Please show us your /etc/postfix/ad_virtual_group_maps.cf.

Check parameters below in that file:

It first queries with filter "(&(objectClass=group)(mail=<email_of_group>))", it should return the "member" attribute with full DN of your mail users as value. Then it queries the dn of mail users to get value of "userPrincipalName" (in user object) as group members.

You can do the LDAP query manually with 'ldapsearch' or other ldap management tool to verify whether your AD contains proper data.

Create mail users/groups with AD management tool.

Yes. The mailbox will be created automatically when user logs in the first time.

iRedMail queries AD, but not write any data in AD.

If you follow our tutorial carefully, you can see the domain name is hard-coded in config files, you can replace them by the one you want to use.

"If you follow our tutorial carefully, you can see the domain name is hard-coded in config files, you can replace them by the one you want to use."

Could you please point me to something. Sorry new to it and unsure how to complete this bit

Ok I think i am moving forward.

I have modified the ldap file in devecot as this:

dovecot-ldap.conf

#hosts           = 127.0.0.1:389
#ldap_version    = 3
#auth_bind       = yes
#dn              = cn=vmail,dc=example,dc=com
#dnpass          = 76uq03VNVcwnT2E3scBnK6y6fYNswL
#base            = o=domains,dc=example,dc=com
#scope           = subtree
#deref           = never

hosts           = ad.rajbps.loca:389
ldap_version    = 3
auth_bind       = yes
dn              = vmail
dnpass          = **********
base            = cn=users,dc=rajbps,dc=loca
scope           = subtree
deref           = never

# Below two are required by command 'doveadm mailbox ...'
iterate_attrs   = mail=user
iterate_filter  = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail))

#user_filter     = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
user_filter     = (&(userPrincipalName=%n@rajbps.loca)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
#user_attrs      = mail=master_user,mail=user,homeDirectory=home,=mail=maildir:~/Maildir/,mailQuota=quota_rule=*:bytes=%$
user_attrs      = =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir/

# Used for dn lookup
#pass_filter     = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
pass_filter     = (&(userPrincipalName=%n@rajbps.loca)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
#pass_attrs      = mail=user,userPassword=password,allowNets=allow_nets
pass_attrs      = userPassword=password
default_pass_scheme = CRYPT

And the postfix files :

ad_sender_login_maps.cf

server_host     = ad.rajbps.loca
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = vmail
bind_pw         = **********
search_base     = cn=users,dc=rajbps,dc=loca
scope           = sub
query_filter    = (&(userPrincipalName=%u@rajbps.loca)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
result_attribute= userPrincipalName
debuglevel      = 0

ad_virtual_group_maps.cf

server_host     = ad.rajbps.loca
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = vmail
bind_pw         = *********
search_base     = cn=users,dc=rajbps,dc=loca
scope           = sub
query_filter    = (&(objectClass=group)(mail=%u@rajbps.loca))
special_result_attribute = member
leaf_result_attribute = mail
result_attribute= userPrincipalName
debuglevel      = 0

ad_virtual_mailbox_maps.cf

server_host     = ad.rajbps.loca
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = vmail
bind_pw         = *********
search_base     = cn=users,dc=rajbps,dc=loca
scope           = sub
query_filter    = (&(objectclass=person)(userPrincipalName=%u@rajbps.loca))
result_attribute= userPrincipalName
result_format   = %d/%u/Maildir/
debuglevel      = 0

So now I can login with user@rajbps.co.uk and user.

If I user just the username, I get log in as user@127.0.0.1

How can I stop that please and have users forced to use the full email address as user@rajbps.co.uk

and second is I can not get logge don sogo but the details workes in the web interface.

Cheers ,

Rajbps

Hiya,

I followed the instructions as follows:

"Disable 'auth_default_realm =' in /etc/dovecot/dovecot.conf, and disable 'username_domain' in Roundcube config file."

Here is the files:
dovecot.conf

# Listen addresses.
#   - '*' means all available IPv4 addresses.
#   - '[::]' means all available IPv6 addresses.
# Listen on all available addresses by default
listen = * [::]

#base_dir = /var/run/dovecot
mail_plugins = quota mailbox_alias acl

# Enabled mail protocols.
protocols = pop3 imap sieve lmtp

# User/group who owns the message files:
mail_uid = 2000
mail_gid = 2000

# Assign uid to virtual users.
first_valid_uid = 2000
last_valid_uid = 2000

# Logging. Reference: http://wiki2.dovecot.org/Logging
log_path = /var/log/dovecot.log

# Debug
#mail_debug = yes
#auth_verbose = yes
#auth_debug = yes
#auth_debug_passwords = yes
# Possible values: no, plain, sha1.
#auth_verbose_passwords = no

# SSL: Global settings.
# Refer to wiki site for per protocol, ip, server name SSL settings:
# http://wiki2.dovecot.org/SSL/DovecotConfiguration
ssl_protocols = !SSLv2 !SSLv3
ssl = required
verbose_ssl = no
#ssl_ca = </path/to/ca
ssl_cert = </etc/pki/tls/certs/iRedMail.crt
ssl_key = </etc/pki/tls/private/iRedMail.key

# Fix 'The Logjam Attack'
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
# Dovecot 2.2.6 or greater:
# Specify the wanted DH parameters length
ssl_dh_parameters_length = 2048
ssl_prefer_server_ciphers = yes

# IP ranges specified by login_trusted_networks setting are assumed to be secure.
#login_trusted_networks = 127.0.0.1

# With disable_plaintext_auth=yes AND ssl=required, STARTTLS is mandatory.
# Set disable_plaintext_auth=no AND ssl=yes to allow plain password transmitted
# insecurely.
disable_plaintext_auth = yes
# Allow plain text password per IP address/net
#remote 192.168.0.0/24 {
#   disable_plaintext_auth = no
#}

# Mail location and mailbox format.
mail_location = maildir:%Lh/Maildir/:INDEX=%Lh/Maildir/

# Authentication related settings.
# Append this domain name if client gives empty realm.
###auth_default_realm = rajbps.co.uk

# Authentication mechanisms.
auth_mechanisms = PLAIN LOGIN

# Limits the number of users that can be logging in at the same time.
# Default is 100. This can be overridden by `process_limit =` in
# `service [protocol]` block.
# e.g.
#       protocol imap-login {
#           ...
#           process_limit = 500
#       }
#default_process_limit = 100

service auth {
    unix_listener /var/spool/postfix/private/dovecot-auth {
        user = postfix
        group = postfix
        mode = 0666
    }
    unix_listener auth-master {
        user = vmail
        group = vmail
        mode = 0666
    }
    unix_listener auth-userdb {
        user = vmail
        group = vmail
        mode = 0660
    }
}

# LMTP server (Local Mail Transfer Protocol).
# Reference: http://wiki2.dovecot.org/LMTP
service lmtp {
    user = vmail

    # For higher volume sites, it may be desirable to increase the number of
    # active listener processes. A range of 5 to 20 is probably good for most
    # sites.
    process_min_avail = 5

    # Logging.
    # Require 'info_log_path =' in 'protocol lmtp {}' block.
    executable = lmtp -L

    # Listening on socket file and TCP
    unix_listener /var/spool/postfix/private/dovecot-lmtp {
        user = postfix
        group = postfix
        mode = 0600
    }

    inet_listener lmtp {
        # Listen on localhost (ipv4)
        address = 127.0.0.1
        port = 24
    }
}

# Virtual mail accounts.
userdb {
    args = /etc/dovecot/dovecot-ldap.conf
    driver = ldap
}
passdb {
    args = /etc/dovecot/dovecot-ldap.conf
    driver = ldap
}

# Master user.
# Master users are able to log in as other users. It's also possible to
# directly log in as any user using a master password, although this isn't
# recommended.
# Reference: http://wiki2.dovecot.org/Authentication/MasterUsers
auth_master_user_separator = *
passdb {
    driver = passwd-file
    args = /etc/dovecot/dovecot-master-users
    master = yes
}

plugin {
    auth_socket_path = /var/run/dovecot/auth-master

    # Quota configuration.
    # Reference: http://wiki2.dovecot.org/Quota/Configuration
    quota = dict:user::proxy::quotadict
    quota_rule = *:storage=1G
    #quota_rule2 = *:messages=0
    #quota_rule3 = Trash:storage=1G
    #quota_rule4 = Junk:ignore

    # Quota warning.
    #
    # If user suddenly receives a huge mail and the quota jumps from
    # 85% to 95%, only the 95% script is executed.
    #
    # Only the command for the first exceeded limit is executed, so configure
    # the highest limit first.
    quota_warning = storage=100%% quota-warning 100 %u
    quota_warning2 = storage=95%% quota-warning 95 %u
    quota_warning3 = storage=90%% quota-warning 90 %u
    quota_warning4 = storage=85%% quota-warning 85 %u

    # allow user to become max 10% (or 50 MB) over quota
    quota_grace = 10%%
    #quota_grace = 50 M

    # Custom Quota Exceeded Message.
    # You can specify the message directly or read the message from a file.
    #quota_exceeded_message = Quota exceeded, please try again later.
    #quota_exceeded_message = </path/to/quota_exceeded_message.txt

    # Plugin: expire.
    #expire = Trash 7 Trash/* 7 Junk 30
    #expire_dict = proxy::expire

    # ACL and share folder
    acl = vfile
    acl_shared_dict = proxy::acl

    # By default Dovecot doesn't allow using the IMAP "anyone" or
    # "authenticated" identifier, because it would be an easy way to spam
    # other users in the system. If you wish to allow it,
    #acl_anyone = allow

    # Pigeonhole managesieve service.
    # Reference: http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration
    # Per-user sieve settings.
    sieve_dir = %Lh/sieve
    sieve = %Lh/sieve/dovecot.sieve

    # Global sieve settings.
    sieve_global_dir = /var/vmail/sieve
    # Note: if user has personal sieve script, global sieve rules defined in
    #       sieve_default will be ignored. Please use sieve_before or
    #       sieve_after instead.
    #sieve_default =

    sieve_before = /var/vmail/sieve/dovecot.sieve
    #sieve_after =

    # The maximum number of redirect actions that can be performed during a
    # single script execution.
    # The meaning of 0 differs based on your version. For pigeonhole-0.3.0 and
    # beyond this means that redirect is prohibited. For older versions,
    # however, this means that the number of redirects is unlimited.
    #sieve_max_redirects = 4

    # Reference: http://wiki2.dovecot.org/Plugins/MailboxAlias
    mailbox_alias_old = Sent
    mailbox_alias_new = Sent Messages
    mailbox_alias_old2 = Sent
    mailbox_alias_new2 = Sent Items
}

service quota-warning {
    executable = script /usr/local/bin/dovecot-quota-warning.sh
    unix_listener quota-warning {
        user = vmail
        group = vmail
        mode = 0660
    }
}

service dict {
    unix_listener dict {
        mode = 0660
        user = vmail
        group = vmail
    }
}

dict {
    #expire = db:/var/lib/dovecot/expire/expire.db
    quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
    acl = mysql:/etc/dovecot/dovecot-share-folder.conf
}

protocol lda {
    # Reference: http://wiki2.dovecot.org/LDA
    mail_plugins = $mail_plugins sieve
    auth_socket_path = /var/run/dovecot/auth-master
    log_path = /var/log/dovecot-sieve.log
    lda_mailbox_autocreate = yes
    lda_mailbox_autosubscribe = yes
    postmaster_address = root
}

protocol lmtp {
    # Log file
    info_log_path = /var/log/dovecot-lmtp.log

    # Plugins
    mail_plugins = quota sieve
    postmaster_address = postmaster

    lmtp_save_to_detail_mailbox = yes
    recipient_delimiter = +
}

protocol imap {
    mail_plugins = $mail_plugins imap_quota imap_acl
    imap_client_workarounds = tb-extra-mailbox-sep

    # Maximum number of IMAP connections allowed for a user from each IP address.
    # NOTE: The username is compared case-sensitively.
    # Default is 10.
    # Increase it to avoid issue like below:
    # "Maximum number of concurrent IMAP connections exceeded"
    mail_max_userip_connections = 30
}

protocol pop3 {
    mail_plugins = $mail_plugins
    pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
    pop3_uidl_format = %08Xu%08Xv

    # Maximum number of IMAP connections allowed for a user from each IP address.
    # NOTE: The username is compared case-sensitively.
    # Default is 10.
    mail_max_userip_connections = 30
}

# Login processes. Refer to Dovecot wiki for more details:
# http://wiki2.dovecot.org/LoginProcess
service imap-login {
    #inet_listener imap {
    #    port = 143
    #}
    #inet_listener imaps {
    #    port = 993
    #    ssl = yes
    #}
    #
    # Require Dovecot-2.2.19+
    #inet_listener imap_haproxy {
    #    port = 10143
    #    haproxy = yes
    #}

    service_count = 1

    # To avoid startup latency for new client connections, set process_min_avail
    # to higher than zero. That many idling processes are always kept around
    # waiting for new connections.
    #process_min_avail = 0

    # number of simultaneous IMAP connections
    process_limit = 500

    # vsz_limit should be fine at its default 64MB value
    #vsz_limit = 64M
}

service pop3-login {
    #inet_listener pop3 {
    #    port = 110
    #}
    #inet_listener pop3s {
    #    port = 995
    #    ssl = yes
    #}
    #
    # Require Dovecot-2.2.19+
    #inet_listener pop3_haproxy {
    #    port = 10110
    #    haproxy = yes
    #}

    service_count = 1

    # number of simultaneous POP3 connections
    #process_limit = 500
}

service managesieve-login {
    inet_listener sieve {
        # Listen on localhost (ipv4)
        address = 127.0.0.1
        port = 4190
    }
}

namespace {
    type = private
    separator = /
    prefix =
    #location defaults to mail_location.
    inbox = yes

    # Refer to document for more details about alias mailbox:
    # http://wiki2.dovecot.org/MailboxSettings
    #
    # Sent
    mailbox Sent {
        auto = subscribe
        special_use = \Sent
    }
    mailbox "Sent Messages" {
        auto = no
        special_use = \Sent
    }
    mailbox "Sent Items" {
        auto = no
        special_use = \Sent
    }

    mailbox Drafts {
        auto = subscribe
        special_use = \Drafts
    }

    # Trash
    mailbox Trash {
        auto = subscribe
        special_use = \Trash
    }

    mailbox "Deleted Messages" {
        auto = no
        special_use = \Trash
    }

    # Junk
    mailbox Junk {
        auto = subscribe
        special_use = \Junk
    }
    mailbox Spam {
        auto = no
        special_use = \Junk
    }
    mailbox "Junk E-mail" {
        auto = no
        special_use = \Junk
    }

    # Archive
    mailbox Archive {
        auto = no
        special_use = \Archive
    }
    mailbox Archives {
        auto = no
        special_use = \Archive
    }
}

namespace {
    type = shared
    separator = /
    prefix = Shared/%%u/
    location = maildir:%%Lh/Maildir/:INDEX=%%Lh/Maildir/Shared/%%u
    # this namespace should handle its own subscriptions or not.
    subscriptions = yes
    list = children
}

# Public mailboxes.
# Refer to Dovecot wiki page for more details:
# http://wiki2.dovecot.org/SharedMailboxes/Public
#namespace {
#    type = public
#    separator = /
#    prefix = Public/
#
#    # CONTROL=: Mark this public folder as read-only mailbox
#    # INDEX=: Per-user \Seen flag
#    location = maildir:/var/vmail/public/:CONTROL=~/Maildir/public:INDEX=~/Maildir/public
#
#    # Allow users to subscribe to the public folders.
#    subscriptions = yes
#}

and the second one is :  config.inc.php

in
/var/www/roundcubemail-1.2.0/config/config.inc.php

<?php

// SQL DATABASE
$config['db_dsnw'] = 'mysqli://roundcube:7Ud0KqnCmL6PTmuGW46e87Hv96Tupr@127.0.0.1/roundcubemail';

// LOGGING
$config['log_driver'] = 'syslog';
$config['syslog_facility'] = LOG_MAIL;

// IMAP
$config['default_host'] = '127.0.0.1';
$config['default_port'] = 143;
$config['imap_auth_type'] = 'LOGIN';
$config['imap_delimiter'] = '/';
// Required if you're running PHP 5.6
$config['imap_conn_options'] = array(
    'ssl' => array(
        'verify_peer'  => false,
        'verify_peer_name' => false,
    ),
);

// SMTP
$config['smtp_server'] = 'tls://127.0.0.1';
$config['smtp_port'] = 587;
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['smtp_auth_type'] = 'LOGIN';
// Required if you're running PHP 5.6
$config['smtp_conn_options'] = array(
    'ssl' => array(
        'verify_peer'      => false,
        'verify_peer_name' => false,
    ),
);

// Use user's identity as envelope sender for 'return receipt' responses,
// otherwise it will be rejected by iRedAPD plugin `reject_null_sender`.
$config['mdn_use_from'] = true;

// SYSTEM
$config['force_https'] = true;
$config['login_autocomplete'] = 2;
$config['ip_check'] = true;
$config['des_key'] = 'uC2YPaQRXc47PVDera94n4Rq';
$config['useragent'] = 'Roundcube Webmail'; // Hide version number
####//$config['username_domain'] = 'rajbps.co.uk';
$config['mime_types'] = '/etc/mime.types';

// USER INTERFACE
$config['create_default_folders'] = true;
$config['quota_zero_as_unlimited'] = true;

// USER PREFERENCES
$config['default_charset'] = 'UTF-8';
//$config['addressbook_sort_col'] = 'name';
$config['draft_autosave'] = 60;
$config['preview_pane'] = true;
$config['default_list_mode'] = 'threads';
$config['autoexpand_threads'] = 2;
$config['check_all_folders'] = true;
$config['default_font_size'] = '12pt';
$config['message_show_email'] = true;

// PLUGINS
$config['plugins'] = array('managesieve', 'password');

// Global LDAP address book.
$config['ldap_public']["global_ldap_abook"] = array(
    'name'              => 'Global LDAP Address Book',
    'hosts'             => array('127.0.0.1'),
    'port'              => 389,
    'use_tls'           => false,
    'ldap_version'      => '3',
    'network_timeout'   => 10,
    'user_specific'     => true,

    // Search mail users under same domain.
    'base_dn'       => 'domainName=%d,o=domains,dc=example,dc=com',
    'bind_dn'       => 'mail=%u@%d,ou=Users,domainName=%d,o=domains,dc=example,dc=com',

    'hidden'        => false,
    'searchonly'    => false,
    'writable'      => false,

    'search_fields' => array('mail', 'cn', 'sn', 'givenName', 'street', 'telephoneNumber', 'mobile', 'stree', 'postalCode'),

    // mapping of contact fields to directory attributes
    'fieldmap' => array(
        'name'          => 'cn',
        'surname'       => 'sn',
        'firstname'     => 'givenName',
        'title'         => 'title',
        'email'         => 'mail:*',
        'phone:work'    => 'telephoneNumber',
        'phone:mobile'  => 'mobile',
        'street'        => 'street',
        'zipcode'       => 'postalCode',
        'locality'      => 'l',
        'department'    => 'departmentNumber',
        'notes'         => 'description',
        'name'          => 'cn',
        'surname'       => 'sn',
        'firstname'     => 'givenName',
        'title'         => 'title',
        'email'         => 'mail:*',
        'phone:work'    => 'telephoneNumber',
        'phone:mobile'  => 'mobile',
        'phone:workfax' => 'facsimileTelephoneNumber',
        'street'        => 'street',
        'zipcode'       => 'postalCode',
        'locality'      => 'l',
        'department'    => 'departmentNumber',
        'notes'         => 'description',
        'photo'         => 'jpegPhoto',
    ),
    'sort'          => 'cn',
    'scope'         => 'sub',
    'filter'        => '(&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))',
    'fuzzy_search'  => true,
    'vlv'           => false,   // Enable Virtual List View to more efficiently fetch paginated data (if server supports it)
    'sizelimit'     => '0',     // Enables you to limit the count of entries fetched. Setting this to 0 means no limit.
    'timelimit'     => '0',     // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit.
    'referrals'     => false,  // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups

    'group_filters' => array(
        'departments' => array(
            'name'    => 'Mailing Lists',
            'scope'   => 'sub',
            'base_dn' => 'domainName=%d,o=domains,dc=example,dc=com',
            'filter'  => '(&(|(objectclass=mailList)(objectClass=mailAlias))(accountStatus=active)(enabledService=displayedInGlobalAddressBook))',
            'name_attr' => 'cn',
            'email'     => 'mail',
        ),
    ),
);
$config['autocomplete_addressbooks'] = array('sql', 'global_ldap_abook');

Unfortunately when I try to login as user instead of user@rajbps.co.uk, it still lets me in with user@127.0.0.1

Could you assist please?

Rajbps

Do you have correct SQL username and password in parameter "SOGoProfileURL =" in /etc/sogo/sogo.conf? Please verify it.

Increase "SxVMemLimit" to a slightly higher value in /etc/sogo/sogo.conf, e.g. 500 MB. like this:

SxVMemLimit = 500;

Hiya,

I had installed iredmail with ldap support so I dont think of doing anything with mysql. I had a look and found s file called
settings.py in  /var/www/iRedAdmin-0.6.2/

There are details of mysql here and more.

I used the details of th elast bit :

# Settings used for iRedAPD integration: throttling and more.
#
# Enable iRedAPD integration.
iredapd_enabled = True

# SQL server/port and credential used to connect to iRedAPD SQL database.
iredapd_db_host = "127.0.0.1"
iredapd_db_port = "3306"
iredapd_db_name = "iredapd"
iredapd_db_user = "iredapd"
iredapd_db_password = "password changed for forum"

I was able to log on mysql and when I do a show databases;
This is the answer:

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| iredapd            |
+--------------------+
2 rows in set (0.00 sec)

MariaDB [(none)]>

Cant seem to log on as root there. This is a test box so if need be I can start again.

In regards to devecot, after doing those changes I had rebooted the box but still no change.

Rajbps

Hi ZhangHuangbin,

I feela bit lost on this. When you install iredmail with ldap and select sogo also in the install script, does it install and configure it. If yes, once done and then make the modifications for Active directory to work, is there anything else that I need to change in the Sogo conf file. Sorry very new to this and trying to find my way around.
Cheers,

rajbps

Hi ZhangHuangbin,

Here is my config for sogo.conf

{
    //
    //  - Official SOGo document: http://sogo.nu/support/index.html#/documentation
    //  - Mailing list: http://sogo.nu/support/index.html#/community
    //

    // Daemon address and port
    WOPort = 127.0.0.1:20000;

    // PID file
    //WOPidFile = /var/run/sogo/sogo.pid;

    // Log file
    //WOLogFile = /var/log/sogo/sogo.log;

    // Enable verbose logging. Reference:
    // http://www.sogo.nu/nc/support/faq/artic … -sogo.html
    //SOGoDebugRequests = YES;
    //SOGoEASDebugEnabled = YES;
    //ImapDebugEnabled = YES;
    //LDAPDebugEnabled = YES;
    //MySQL4DebugEnabled = YES;
    //PGDebugEnabled = YES;

    // set the maximum allowed size for content being sent to SOGo, this can
    // also limit the file attachment size being uploaded to SOGo when
    // composing a mail. Default is 0 or disabled (unlimit).
    // The value is in kilobyte.
    //WOMaxUploadSize = 0;

    // Define the URL to online help for SOGo. When set, an additional icon
    // will appear near the logout button in SOGo's web interface. The URL
    // will always be open in a blank target.
    //SOGoHelpURL = '';

    // Performance Tuning
    //
    // The amount of instances of SOGo that will be spawned to handle multiple
    // requests simultaneously. When started from the init script, that amount
    // is overriden by the `PREFORK=` setting in /etc/sysconfig/sogo or
    // /etc/default/sogo. A value of 3 is a reasonable default for low usage.
    // The maximum value depends on the CPU and IO power provided by your
    // machine: a value set too high will actually decrease performances under
    // high load.
    //
    // You should have at least one child per EAS device configured to use
    // "push". You must also have more children than you have EAS devices
    // configured to use "push" - in order to handle normal SOGo requests to
    // its Web or DAV interfaces.
    //
    // Defaults to 1 when unset, increase it if you see below error message in
    // sogo log file: 'No child available to handle incoming request'
    //
    // WARNING:
    //      - on RHEL/CentOS, this setting is controlled by parameter
    //        'PREFORK=' defined in /etc/default/sogo.
    //      - on Debian/Ubuntu, this setting is controlled by parameter
    //        'PREFORK=' defined in /etc/default/sogo.
    WOWorkersCount = 10;

    // Parameter used to set the maximum amount of time, in seconds, SOGo will
    // wait before replying to a Ping command.
    // If not set, it defaults to 10 seconds.
    SOGoMaximumPingInterval = 3540;

    // Parameter used to set the maximum amount of time, in seconds, SOGo will
    // wait before replying to a Sync command.
    // If not set, it defaults to 30 seconds.
    SOGoMaximumSyncInterval = 3540;

    // Parameter used to set the maximum amount of time, in seconds, SOGo will
    // wait before doing an internal check for data changes (add, delete, and
    // update). This parameter must be lower than SOGoMaximumSyncInterval and
    // SOGoMaximumPingInterval.
    // If not set, it defaults to 10 seconds.
    SOGoInternalSyncInterval = 30;

    // Specifies the number of minutes after which a busy child process will be
    // killed by the parent process.
    // Defaults to 10 (minutes).
    WOWatchDogRequestTimeout = 60;

    // Overwrite the maximum number of items returned during a Sync operation.
    // Defaults to 0, which means no overwrite is performed.
    // Setting this parameter to a value greater than 512 will have unexpected
    // behaviour with various ActiveSync clients.
    SOGoMaximumSyncWindowSize = 100;

    // Overwrite the maximum response size during a Sync operation.
    // The value is in kilobytes. Setting this to 512 means the response size
    // will be of 524288 bytes or less (or a bit greater if needed for syncing
    // one item). Note that if you set the value too low and a mail message
    // (or any other object like calendar events, tasks and contacts) surpasses
    // it, it will still be synced but only this item will be.
    // Defaults to 0, which means no overwrite is performed.
    //
    // Say you have these five mails and you set the limit to 512KB:
    //  1.  250 KB
    //  2.  250 KB
    //  3.   25 KB
    //  4.  750 KB
    //  5.   10 KB
    // Sync iteration no. 1 will pick message 1, 2 and 3.
    // Sync iteration no. 2 will pick message 4.
    // Sync iteration no. 3 will pick message 5.
    SOGoMaximumSyncResponseSize = 2048;

    // The maximum amount of memory (in megabytes) that a child can use.
    // Reaching that value will force children processes to restart, in order
    // to preserve system memory.
    //
    // Error message when it reaches the value:
    // "terminating app, vMem size limit (xxx MB) has been reached (currently xxx MB)"
    //
    // Defaults to 384.
    //SxVMemLimit = 1024;

    // IMAP connection pool.
    // Your performance will slightly increase, as you won't open a new
    // connection for every access to your IMAP server.
    // But you will get a lot of simultaneous open connections to your IMAP
    // server, so make sure he can handle them.
    // For debugging it is reasonable to turn pooling off.
    //NGImap4DisableIMAP4Pooling = NO;

    SOGoProfileURL = "mysql://sogo:dCazOnN98kQm0Q4QupuRDBTRI1aHWf@127.0.0.1:3306/sogo/sogo_user_profile";
    OCSFolderInfoURL = "mysql://sogo:dCazOnN98kQm0Q4QupuRDBTRI1aHWf@127.0.0.1:3306/sogo/sogo_folder_info";
    OCSSessionsFolderURL = "mysql://sogo:dCazOnN98kQm0Q4QupuRDBTRI1aHWf@127.0.0.1:3306/sogo/sogo_sessions_folder";
    OCSEMailAlarmsFolderURL = "mysql://sogo:dCazOnN98kQm0Q4QupuRDBTRI1aHWf@127.0.0.1:3306/sogo/sogo_alarms_folder";

    // Default language in the web interface
    SOGoLanguage = English;

    // Specify which module to show after login: Calendar, Mail, Contacts.
    SOGoLoginModule = Mail;

    // Must login with full email address
    SOGoForceExternalLoginWithEmail = YES;

    // Allow user to change full name and email address.
    SOGoMailCustomFromEnabled = YES;

    // Enable email-based alarms on events and tasks.
    SOGoEnableEMailAlarms = YES;

    // IMAP server
    //SOGoIMAPServer = "imaps://127.0.0.1:143/?tls=YES";
    // Local connection is considered as secure by Dovecot.
    SOGoIMAPServer = "imap://127.0.0.1:143/";

    // Allow user to add other IMAP accounts that will be visible from the SOGo
    // Webmail interface.
    // Default is NO.
    //SOGoMailAuxiliaryUserAccountsEnabled = YES;

    // SMTP server
    SOGoSMTPServer = 127.0.0.1;
    SOGoMailingMechanism = smtp;
    //SOGoSMTPAuthenticationType = PLAIN;

    // Enable managesieve service
    //
    // WARNING: Sieve scripts generated by SOGo is not compatible with Roundcube
    //          webmail, don't use sieve service in both webmails, otherwise
    //          it will be messy.
    //
    //SOGoSieveServer = sieve://127.0.0.1:4190;
    //SOGoSieveScriptsEnabled = YES;
    //SOGoVacationEnabled = YES;
    //SOGoForwardEnabled = YES;
    SOGoSieveFolderEncoding = UTF-8;

    // Memcached
    SOGoMemcachedHost = 127.0.0.1;

    // Parameter used to set which usernames require administrative privileges
    // over all the users tables. For example, this could be used to post
    // events in the users calendar without requiring the user to configure
    // his/her ACLs. In this case you will need to specify those superuser's
    // usernames like this :
    // SOGoSuperUsernames = (<username1>[,<username2>, ...]);
    //SOGoSuperUsernames = ();

    SOGoTimeZone = "America/New_York";

    SOGoFirstDayOfWeek = 1;

    SOGoRefreshViewCheck = every_5_minutes;
    SOGoMailReplyPlacement = below;

    SOGoAppointmentSendEMailNotifications = YES;
    SOGoFoldersSendEMailNotifications = YES;
    SOGoACLsSendEMailNotifications = YES;

    // NOTE: PostgreSQL cannot update view in iRedMail
    SOGoPasswordChangeEnabled = YES;

    // Authentication using SQL
    /* SQL backend
    SOGoUserSources = (
        {
            type = sql;
            id = users;
            viewURL = "mysql://sogo:dCazOnN98kQm0Q4QupuRDBTRI1aHWf@127.0.0.1:3306/sogo/users";
            canAuthenticate = YES;

            // The algorithm used for password encryption when changing
            // passwords without Password Policies enabled.
            // Possible values are: plain, crypt, md5-crypt, ssha, ssha512.
            userPasswordAlgorithm = ssha;
            prependPasswordScheme = YES;

            // Use `vmail.mailbox` as per-domain address book.
            isAddressBook = YES;
            displayName = "Domain Address Book";
            SOGoEnableDomainBasedUID = YES;
            DomainFieldName = "domain";
        },

        //{
        //    displayName = "Global Address Book";
        //    type = sql;
        //    id = global_address_book;
        //    viewURL = "mysql://sogo:dCazOnN98kQm0Q4QupuRDBTRI1aHWf@127.0.0.1:3306/sogo/users";
        //    canAuthenticate = NO;
        //    isAddressBook = YES;
        //}
    );
    SQL backend */

    // Authentication using LDAP
   
     SOGoUserSources = (
        {
            type = ldap;
            hostname = "ad.rajbps.loca";
            baseDN = "dc=rajbps,dc=loca";
            //bindAsCurrentUser = YES;
            bindDN = "cn=vmail,cn=users,dc=rajbps,dc=loca";
            bindPassword = "password";
            filter = "objectClass=mailUser AND accountStatus=active AND enabledService=mail AND enabledService=sogo";
            scope = SUB;

            // The algorithm used for password encryption when changing
            // passwords without Password Policies enabled.
            // Possible values are: plain, crypt, md5-crypt, ssha, ssha512.
            userPasswordAlgorithm = ssha;

            IDFieldName = cn;
            bindFields = (sAMAccountName);
            CNFieldName = cn;
            // value of UID field must be unique on whole server.
            UIDFieldName = sAMAccountName;
            IMAPLoginFieldName = mail;
            SearchFieldNames = (cn, sn, displayName, telephoneNumber, mail, shadowAddress);
            canAuthenticate = YES;
            displayName = "Global Address Book";
            id = directory;
            isAddressBook = YES;
        }
    );
   
}

##########

When I try to log on the web interface I get the following :

Wrong username or password.

In the logs there is :

Oct 29 06:30:34 sogod [2627]: |SOGo| terminating app, vMem size limit (384 MB) has been reached (currently 385 MB)
Oct 29 06:30:34 sogod [2561]: <0x0x7f02b253d100[WOWatchDogChild]> child 2627 exited
Oct 29 06:30:34 sogod [2561]: <0x0x7f02b2562af0[WOWatchDog]> child spawned with pid 2797
Oct 29 06:30:34 sogod [2797]: <0x0x7f02b24670d0[WOHttpAdaptor]> notified the watchdog that we are ready
Oct 29 06:30:45 sogod [2797]: <0x0x7f02b22ea410[SOGoCache]> Cache cleanup interval set every 300.000000 seconds
Oct 29 06:30:45 sogod [2797]: <0x0x7f02b22ea410[SOGoCache]> Using host(s) '127.0.0.1' as server(s)
2016-10-29 06:30:45.621 sogod[2797:2797] ERROR(-[NGLdapSearchResultEnumerator nextObject]): does not support result references yet ..
Oct 29 06:30:45 sogod [2797]: SOGoRootPage Login from 'localhost' for user 'raj' might not have worked - password policy: 65535  grace: -1  expire: -1  bound: 0
Oct 29 06:30:45 sogod [2797]: localhost "POST /SOGo/connect HTTP/1.0" 403 34/60 0.076 - - 3M
Oct 29 06:30:45 sogod [2797]: |SOGo| terminating app, vMem size limit (384 MB) has been reached (currently 387 MB)
Oct 29 06:30:45 sogod [2561]: <0x0x7f02b253d100[WOWatchDogChild]> child 2797 exited
Oct 29 06:30:45 sogod [2561]: <0x0x7f02b2562af0[WOWatchDog]> child spawned with pid 2799
Oct 29 06:30:45 sogod [2799]: <0x0x7f02b249b400[WOHttpAdaptor]> notified the watchdog that we are ready
Oct 29 06:42:04 sogod [2799]: <0x0x7f02b22ec950[SOGoCache]> Cache cleanup interval set every 300.000000 seconds
Oct 29 06:42:04 sogod [2799]: <0x0x7f02b22ec950[SOGoCache]> Using host(s) '127.0.0.1' as server(s)
2016-10-29 06:42:04.210 sogod[2799:2799] ERROR(-[NGLdapSearchResultEnumerator nextObject]): does not support result references yet ..
Oct 29 06:42:04 sogod [2799]: SOGoRootPage Login from 'localhost' for user 'raj' might not have worked - password policy: 65535  grace: -1  expire: -1  bound: 0
Oct 29 06:42:04 sogod [2799]: localhost "POST /SOGo/connect HTTP/1.0" 403 34/60 0.078 - - 3M
Oct 29 06:42:04 sogod [2799]: |SOGo| terminating app, vMem size limit (384 MB) has been reached (currently 387 MB)
Oct 29 06:42:04 sogod [2561]: <0x0x7f02b253d100[WOWatchDogChild]> child 2799 exited
Oct 29 06:42:04 sogod [2561]: <0x0x7f02b2562af0[WOWatchDog]> child spawned with pid 2880
Oct 29 06:42:04 sogod [2880]: <0x0x7f02b244c0b0[WOHttpAdaptor]> notified the watchdog that we are ready

Unsure if its still trying to use local login :

Oct 29 06:42:04 sogod [2799]: SOGoRootPage Login from 'localhost' for user 'raj' might not have worked - password policy: 65535  grace: -1  expire: -1  bound: 0

Please advise.

Rajbps

Hiya,
Would you consider providing templates for the config files that needs to change please for a few cups of coffee

ok that allows me in which is very good but when I check the email add its user@127.0.0.1. If I try to log on as user@rajbps.co.uk then no joy :-(.
Just got you a cup of coffee for all the help and assistance.

Rajbps

Hiya,

Sorry but still lost. This is the first time I am trying to intergrade windows and linux together.  Could you assist. I am sure we should be close as its logging in now just not the right account bits

Rajbps