: Designated administrators of the domain
member: CN=Administrator,CN=Users,DC=KONETIGER,DC=COM
distinguishedName: CN=Domain Admins,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313220629.0Z
whenChanged: 20120313222141.0Z
uSNCreated: 12341
memberOf: CN=Administrators,CN=Builtin,DC=KONETIGER,DC=COM
uSNChanged: 13941
name: Domain Admins
objectGUID:: ReYVPEzi6Eet2zMAgKAaRg==
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUUAAIAAA==
adminCount: 1
sAMAccountName: Domain Admins
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM
isCriticalSystemObject: TRUE

# Domain Users, Users, KONETIGER.COM
dn: CN=Domain Users,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: group
cn: Domain Users
description: All domain users
distinguishedName: CN=Domain Users,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313220629.0Z
whenChanged: 20120313220629.0Z
uSNCreated: 12344
memberOf: CN=Users,CN=Builtin,DC=KONETIGER,DC=COM
uSNChanged: 12346
name: Domain Users
objectGUID:: mWlLAieNKUGgpYRQUvi0ZA==
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUUAQIAAA==
sAMAccountName: Domain Users
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM
isCriticalSystemObject: TRUE

# Domain Guests, Users, KONETIGER.COM
dn: CN=Domain Guests,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: group
cn: Domain Guests
description: All domain guests
distinguishedName: CN=Domain Guests,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313220629.0Z
whenChanged: 20120313220629.0Z
uSNCreated: 12347
memberOf: CN=Guests,CN=Builtin,DC=KONETIGER,DC=COM
uSNChanged: 12349
name: Domain Guests
objectGUID:: qaUVIYeiXE+3x8+zXn+QjQ==
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUUAgIAAA==
sAMAccountName: Domain Guests
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM
isCriticalSystemObject: TRUE

# Group Policy Creator Owners, Users, KONETIGER.COM
dn: CN=Group Policy Creator Owners,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: group
cn: Group Policy Creator Owners
description: Members in this group can modify group policy for the domain
member: CN=Administrator,CN=Users,DC=KONETIGER,DC=COM
distinguishedName: CN=Group Policy Creator Owners,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313220629.0Z
whenChanged: 20120313220629.0Z
uSNCreated: 12350
uSNChanged: 12380
name: Group Policy Creator Owners
objectGUID:: NSN84Dm2TkC5Konmobj+/g==
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUUCAIAAA==
sAMAccountName: Group Policy Creator Owners
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM
isCriticalSystemObject: TRUE

# RAS and IAS Servers, Users, KONETIGER.COM
dn: CN=RAS and IAS Servers,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: group
cn: RAS and IAS Servers
description: Servers in this group can access remote access properties of user
s
distinguishedName: CN=RAS and IAS Servers,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313220629.0Z
whenChanged: 20120313220629.0Z
uSNCreated: 12353
uSNChanged: 12355
name: RAS and IAS Servers
objectGUID:: 2bJlK/dXIE6eOmDYl1dc4Q==
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUUKQIAAA==
sAMAccountName: RAS and IAS Servers
sAMAccountType: 536870912
groupType: -2147483644
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM
isCriticalSystemObject: TRUE

# DnsAdmins, Users, KONETIGER.COM
dn: CN=DnsAdmins,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: group
cn: DnsAdmins
description: DNS Administrators Group
distinguishedName: CN=DnsAdmins,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313220710.0Z
whenChanged: 20120313220710.0Z
uSNCreated: 12399
uSNChanged: 12401
name: DnsAdmins
objectGUID:: CoEwNDfU4Uu+1NBEY9UUuw==
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUUUAQAAA==
sAMAccountName: DnsAdmins
sAMAccountType: 536870912
groupType: -2147483644
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM

# DnsUpdateProxy, Users, KONETIGER.COM
dn: CN=DnsUpdateProxy,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: group
cn: DnsUpdateProxy
description: DNS clients who are permitted to perform dynamic updates on behal
f of some other clients (such as DHCP servers).
distinguishedName: CN=DnsUpdateProxy,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313220711.0Z
whenChanged: 20120313220711.0Z
uSNCreated: 12404
uSNChanged: 12404
name: DnsUpdateProxy
objectGUID:: bxwdEuF460C3IeWWCA+Rsw==
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUUUQQAAA==
sAMAccountName: DnsUpdateProxy
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM

# ldap, Users, KONETIGER.COM
dn: CN=ldap,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: ldap
givenName: ldap
distinguishedName: CN=ldap,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313221544.0Z
whenChanged: 20120313222141.0Z
displayName: ldap
uSNCreated: 13911
memberOf: CN=testgroup,CN=Users,DC=KONETIGER,DC=COM
memberOf: CN=grouptest5,CN=Users,DC=KONETIGER,DC=COM
memberOf: CN=grouptest4,OU=HCM,DC=KONETIGER,DC=COM
memberOf: CN=grouptest3,OU=HCM,DC=KONETIGER,DC=COM
memberOf: CN=grouptest2,CN=Users,DC=KONETIGER,DC=COM
memberOf: CN=testgroup2,CN=Users,DC=KONETIGER,DC=COM
memberOf: CN=grouptest1,CN=Users,DC=KONETIGER,DC=COM
memberOf: CN=Administrators,CN=Builtin,DC=KONETIGER,DC=COM
uSNChanged: 13945
name: ldap
objectGUID:: tmgshoNQOkqU3FSqGJaMdg==
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 129764794966931297
lastLogoff: 0
lastLogon: 129764795110368797
pwdLastSet: 129761505445368599
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUUUgQAAA==
adminCount: 1
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: ldap
sAMAccountType: 805306368
userPrincipalName: ldap@KONETIGER.COM
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM

# vmail, Users, KONETIGER.COM
dn: CN=vmail,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: vmail
givenName: vmail
distinguishedName: CN=vmail,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313221602.0Z
whenChanged: 20120313222141.0Z
displayName: vmail
uSNCreated: 13918
memberOf: CN=testgroup,CN=Users,DC=KONETIGER,DC=COM
memberOf: CN=grouptest5,CN=Users,DC=KONETIGER,DC=COM
memberOf: CN=grouptest4,OU=HCM,DC=KONETIGER,DC=COM
memberOf: CN=grouptest3,OU=HCM,DC=KONETIGER,DC=COM
memberOf: CN=grouptest2,CN=Users,DC=KONETIGER,DC=COM
memberOf: CN=testgroup2,CN=Users,DC=KONETIGER,DC=COM
memberOf: CN=grouptest1,CN=Users,DC=KONETIGER,DC=COM
memberOf: CN=Administrators,CN=Builtin,DC=KONETIGER,DC=COM
uSNChanged: 13946
name: vmail
objectGUID:: 7McsC2xSOEaDZSOw3ISZAA==
userAccountControl: 512
badPwdCount: 1
codePage: 0
countryCode: 0
badPasswordTime: 129767847172107719
lastLogoff: 0
lastLogon: 129764761153034854
pwdLastSet: 129761505629595326
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUUUwQAAA==
adminCount: 1
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: vmail
sAMAccountType: 805306368
userPrincipalName: vmail@KONETIGER.COM
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM

# Manager, Users, KONETIGER.COM
dn: CN=Manager,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Manager
givenName: Manager
distinguishedName: CN=Manager,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120313222028.0Z
whenChanged: 20120313222141.0Z
displayName: Manager
uSNCreated: 13931
memberOf: CN=testgroup,CN=Users,DC=KONETIGER,DC=COM
memberOf: CN=grouptest5,CN=Users,DC=KONETIGER,DC=COM
memberOf: CN=grouptest4,OU=HCM,DC=KONETIGER,DC=COM
memberOf: CN=grouptest3,OU=HCM,DC=KONETIGER,DC=COM
memberOf: CN=Administrators,CN=Builtin,DC=KONETIGER,DC=COM
uSNChanged: 13943
name: Manager
objectGUID:: ktgRrFF7d0qPY/TzGA8Gdw==
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
pwdLastSet: 129761508284458063
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUUVAQAAA==
adminCount: 1
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: manager
sAMAccountType: 805306368
userPrincipalName: manager@KONETIGER.COM
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM

# grouptest1, Users, KONETIGER.COM
dn: CN=grouptest1,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: group
cn: grouptest1
member: CN=vmail,CN=Users,DC=KONETIGER,DC=COM
member: CN=ldap,CN=Users,DC=KONETIGER,DC=COM
distinguishedName: CN=grouptest1,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120314183157.0Z
whenChanged: 20120314183214.0Z
uSNCreated: 13989
uSNChanged: 13992
name: grouptest1
objectGUID:: /hJ6gY9ZB0iGa37Prcq+JQ==
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUUVQQAAA==
sAMAccountName: grouptest1
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM

# testgroup2, Users, KONETIGER.COM
dn: CN=testgroup2,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: group
cn: testgroup2
member: CN=vmail,CN=Users,DC=KONETIGER,DC=COM
member: CN=ldap,CN=Users,DC=KONETIGER,DC=COM
distinguishedName: CN=testgroup2,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120314184757.0Z
whenChanged: 20120319154832.0Z
uSNCreated: 13996
uSNChanged: 14185
name: testgroup2
objectGUID:: Su3rZDcJaUml5xOXzo5wGg==
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUUVgQAAA==
sAMAccountName: testgroup2
sAMAccountType: 268435457
groupType: 2
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM

# grouptest2, Users, KONETIGER.COM
dn: CN=grouptest2,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: group
cn: grouptest2
member: CN=vmail,CN=Users,DC=KONETIGER,DC=COM
member: CN=ldap,CN=Users,DC=KONETIGER,DC=COM
distinguishedName: CN=grouptest2,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120314184819.0Z
whenChanged: 20120314184834.0Z
uSNCreated: 14000
uSNChanged: 14003
name: grouptest2
objectGUID:: dCndVUe+A06nmDJbgGLUxA==
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUUVwQAAA==
sAMAccountName: grouptest2
sAMAccountType: 268435457
groupType: 2
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM

# Nguyen Nhu Ho, Users, KONETIGER.COM
dn: CN=Nguyen Nhu Ho,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Nguyen Nhu Ho
sn: Nguyen Nhu
givenName: Ho
distinguishedName: CN=Nguyen Nhu Ho,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120321095227.0Z
whenChanged: 20120321095227.0Z
displayName: Nguyen Nhu Ho
uSNCreated: 14288
uSNChanged: 14293
name: Nguyen Nhu Ho
objectGUID:: qx27Ju0h7kC0oevayYBoTw==
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
pwdLastSet: 129767971473484760
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUUWAQAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: ho.nguyennhu
sAMAccountType: 805306368
userPrincipalName: ho.nguyennhu@KONETIGER.COM
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM

# grouptest5, Users, KONETIGER.COM
dn: CN=grouptest5,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: group
cn: grouptest5
member: CN=Manager,CN=Users,DC=KONETIGER,DC=COM
member: CN=vmail,CN=Users,DC=KONETIGER,DC=COM
member: CN=ldap,CN=Users,DC=KONETIGER,DC=COM
distinguishedName: CN=grouptest5,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120322085101.0Z
whenChanged: 20120322085127.0Z
uSNCreated: 16451
uSNChanged: 16454
name: grouptest5
objectGUID:: GjWGH+fe5kO7CCHqd7jGew==
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUUWwQAAA==
sAMAccountName: grouptest5
sAMAccountType: 536870912
groupType: -2147483644
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM

# testgroup, Users, KONETIGER.COM
dn: CN=testgroup,CN=Users,DC=KONETIGER,DC=COM
objectClass: top
objectClass: group
cn: testgroup
member: CN=Manager,CN=Users,DC=KONETIGER,DC=COM
member: CN=vmail,CN=Users,DC=KONETIGER,DC=COM
member: CN=ldap,CN=Users,DC=KONETIGER,DC=COM
distinguishedName: CN=testgroup,CN=Users,DC=KONETIGER,DC=COM
instanceType: 4
whenCreated: 20120322085816.0Z
whenChanged: 20120322085828.0Z
uSNCreated: 16458
uSNChanged: 16461
name: testgroup
objectGUID:: 47LyBslzPUO/awGVBD32pA==
objectSid:: AQUAAAAAAAUVAAAA4SPKCk9oafP2ZKUUXAQAAA==
sAMAccountName: testgroup
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=KONETIGER,DC=COM

# search result
search: 2
result: 0 Success

# numResponses: 29
# numEntries: 28
--------------------------------------==== Provide required information to help troubleshoot and get quick answer ====
- Linux/BSD distribution name and version:
- iRedMail version and backend (LDAP/MySQL):
- Any related log? Log is helpful for troubleshooting.
====

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Unable query ad_virtual_group_maps

The sample config file of /etc/postfix/ad_virtual_group_maps.cf in wiki tutorial is:

...
query_filter    = (&(objectClass=group)(mail=%s))
special_result_attribute = member
leaf_result_attribute = mail
result_attribute= userPrincipalName
debuglevel      = 0

And yours:

query_filter    = (&(objectclass=person)(userPrincipalName=%s))
result_attribute= userPrincipalName
result_format   = %d/%u/Maildir/
debuglevel      = 1

Please follow our wiki tutorial STRICTLY.

3

Re: Unable query ad_virtual_group_maps

So sorry about my mistake, I miss post file configure. Here is exactly content info file /etc/postfix/ad_virtual_group_maps.cf:

server_host     = srv1.konetiger.com
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = vmail
bind_pw         = pass_vmail
search_base     = cn=users,dc=konetiger,dc=com
scope           = sub
query_filter    = (&(objectClass=group)(mail=%s))
special_result_attribute = member
leaf_result_attribute = mail
result_attribute= userPrincipalName
debuglevel      = 1

4

Re: Unable query ad_virtual_group_maps

Does it work after updating /etc/postfix/ad_virtual_group_maps.cf?

5

Re: Unable query ad_virtual_group_maps

ZhangHuangbin wrote:

Does it work after updating /etc/postfix/ad_virtual_group_maps.cf?

My mistake to miss post file configure not to have wrong in file /etc/postfix/ad_virtual_group_maps.cf :-) so since it's not working . Could I provide you more info about to check this issue?

Sorry about my poor english. Many thanks.

6

Re: Unable query ad_virtual_group_maps

OK, what's the output message with verify commands mentioned in integration tutorial?
http://iredmail.org/wiki/index.php?titl … in_Postfix

For example:

# postmap -q testgroup@example.com ldap:/etc/postfix/ad_virtual_group_maps.cf

If no result, please add '-v' option to turn on verbose logging:

# postman -v -q testgroup@example.com ldap:/etc/postfix/ad_virtual_group_maps.cf

7

Re: Unable query ad_virtual_group_maps

Here is a result after do that:

postmap -q testgroup@konetiger.com ldap:/etc/postfix/ad_virtual_group_maps.cf

It's return nothing :-(

postmap -v -q testgroup@konetiger.com ldap:/etc/postfix/ad_virtual_group_maps.cf
----------------------------

postmap: dict_eval: const  mail
postmap: dict_eval: const  ipv4
postmap: dict_eval: const
postmap: dict_eval: const
postmap: dict_eval: const
postmap: name_mask: ipv4
postmap: dict_eval: const  server5.konetiger.com
postmap: dict_eval: const  konetiger.com
postmap: dict_eval: const  Postfix
postmap: dict_eval: expand ${multi_instance_name:postfix}${multi_instance_name?$                                              multi_instance_name} -> postfix
postmap: dict_eval: const  postfix
postmap: dict_eval: const  postdrop
postmap: dict_eval: expand $myhostname, localhost, localhost.localdomain, localh                                              ost.$myhostname -> server5.konetiger.com, localhost, localhost.localdomain, loca                                              lhost.server5.konetiger.com
postmap: dict_eval: const  server5.konetiger.com
postmap: dict_eval: const
postmap: dict_eval: const  /usr/lib/postfix
postmap: dict_eval: const  /var/lib/postfix
postmap: dict_eval: const  /usr/sbin
postmap: dict_eval: const  /var/spool/postfix
postmap: dict_eval: const  pid
postmap: dict_eval: const  all
postmap: dict_eval: const
postmap: dict_eval: const  double-bounce
postmap: dict_eval: const  nobody
postmap: dict_eval: const  hash:/etc/postfix/aliases
postmap: dict_eval: const  20100213
postmap: dict_eval: const  2.7.0
postmap: dict_eval: const  hash
postmap: dict_eval: const  deferred, defer
postmap: dict_eval: const  +
postmap: dict_eval: const
postmap: dict_eval: expand $relay_domains ->
postmap: dict_eval: const  TZ MAIL_CONFIG LANG
postmap: dict_eval: const  MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISP                                              LAY LANG=C
postmap: dict_eval: const  subnet
postmap: dict_eval: const
postmap: dict_eval: const  +=
postmap: dict_eval: const  -=+
postmap: dict_eval: const  debug_peer_list,fast_flush_domains,mynetworks,permit_                                              mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps
postmap: dict_eval: const
postmap: dict_eval: const  bounce
postmap: dict_eval: const  cleanup
postmap: dict_eval: const  defer
postmap: dict_eval: const  pickup
postmap: dict_eval: const  qmgr
postmap: dict_eval: const  rewrite
postmap: dict_eval: const  showq
postmap: dict_eval: const  error
postmap: dict_eval: const  flush
postmap: dict_eval: const  verify
postmap: dict_eval: const  trace
postmap: dict_eval: const  proxymap
postmap: dict_eval: const  proxywrite
postmap: dict_eval: const
postmap: dict_eval: const
postmap: dict_eval: const  15728640
postmap: dict_eval: const  100s
postmap: dict_eval: const  100s
postmap: dict_eval: const  100s
postmap: dict_eval: const  100s
postmap: dict_eval: const  3600s
postmap: dict_eval: const  3600s
postmap: dict_eval: const  5s
postmap: dict_eval: const  5s
postmap: dict_eval: const  1000s
postmap: dict_eval: const  1000s
postmap: dict_eval: const  10s
postmap: dict_eval: const  10s
postmap: dict_eval: const  1s
postmap: dict_eval: const  1s
postmap: dict_eval: const  1s
postmap: dict_eval: const  1s
postmap: dict_eval: const  500s
postmap: dict_eval: const  500s
postmap: dict_eval: const  18000s
postmap: dict_eval: const  18000s
postmap: dict_eval: const  1s
postmap: dict_eval: const  1s
postmap: dict_eval: const  127.0.0.0/8
postmap: inet_addr_local: configured 2 IPv4 addresses
postmap: dict_ldap_open: Using LDAP source /etc/postfix/ad_virtual_group_maps.cf
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: server_host = srv1.                                              konetiger.com
postmap: cfg_get_int: /etc/postfix/ad_virtual_group_maps.cf: server_port = 389
postmap: cfg_get_int: /etc/postfix/ad_virtual_group_maps.cf: version = 3
postmap: dict_ldap_open: /etc/postfix/ad_virtual_group_maps.cf server_host URL i                                              s ldap://srv1.konetiger.com:389
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: scope = sub
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: search_base = cn=us                                              ers,dc=konetiger,dc=com
postmap: cfg_get_int: /etc/postfix/ad_virtual_group_maps.cf: timeout = 10
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: query_filter = (&(o                                              bjectClass=group)(mail=%s))
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: result_format = <NU                                              LL>
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: result_filter = %s
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: domain =
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: terminal_result_att                                              ribute =
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: leaf_result_attribu                                              te = mail
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: result_attribute =                                               userPrincipalName
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: special_result_attr                                              ibute = member
postmap: cfg_get_bool: /etc/postfix/ad_virtual_group_maps.cf: bind = on
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: bind_dn = vmail
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: bind_pw = 123456?a
postmap: cfg_get_bool: /etc/postfix/ad_virtual_group_maps.cf: cache = off
postmap: cfg_get_int: /etc/postfix/ad_virtual_group_maps.cf: cache_expiry = -1
postmap: cfg_get_int: /etc/postfix/ad_virtual_group_maps.cf: cache_size = -1
postmap: cfg_get_int: /etc/postfix/ad_virtual_group_maps.cf: recursion_limit = 1                                              000
postmap: cfg_get_int: /etc/postfix/ad_virtual_group_maps.cf: expansion_limit = 0
postmap: cfg_get_int: /etc/postfix/ad_virtual_group_maps.cf: size_limit = 0
postmap: cfg_get_int: /etc/postfix/ad_virtual_group_maps.cf: dereference = 0
postmap: cfg_get_bool: /etc/postfix/ad_virtual_group_maps.cf: chase_referrals =                                               off
postmap: cfg_get_bool: /etc/postfix/ad_virtual_group_maps.cf: start_tls = off
postmap: cfg_get_bool: /etc/postfix/ad_virtual_group_maps.cf: tls_require_cert =                                               off
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: tls_ca_cert_file =
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: tls_ca_cert_dir =
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: tls_cert =
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: tls_key =
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: tls_random_file =
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: tls_cipher_suite =
postmap: cfg_get_int: /etc/postfix/ad_virtual_group_maps.cf: debuglevel = 0
postmap: dict_open: ldap:/etc/postfix/ad_virtual_group_maps.cf
postmap: dict_ldap_lookup: In dict_ldap_lookup
postmap: dict_ldap_lookup: No existing connection for LDAP source /etc/postfix/a                                              d_virtual_group_maps.cf, reopening
postmap: dict_ldap_connect: Connecting to server ldap://srv1.konetiger.com:389
postmap: dict_ldap_connect: Actual Protocol version used is 3.
postmap: dict_ldap_connect: Binding to server ldap://srv1.konetiger.com:389 as d                                              n vmail
postmap: dict_ldap_connect: Successful bind to server ldap://srv1.konetiger.com:                                              389 as vmail
postmap: dict_ldap_connect: Cached connection handle for LDAP source /etc/postfi                                              x/ad_virtual_group_maps.cf
postmap: dict_ldap_lookup: /etc/postfix/ad_virtual_group_maps.cf: Searching with                                               filter (&(objectClass=group)(mail=testgroup@konetiger.com))
postmap: dict_ldap_get_values[1]: Search found 0 match(es)
postmap: dict_ldap_get_values[1]: Leaving dict_ldap_get_values
postmap: dict_ldap_lookup: Search returned nothing
postmap: dict_ldap_close: Closed connection handle for LDAP source /etc/postfix/                                              ad_virtual_group_maps.cf
root@server5:~# postmap -v -q testgroup@konetiger.com ldap:/etc/postfix/ad_virtual_group_maps.cf
postmap: dict_eval: const  mail
postmap: dict_eval: const  ipv4
postmap: dict_eval: const
postmap: dict_eval: const
postmap: dict_eval: const
postmap: name_mask: ipv4
postmap: dict_eval: const  server5.konetiger.com
postmap: dict_eval: const  konetiger.com
postmap: dict_eval: const  Postfix
postmap: dict_eval: expand ${multi_instance_name:postfix}${multi_instance_name?$multi_instance_name} -> postfix
postmap: dict_eval: const  postfix
postmap: dict_eval: const  postdrop
postmap: dict_eval: expand $myhostname, localhost, localhost.localdomain, localhost.$myhostname -> server5.konetiger.com, localhost, localhost.localdomain, localhost.server5.konetiger.com
postmap: dict_eval: const  server5.konetiger.com
postmap: dict_eval: const
postmap: dict_eval: const  /usr/lib/postfix
postmap: dict_eval: const  /var/lib/postfix
postmap: dict_eval: const  /usr/sbin
postmap: dict_eval: const  /var/spool/postfix
postmap: dict_eval: const  pid
postmap: dict_eval: const  all
postmap: dict_eval: const
postmap: dict_eval: const  double-bounce
postmap: dict_eval: const  nobody
postmap: dict_eval: const  hash:/etc/postfix/aliases
postmap: dict_eval: const  20100213
postmap: dict_eval: const  2.7.0
postmap: dict_eval: const  hash
postmap: dict_eval: const  deferred, defer
postmap: dict_eval: const  +
postmap: dict_eval: const
postmap: dict_eval: expand $relay_domains ->
postmap: dict_eval: const  TZ MAIL_CONFIG LANG
postmap: dict_eval: const  MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C
postmap: dict_eval: const  subnet
postmap: dict_eval: const
postmap: dict_eval: const  +=
postmap: dict_eval: const  -=+
postmap: dict_eval: const  debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps
postmap: dict_eval: const
postmap: dict_eval: const  bounce
postmap: dict_eval: const  cleanup
postmap: dict_eval: const  defer
postmap: dict_eval: const  pickup
postmap: dict_eval: const  qmgr
postmap: dict_eval: const  rewrite
postmap: dict_eval: const  showq
postmap: dict_eval: const  error
postmap: dict_eval: const  flush
postmap: dict_eval: const  verify
postmap: dict_eval: const  trace
postmap: dict_eval: const  proxymap
postmap: dict_eval: const  proxywrite
postmap: dict_eval: const
postmap: dict_eval: const
postmap: dict_eval: const  15728640
postmap: dict_eval: const  100s
postmap: dict_eval: const  100s
postmap: dict_eval: const  100s
postmap: dict_eval: const  100s
postmap: dict_eval: const  3600s
postmap: dict_eval: const  3600s
postmap: dict_eval: const  5s
postmap: dict_eval: const  5s
postmap: dict_eval: const  1000s
postmap: dict_eval: const  1000s
postmap: dict_eval: const  10s
postmap: dict_eval: const  10s
postmap: dict_eval: const  1s
postmap: dict_eval: const  1s
postmap: dict_eval: const  1s
postmap: dict_eval: const  1s
postmap: dict_eval: const  500s
postmap: dict_eval: const  500s
postmap: dict_eval: const  18000s
postmap: dict_eval: const  18000s
postmap: dict_eval: const  1s
postmap: dict_eval: const  1s
postmap: dict_eval: const  127.0.0.0/8
postmap: inet_addr_local: configured 2 IPv4 addresses
postmap: dict_ldap_open: Using LDAP source /etc/postfix/ad_virtual_group_maps.cf
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: server_host = srv1.konetiger.com
postmap: cfg_get_int: /etc/postfix/ad_virtual_group_maps.cf: server_port = 389
postmap: cfg_get_int: /etc/postfix/ad_virtual_group_maps.cf: version = 3
postmap: dict_ldap_open: /etc/postfix/ad_virtual_group_maps.cf server_host URL is ldap://srv1.konetiger.com:389
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: scope = sub
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: search_base = cn=users,dc=konetiger,dc=com
postmap: cfg_get_int: /etc/postfix/ad_virtual_group_maps.cf: timeout = 10
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: query_filter = (&(objectClass=group)(mail=%s))
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: result_format = <NULL>
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: result_filter = %s
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: domain =
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: terminal_result_attribute =
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: leaf_result_attribute = mail
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: result_attribute = userPrincipalName
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: special_result_attribute = member
postmap: cfg_get_bool: /etc/postfix/ad_virtual_group_maps.cf: bind = on
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: bind_dn = vmail
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: bind_pw = 123456?a
postmap: cfg_get_bool: /etc/postfix/ad_virtual_group_maps.cf: cache = off
postmap: cfg_get_int: /etc/postfix/ad_virtual_group_maps.cf: cache_expiry = -1
postmap: cfg_get_int: /etc/postfix/ad_virtual_group_maps.cf: cache_size = -1
postmap: cfg_get_int: /etc/postfix/ad_virtual_group_maps.cf: recursion_limit = 1000
postmap: cfg_get_int: /etc/postfix/ad_virtual_group_maps.cf: expansion_limit = 0
postmap: cfg_get_int: /etc/postfix/ad_virtual_group_maps.cf: size_limit = 0
postmap: cfg_get_int: /etc/postfix/ad_virtual_group_maps.cf: dereference = 0
postmap: cfg_get_bool: /etc/postfix/ad_virtual_group_maps.cf: chase_referrals = off
postmap: cfg_get_bool: /etc/postfix/ad_virtual_group_maps.cf: start_tls = off
postmap: cfg_get_bool: /etc/postfix/ad_virtual_group_maps.cf: tls_require_cert = off
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: tls_ca_cert_file =
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: tls_ca_cert_dir =
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: tls_cert =
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: tls_key =
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: tls_random_file =
postmap: cfg_get_str: /etc/postfix/ad_virtual_group_maps.cf: tls_cipher_suite =
postmap: cfg_get_int: /etc/postfix/ad_virtual_group_maps.cf: debuglevel = 0
postmap: dict_open: ldap:/etc/postfix/ad_virtual_group_maps.cf
postmap: dict_ldap_lookup: In dict_ldap_lookup
postmap: dict_ldap_lookup: No existing connection for LDAP source /etc/postfix/ad_virtual_group_maps.cf, reopening
postmap: dict_ldap_connect: Connecting to server ldap://srv1.konetiger.com:389
postmap: dict_ldap_connect: Actual Protocol version used is 3.
postmap: dict_ldap_connect: Binding to server ldap://srv1.konetiger.com:389 as dn vmail
postmap: dict_ldap_connect: Successful bind to server ldap://srv1.konetiger.com:389 as vmail
postmap: dict_ldap_connect: Cached connection handle for LDAP source /etc/postfix/ad_virtual_group_maps.cf
postmap: dict_ldap_lookup: /etc/postfix/ad_virtual_group_maps.cf: Searching with filter (&(objectClass=group)(mail=testgroup@konetiger.com))
postmap: dict_ldap_get_values[1]: Search found 0 match(es)
postmap: dict_ldap_get_values[1]: Leaving dict_ldap_get_values
postmap: dict_ldap_lookup: Search returned nothing
postmap: dict_ldap_close: Closed connection handle for LDAP source /etc/postfix/ad_virtual_group_maps.cf

Kindly help me to check this issue. Thanks for strong support.

8

Re: Unable query ad_virtual_group_maps

Log says:

postmap: dict_ldap_lookup: /etc/postfix/ad_virtual_group_maps.cf: Searching with filter (&(objectClass=group)(mail=testgroup@konetiger.com))
postmap: dict_ldap_get_values[1]: Search found 0 match(es)

That means it cannot find this group with LDAP filter: (&(objectClass=group)(mail=testgroup@konetiger.com)).

According to the LDIF data you posted in previous post:

# testgroup, Users, KONETIGER.COM
dn: CN=testgroup,CN=Users,DC=KONETIGER,DC=COM
objectClass: group
...
sAMAccountName: testgroup
...

i think you have to change LDAP filter in /etc/postfix/ad_virtual_group_maps.cf:

# OLD SETTING
#query_filter    = (&(objectClass=group)(mail=%s))

# NEW SETTING
query_filter    = (&(objectClass=group)(sAMAccountName=%u))

9

Re: Unable query ad_virtual_group_maps

It's working. A big thank for your support ;-)