1

Topic: Random vmail password, can't use address book

Hello,

Just installed iRedMail with ldap support - excellent stuff!

But now I want to use Outlook/Thunderbird to access address book . The problem is, that vmail ldap user password is not the same as vmailadmin (read documentation, it says that the vmail pass is automatically generated). If I change the password for vmail in the ldap manually, what things in the iRedMail system will break ? Is there any other bind user I can use for connecting the address book to ldap ?

Thanks

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Random vmail password, can't use address book

Please read this: http://code.google.com/p/iredmail/wiki/User_Guide
Mail user can use their own bind dn and password, don't use cn=vmail/vmailadmin.

PS: there are more improvements for ldap solution in iRedMail-0.5.0-rc2, maybe you'd like to  give it a try. smile

3

Re: Random vmail password, can't use address book

Hi There,

Thanks for your prompt reply - we've already tried this with Thunderbird (using the mail user's own username/password/dn to bind) , but I don't think the user has read rights to the directory. Although the users are authenticated (I think), nothing appears in the addressbook list for them. Here is what we are using:


This works:

Hostname:  intra.abc-ltd.co.uk
ou=Users,domainName=intra.abc-ltd.co.uk,o=domains,dc=intra,dc=abc,dc=co.uk
Port Number: 636
Bind DN: cn=Manager,dc=intra,dc=abc-ltd,dc=co.uk
Secure = yes



This does not work:

Hostname:  intra.abc-ltd.co.uk
ou=Users,domainName=intra.abc-ltd.co.uk,o=domains,dc=intra,dc=abc,dc=co.uk
Port Number: 636
Bind DN: mail=user.name@intra.abc-ltd.co.uk,ou=Users,domainName=intra.abc-ltd.co.uk,o=domains,dc=intra,dc=abc-ltd,dc=co.uk
Secure = yes


Is this a problem of regular users not having rights to read other users details/DN entries (slapd.conf) ?

We didn't install RC2 since it was suggested on your site to not use it in production system. Is it safe to use? We have already installed stable version along with some customisations (mainly around send/receive restrictions to convert the mail server into an intranet only server with rights to send/receive mail from company domain only) - how troublesome/easy would it be to upgrade to RC2 (and beyond) ?

Thanks

4

Re: Random vmail password, can't use address book

This does not work:
Hostname:  intra.abc-ltd.co.uk
ou=Users,domainName=intra.abc-ltd.co.uk,o=domains,dc=intra,dc=abc,dc=co.uk
Port Number: 636
Bind DN: mail=user.name@intra.abc-ltd.co.uk,ou=Users,domainName=intra.abc-ltd.co.uk,o=domains,dc=intra,dc=abc-ltd,dc=co.uk
Secure = yes

Is this a problem of regular users not having rights to read other users details/DN entries (slapd.conf) ?

It *should* work as expect. You can see the ACL settings in slapd.conf.

Please try to debug openldap (increase loglevel to 256), find out what happened.

5

Re: Random vmail password, can't use address book

HI - just tried this with both user.name and Manager - debug results are below - can't see any failures for user.name authentication:

Jul  7 01:31:29 intra slapd[4093]: slapd starting
Jul  7 01:32:07 intra slapd[4093]: conn=0 fd=14 ACCEPT from IP=119.xxx.83.156:50542 (IP=0.0.0.0:636)
Jul  7 01:32:08 intra slapd[4093]: conn=0 fd=14 TLS established tls_ssf=256 ssf=256
Jul  7 01:32:08 intra slapd[4093]: conn=0 op=0 BIND dn="mail=user.name@intra.abc-ltd.co.uk,ou=Users,domainName=intra.abc-ltd.co.uk,o=domains,dc=intra,dc=abc-ltd,dc=co.uk" method=128
Jul  7 01:32:08 intra slapd[4093]: conn=0 op=0 BIND dn="mail=user.name@intra.abc-ltd.co.uk,ou=Users,domainName=intra.abc-ltd.co.uk,o=domains,dc=intra,dc=abc-ltd,dc=co.uk" mech=SIMPLE ssf=0
Jul  7 01:32:08 intra slapd[4093]: conn=0 op=0 RESULT tag=97 err=0 text=
Jul  7 01:32:08 intra slapd[4093]: conn=0 op=1 SRCH base="ou=Users,domainName=intra.abc-ltd.co.uk,o=domains,dc=intra,dc=abc-ltd,dc=co.uk" scope=2 deref=0 filter="(&(&(objectClass=mailUser)(accountStatus=active))(|(mail=*zia*)(cn=*zia*)(givenName=*zia*)(sn=*zia*)))"
Jul  7 01:32:08 intra slapd[4093]: conn=0 op=1 SRCH attr=cn commonname o company title modifytimestamp mozillaCustom4 custom4 mozillaHomeUrl homeurl mozillaCustom2 custom2 mozillaHomeCountryName ou department departmentnumber orgunit mobile cellphone carphone mozillaHomeState mozillaCustom1 custom1 mozillaNickname xmozillanickname mozillaWorkUrl workurl fax facsimiletelephonenumber st region telephoneNumber mozillaHomeStreet mozillaSecondEmail xmozillasecondemail nsAIMid nscpaimscreenname street streetaddress postOfficeBox l locality homePhone description notes givenName mozillaHomePostalCode mozillaHomeLocalityName mozillaCustom3 custom3 mozillaWorkStreet2 mozillaUseHtmlMail xmozillausehtmlmail mozillaHomeStreet2 postalCode zip c countryname pager pagerphone mail sn surname birthyear
Jul  7 01:32:08 intra slapd[4093]: conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jul  7 01:33:51 intra slapd[4093]: conn=0 op=2 UNBIND
Jul  7 01:33:51 intra slapd[4093]: conn=0 fd=14 closed
Jul  7 01:34:29 intra slapd[4093]: conn=1 fd=14 ACCEPT from IP=119.xxx.83.156:50543 (IP=0.0.0.0:636)
Jul  7 01:34:29 intra slapd[4093]: conn=1 fd=14 TLS established tls_ssf=256 ssf=256
Jul  7 01:34:29 intra slapd[4093]: conn=1 op=0 BIND dn="cn=Manager,dc=intra,dc=abc-ltd,dc=co.uk" method=128
Jul  7 01:34:29 intra slapd[4093]: conn=1 op=0 BIND dn="cn=Manager,dc=intra,dc=abc-ltd,dc=co.uk" mech=SIMPLE ssf=0
Jul  7 01:34:29 intra slapd[4093]: conn=1 op=0 RESULT tag=97 err=0 text=
Jul  7 01:34:30 intra slapd[4093]: conn=1 op=1 SRCH base="ou=Users,domainName=intra.abc-ltd.co.uk,o=domains,dc=intra,dc=abc-ltd,dc=co.uk" scope=2 deref=0 filter="(&(&(objectClass=mailUser)(accountStatus=active))(|(mail=*zia*)(cn=*zia*)(givenName=*zia*)(sn=*zia*)))"
Jul  7 01:34:30 intra slapd[4093]: conn=1 op=1 SRCH attr=cn commonname o company title modifytimestamp mozillaCustom4 custom4 mozillaHomeUrl homeurl mozillaCustom2 custom2 mozillaHomeCountryName ou department departmentnumber orgunit mobile cellphone carphone mozillaHomeState mozillaCustom1 custom1 mozillaNickname xmozillanickname mozillaWorkUrl workurl fax facsimiletelephonenumber st region telephoneNumber mozillaHomeStreet mozillaSecondEmail xmozillasecondemail nsAIMid nscpaimscreenname street streetaddress postOfficeBox l locality homePhone description notes givenName mozillaHomePostalCode mozillaHomeLocalityName mozillaCustom3 custom3 mozillaWorkStreet2 mozillaUseHtmlMail xmozillausehtmlmail mozillaHomeStreet2 postalCode zip c countryname pager pagerphone mail sn surname birthyear
Jul  7 01:34:30 intra slapd[4093]: conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul  7 01:35:46 intra slapd[4093]: conn=1 op=2 UNBIND
Jul  7 01:35:46 intra slapd[4093]: conn=1 fd=14 closed


Any thoughts ?

6

Re: Random vmail password, can't use address book

Jul  7 01:32:08 intra slapd[4093]: conn=0 op=0 BIND dn="mail=user.name@intra.abc-ltd.co.uk,ou=Users,domainName=intra.abc-ltd.co.uk,o=domains,dc=intra,dc=abc-ltd,dc=co.uk" mech=SIMPLE ssf=0
Jul  7 01:32:08 intra slapd[4093]: conn=0 op=0 RESULT tag=97 err=0 text=
Jul  7 01:32:08 intra slapd[4093]: conn=0 op=1 SRCH base="ou=Users,domainName=intra.abc-ltd.co.uk,o=domains,dc=intra,dc=abc-ltd,dc=co.uk" scope=2 deref=0 filter="(&(&(objectClass=mailUser)(accountStatus=active))(|(mail=*zia*)(cn=*zia*)(givenName=*zia*)(sn=*zia*)))"
Jul  7 01:32:08 intra slapd[4093]: conn=0 op=1 SRCH attr=cn commonname o company title modifytimestamp mozillaCustom4 custom4 mozillaHomeUrl homeurl mozillaCustom2 custom2 mozillaHomeCountryName ou department departmentnumber orgunit mobile cellphone carphone mozillaHomeState mozillaCustom1 custom1 mozillaNickname xmozillanickname mozillaWorkUrl workurl fax facsimiletelephonenumber st region telephoneNumber mozillaHomeStreet mozillaSecondEmail xmozillasecondemail nsAIMid nscpaimscreenname street streetaddress postOfficeBox l locality homePhone description notes givenName mozillaHomePostalCode mozillaHomeLocalityName mozillaCustom3 custom3 mozillaWorkStreet2 mozillaUseHtmlMail xmozillausehtmlmail mozillaHomeStreet2 postalCode zip c countryname pager pagerphone mail sn surname birthyear
Jul  7 01:32:08 intra slapd[4093]: conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=

Same filter with binding as cn=Manager, but not result returned (nentries=0).

Could you please paste your ACL settings (lines starting with 'access to xxx') in slapd.conf?

7

Re: Random vmail password, can't use address book

Here you go:

#
# Access Control List. Used for LDAP bind.
#
# NOTE: Every domain have a administrator. e.g.
#   Domain Name: 'intra.abc-ltd.co.uk'
#   Admin Name: mail=postmaster@intra.abc-ltd.co.uk, domainName=intra.abc-ltd.co.uk, o=domains,dc=intra,dc=abc-ltd,dc=co.uk
#

#
# Set permission for LDAP attrs.
#
access to attrs="userPassword,mailForwardingAddress"
    by anonymous    auth
    by self         write
    by dn.exact="cn=vmail,dc=intra,dc=abc-ltd,dc=co.uk"   read
    by dn.exact="cn=vmailadmin,dc=intra,dc=abc-ltd,dc=co.uk"  write
    by dn.regex="mail=postmaster@([^,]+),domainName=$1,o=domains,dc=intra,dc=abc-ltd,dc=co.uk"   write
    by users        none

access to attrs="cn,sn,telephoneNumber"
    by anonymous    auth
    by self         write
    by dn.exact="cn=vmail,dc=intra,dc=abc-ltd,dc=co.uk"   read
    by dn.exact="cn=vmailadmin,dc=intra,dc=abc-ltd,dc=co.uk"  write
    by dn.regex="mail=postmaster@([^,]+),domainName=$1,o=domains,dc=intra,dc=abc-ltd,dc=co.uk"   write
    by users        read

# Domain attrs.
access to attrs="objectclass,domainName,mtaTransport,domainStatus,enabledService,domainSenderBccAddress,domainRecipientBccAddress"
    by anonymous    auth
    by self         read
    by dn.exact="cn=vmail,dc=intra,dc=abc-ltd,dc=co.uk"   read
    by dn.exact="cn=vmailadmin,dc=intra,dc=abc-ltd,dc=co.uk"  write
    by dn.regex="mail=postmaster@([^,]+),domainName=$1,o=domains,dc=intra,dc=abc-ltd,dc=co.uk"    write
    by users        read

# User attrs.
access to attrs="mail,accountStatus,userSenderBccAddress,userRecipientBccAddress,mailForwardingAddress,mailQuota,homeDirectory,mailMessageStore"
    by anonymous    auth
    by self         read
    by dn.exact="cn=vmail,dc=intra,dc=abc-ltd,dc=co.uk"   read
    by dn.exact="cn=vmailadmin,dc=intra,dc=abc-ltd,dc=co.uk"  write
    by dn.regex="mail=postmaster@([^,]+),domainName=$1,o=domains,dc=intra,dc=abc-ltd,dc=co.uk"    write
    by users        read

#
# Set ACL for vmail/vmailadmin.
#
access to dn="cn=vmail,dc=intra,dc=abc-ltd,dc=co.uk"
    by anonymous                    auth
    by self                         write
    by dn.exact="cn=vmailadmin,dc=intra,dc=abc-ltd,dc=co.uk"  write
    by users                        none
access to dn="cn=vmailadmin,dc=intra,dc=abc-ltd,dc=co.uk"
    by anonymous                    auth
    by self                         write
    by users                        none

#
# Allow users to access their own domain subtree.
#
access to dn.regex="domainName=([^,]+),o=domains,dc=intra,dc=abc-ltd,dc=co.uk$"
    by anonymous                    auth
    by self                         write
    by dn.exact="cn=vmail,dc=intra,dc=abc-ltd,dc=co.uk"   read
    by dn.exact="cn=vmailadmin,dc=intra,dc=abc-ltd,dc=co.uk"  write
    by dn.regex="mail=postmaster@$1,domainName=$1,o=domains,dc=intra,dc=abc-ltd,dc=co.uk$" write
    by dn.regex="mail=[^,]+,domainName=$1,o=domains,dc=intra,dc=abc-ltd,dc=co.uk$" read
    by users                        none
#
# Enable vmail/vmailadmin.
#
access to dn.subtree="o=domains,dc=intra,dc=abc-ltd,dc=co.uk"
    by anonymous                    auth
    by self                         write
    by dn.exact="cn=vmail,dc=intra,dc=abc-ltd,dc=co.uk"   read
    by dn.exact="cn=vmailadmin,dc=intra,dc=abc-ltd,dc=co.uk"  write
    by dn.regex="mail=[^,]+,domainName=$1,o=domains,dc=intra,dc=abc-ltd,dc=co.uk$" read
    by users                        read

#
# Set permission for "cn=*,dc=intra,dc=abc-ltd,dc=co.uk".
#
access to dn.regex="cn=[^,]+,dc=intra,dc=abc-ltd,dc=co.uk"
    by anonymous                    auth
    by self                         write
    by users                        none
#
# Set default permission.
#
access to *
    by anonymous                    auth
    by self                         write
    by users                        read

8

Re: Random vmail password, can't use address book

Hi, neo_x.

I tested the settings again, it works for me here. and your ACL is correct.

After you set parameters, you can try to compose a new mail, and make the address book showed in left sidebar of composing window, choose the ldap address book you set before and search a user, it will show you the results.

9

Re: Random vmail password, can't use address book

Hi,

I am using the Tools -> AddressBook   option to create and search through the address book. Nothing is changed except the Manager CN. No results are returned as you can see in the ldap logs. There might be some misconfiguration elsewhere. Is there any other way we can troubleshoot this? What about creating a user in ldap (slapd.conf) just for accessing the addressbook just like vmail ?

Thanks

10

Re: Random vmail password, can't use address book

Save your ldap address book settings after config. And then search users, it will ask you typing the password of bind dn.

If it doesn't asking, there should be sth errer in your settings.

Again: same settings works for me here.

11

Re: Random vmail password, can't use address book

I have try the ldap address book in thunderbird and outlook 2007. no problem.

I found the outlook 2007 not support filter.