1

Topic: How to Active Directory Aliases

==== Required information ====
- iRedMail version (check /etc/iredmail-release): iRedMail-0.9.5-1
- Linux/BSD distribution name and version: Ubuntu 14.04.4 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): Windows 2003 Active Directory
- Web server (Apache or Nginx): Apache/2.4.7 (Ubuntu)
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue: as follows...
====
Hi!
   Could you please, kindly tell me how does aliases work when using AD?

Here's what I did so far:

file /etc/postfix/ad_virtual_mailbox_maps.cf

server_host     = myadserver.mydomain
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = aduser@mydomain
bind_pw         = aduserpasswd
search_base     = cn=users,dc=mydomain
scope           = sub
query_filter = (&(objectclass=user)(!(useraccountcontrol:1.2.840.113556.1.4.803:=2))(|(userPrincipalName=%s)(mail=%s)(othermailbox=%s)))
result_attribute= userPrincipalName
result_format   = %d/%u/Maildir/
debuglevel      = 0

I also tried with:

... same config as above

result_attribute= mail

... same config as above

The otherMailBox attribute contains user's aliases in my AD.

For example:

user1@mydomain, has aliases xpto@mydomain, xyz@mydomain and so on...

To test if it is working, I've issued the command:
postmap -q xpto@myadomain ldap:/etc/postfix/ad_virtual_mailbox_maps.cf

It returned:
mydomain/user1/Maildir/
which is correct, because xpto is a user1 alias.

But when I try send an e-mail from Roundcube or SOGo, it returns an error, saying "User unknown".

What did I miss?

Thank you!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 (edited by zuotoski 2016-06-22 21:07:25)

Re: How to Active Directory Aliases

Well, as I managed to do it by myself (and I hope that this is the correct path), I've decided to post how I did, so it can help someone else.

I created a new file /etc/postfix/ad_virtual_alias_maps.cf - which contains:

server_host     = myadserver.mydomain
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = bindaduser@mydomain
bind_pw         = bindaduser_passwd
search_base     = cn=users,dc=mydomain
scope           = sub
query_filter = (&(objectclass=person)(!(useraccountcontrol:1.2.840.113556.1.4.803:=2))(|(mail=%s)(othermailbox=%s)))
result_attribute= mail
debuglevel      = 0

Then changed the following in /etc/postfix/main.cf:

#virtual_alias_maps = proxy:ldap:/etc/postfix/ad_virtual_group_maps.cf
virtual_alias_maps = proxy:ldap:/etc/postfix/ad_virtual_group_maps.cf, proxy:ldap:/etc/postfix/ad_virtual_alias_maps.cf

As you can see, I've commented out the original line and added the new file to the path. I decided to comment out the original line just in case I needed to roll back the process.

Next:
# service postfix restart
#service dovecot restart

And now I can send e-mails to users, groups and aliases from my Active Directory.

If my solution is incorrect, I kindly ask you to give us the right direction.

Cheers smile

3

Re: How to Active Directory Aliases

You have filter "(&...(|(mail=%s)(othermailbox=%s)))" in ad_virtual_alias_maps.cf, will it conflict with "ad_virtual_mailbox_maps.cf"? Do then query same ldap attribute?

Would you mind sharing a screenshot of the "othermailbox" field in AD admin UI?

4 (edited by zuotoski 2016-06-23 00:18:09)

Re: How to Active Directory Aliases

ZhangHuangbin wrote:

You have filter "(&...(|(mail=%s)(othermailbox=%s)))" in ad_virtual_alias_maps.cf, will it conflict with "ad_virtual_mailbox_maps.cf"? Do then query same ldap attribute?

Would you mind sharing a screenshot of the "othermailbox" field in AD admin UI?

Sorry, I forgot to remove it from "ad_virtual_mailbox_maps.cf" - it didn't work as expected, this is why I had to create another file and include it to main.cf.

othermailbox e a text sequencial field (one mail address per line). It doesn't validate the content. The only way to update this field is using ADSI Edit. Usually it is automatically filled by Microsoft Exchange Server when aliases are created by the administrator. Nothing fancy. But, if you still want a screenshot, I can provide it for you, no problem.

My "new" ad_virtual_mailbox_maps.cf looks like this now:

server_host     = myadserver.myadomin
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = aduserforbind@mydomain
bind_pw         = aduserforbind_passwd
search_base     = cn=users,dc=mydomain
scope           = sub
query_filter    = (&(objectclass=person)(userPrincipalName=%s))
result_attribute= userPrincipalName
result_format   = %d/%u/Maildir/
debuglevel      = 0

... just like the tutorial.

Cheers.

5 (edited by nemp 2016-08-31 03:37:53)

Re: How to Active Directory Aliases

when  in /etc/postfix/ad_virtual_alias_maps.cf
i change  param [result_attribute= mail]  to [result_attribute= mail,othermailbox] (remember about setting (othermailbox) in AD(in my situation W2012r2) for some user ) all WORK.

6

Re: How to Active Directory Aliases

@nemp, Thanks for sharing. smile