1 (edited by saidmsl 2010-04-30 01:03:26)

Topic: samba integration

Hi,

i have modified iredmail to use the same account for mail and samba :
for me it's working but as i have changed the dn , maybe need further testing :

in create_mail _user_OPENLDAP.sh , line 206 replace code with  (remove the ldapadd up to EOF):

smbldap-useradd -a -m -c "${USERNAME}" ${USERNAME}

ldapmodify -x -D "${BINDDN}" -w "${BINDPW}" << EOF
dn: uid=${USERNAME},${OU_USER_DN},${DOMAIN_DN},${BASE_DN}
changetype: modify
add: objectClass
objectClass: mailUser
-
add: storageBaseDirectory
storageBaseDirectory: ${STORAGE_BASE_DIRECTORY}
-
replace: homeDirectory
homeDirectory: ${STORAGE_BASE_DIRECTORY}/${maildir}
-
add: accountStatus
accountStatus: active
-
add: mailMessageStore
mailMessageStore: ${maildir}
-
add: mail
mail: ${MAIL}
-
add: shadowAddress
shadowAddress: ${MAIL}
-
add: mailQuota
mailQuota: ${QUOTA}
-
add: userPassword
userPassword: ${PASSWD}
-
add: enabledService
enabledService: mail
enabledService: pop3
enabledService: pop3secured
enabledService: imap
enabledService: imapsecured
enabledService: managesieve
enabledService: managesievesecured
enabledService: smtp
enabledService: deliver
enabledService: forward
enabledService: senderbcc
enabledService: recipientbcc
enabledService: shadowaddress
enabledService: displayedInGlobalAddressBook
-
add: memberOfGroup
memberOfGroup: all@${DOMAIN_NAME}
EOF

use it with smbldap-tools and in smb.conf , OU is :

ldap suffix = domainName=<domain>,o=domains,dc=<base>,dc=<base>


instead of using dn as mail=<user>@domain.com, im using uid=<user>

please comment

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: samba integration

Using uid instead of mail in dn should be OK too. but currently, i don't want to change this in iRedMail. That means you can't use iRedAdmin(-Pro) to manage your accounts.

Another way is tring to change Samba settings, make it work with 'mail' in dn, but i didn't test it yet, not sure whether it works or not. If you can give me some references/links/tutorials about Samba+OpenLDAP integration, i can test it when i have time. (i did integrate them before, but it was about 2-3 years ago, just want to make sure the latest versions can work together.)

I will try to integrate Samba/PureFTPd in iRedAdmin-Pro as plugins, but not in coming release versions.

3

Re: samba integration

yes. that's why we need more test.
i need to see if samba (and nss_ldap) can use mail as dn instead of uid
let me look into

my ref is idealx tutorial which was great (but the company has changed now)
need to use smbldap-tools

4

Re: samba integration

saidmsl wrote:

i need to see if samba (and nss_ldap) can use mail as dn instead of uid

As i know, Samba doesn't use full dn, it just need attribute 'uid' and ldap filter, so dn is not important.

correct me if i was wrong.

5

Re: samba integration

ldap filter have been disabled
the mapping should be done in /etc/ldap.conf (nss_ldap) but i could not make work

i'm still testing it

6

Re: samba integration

I saw this in nss_ldap(5), that means you can use filter in nss_ldap config file:

nss_base_<map> <basedn?scope?filter>

Specify the search base, scope and filter to be used for specific maps. (Note that map forms part of the configuration file keyword and is one of passwd, shadow, group, hosts, services, networks, protocols, rpc, ethers, netmasks, bootparams, aliases and netgroup.) The syntax of basedn and scope are the same as for the configuration file options of the same name, with the addition of being able to omit the trailing suffix of the base DN (in which case the global base DN will be appended instead). The filter is a search filter to be added to the default search filter for a specific map, such that the effective filter is the logical intersection of the two. The base DN, scope and filter are separated with literal question marks (?) as given above; this is for compatibility with the DUA configuration profile schema and the ldapprofile tool. This option may be specified multiple times.

7

Re: samba integration

Hi,
i've already deliver the server
i will prepare another one this weekend and test it again
it's not the nss base but need to maps objectclass and attribute

will let you know

Rgds

8

Re: samba integration

Hi,

have advanced , i keep your schema : dn : mail=said6,....
and modified smbldap-useradd

however i do not understand something :

i type :
id said6
return : no user

the log :

Apr 30 06:58:25 iredos slapd[2691]: conn=21 op=1 SRCH base="o=domains,dc=iredmail,dc=org" scope=2 deref=0 filter="(&(objectClass=mailUser)(uid=said6))"
Apr 30 06:58:25 iredos slapd[2691]: conn=21 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Apr 30 06:58:25 iredos slapd[2691]: conn=21 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Apr 30 06:58:25 iredos slapd[2691]: conn=21 fd=19 closed (connection lost)


however if i use the same filter in phpldapadmin. i got the user

i tried with both manager and vmail login

9

Re: samba integration

saidmsl wrote:

i type :
id said6
return : no user

Where did you type?

Apr 30 06:58:25 iredos slapd[2691]: conn=21 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=

nentries=1 means it found an object.

10

Re: samba integration

Hi,

got it finally, with lots of hackings .

i clean the code. do some more tests in production site if i did not forget anything
and will publish the changes.

summary :
- i keep IRM schema (dn:mail=user@domain,....)
- i changed smbldap-tools code
- i changed nss_ldap (/etc/ldap.conf)

do you think worth integrating it with irm? especially on install (install samba ,....)?
Rgds

11

Re: samba integration

Great news smile

saidmsl wrote:

do you think worth integrating it with irm? especially on install (install samba ,....)?

Publiced as documentation will be better. We should focus on mail server solution.

12

Re: samba integration

any news on integration or documentation on that topic?

13

Re: samba integration

mike.f wrote:

any news on integration or documentation on that topic?

No news.
I didn't try it yet. Sorry.

14

Re: samba integration

Hi,

if anyone is interested , contact me. i don't have time actually for a proper documentation , but i can help

rgds

15

Re: samba integration

hi saidmls,

we are always interested smile

there is a feature-request in this thread LDAP Password Policies for iRedAdmin and iRedMail

I was thinking: this might be catched by using some (or all?) parts of the samba.schema. So your knowledge, hints and feedback is welcome wink

16

Re: samba integration

Hi,
saidmsl and ZhangHuangbin, this thread is very very related to my situation...
I have installed the IRedMail and now i want to integrate same with samba..
I am following the tutorial in below link.

http://www.ubuntudoctor.com/content/blo … -with-LDAP

and i want to add some more points,
1. The above tutorial worked for me as standalone..
2. But now i want to integrate bot Iredmail and samba server.
3. For that I have first installed Iredmail on new server and following the above tutorial to make it work with samba

so I keep on posting my problems one by one in the thread below
http://www.iredmail.org/forum/post9386.html#p9386

I think saidmsl experience will help me a lot, Please reply back if u want to help..
or ZhangHuangbin if u have any idea to do that..

17

Re: samba integration

Hi,

have reworked on the samba integration. still 2 issues , if any ideas :
- to create new users, you need to use the script create_mail_user_OpenLDAP.sh which itself call smbldap-useradd
- rouncube change password does not work : if an user change his password , he can no longer access the server

for the rouncube : there's a patch , working on it.

Rgds

18

Re: samba integration

hi, is there any chance you could share with us your latest reworked samba integration? thanks

19

Re: samba integration

I wrote saidmsl an email asking for some clues. Anyone else out there successful in integrating samba?

btw: is there no IRC channel?