1 (edited by t10 2016-11-18 16:36:59)

Topic: iredmail with active directory- contacts not appear when composing

======== Required information ====
- iRedMail version (check /etc/iredmail-release): iRedMail-0.9.5-1
- Linux/BSD distribution name and version: Ubuntu 16.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====

Hi,
I'm trying to  integrate iredmail with active directory, but i have a problem with global LDAP contacts
the address book is normaly show, but  when i compose a new email and i try to find the address from contact (searchfield)
the message informing that the contact is found, but i not showing on contact list
as well as autocomplete does not work well.

Do i miss something in my configuration?
*image attached


#Logs

address book- work normaly & showing
-----------------------------------------------------------------------------------------

*** mail roundcube: <jnpavlql> [1] SELECT `vars`, `ip`, `changed`, now() AS ts FROM `session` WHERE `sess_id` = 'jnpavlql4dtg9m3ucsnbo4akb6';
*** mail roundcube: <jnpavlql> [2] SELECT * FROM `users` WHERE `user_id` = '1';
*** mail roundcube: <jnpavlql> C: Connect [ad1.oplosan.ao:389]
*** mail roundcube: <jnpavlql> S: OK
*** mail roundcube: <jnpavlql> C: Bind [dn: vmail@oplosan.ao]
*** mail roundcube: <jnpavlql> S: OK
*** mail roundcube: <jnpavlql> C: Search base dn: [CN=Users,DC=oplosan,DC=ao] scope [sub] with filter [(&(objectclass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))]
*** mail roundcube: <jnpavlql> Using function ldap_search on scope sub ($ns_function is ldap_search)
*** mail roundcube: <jnpavlql> C: (Without VLV) Setting a filter of (&(objectclass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
*** mail roundcube: <jnpavlql> Executing search with return attributes: array (#012  0 => 'cn',#012  1 => 'sn',#012  2 => 'givenname',#012  3 => 'title',#012  4 => 'mail',#012  5 => 'telephonenumber',#012  6 => 'mobile',#012  7 => 'facsimiletelephonenumber',#012  8 => 'street',#012  9 => 'postalcode',#012  10 => 'l',#012  11 => 'departmentnumber',#012  12 => 'description',#012  13 => 'jpegphoto',#012  14 => 'objectClass',#012  15 => 'cn',#012)
*** mail roundcube: <jnpavlql> S: 4 record(s) found
*** mail roundcube: <jnpavlql> C: Close

autocomplete/find from contact, account found but not showing
-----------------------------------------------------------------------------------------

***** mail roundcube: <jnpavlql> C: Search base dn: [CN=Users,DC=oplosan,DC=ao] scope [sub] with filter [(&(&(objectclass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(|(cn=*d*)(givenname=*d*)(sn=*d*)(mail=*d*)))]
***** mail roundcube: <jnpavlql> Using function ldap_search on scope sub ($ns_function is ldap_search)
***** mail roundcube: <jnpavlql> C: (Without VLV) Setting a filter of (&(&(objectclass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(|(cn=*d*)(givenname=*d*)(sn=*d*)(mail=*d*)))
***** mail roundcube: <jnpavlql> Executing search with return attributes: array (#012  0 => 'cn',#012  1 => 'sn',#012  2 => 'givenname',#012  3 => 'title',#012  4 => 'mail',#012  5 => 'telephonenumber',#012  6 => 'mobile',#012  7 => 'facsimiletelephonenumber',#012  8 => 'street',#012  9 => 'postalcode',#012  10 => 'l',#012  11 => 'departmentnumber',#012  12 => 'description',#012  13 => 'jpegphoto',#012  14 => 'objectClass',#012  15 => 'cn',#012)
***** mail roundcube: <jnpavlql> S: 3 record(s) found
***** mail roundcube: <jnpavlql> C: Close
***** mail roundcube: <jnpavlql> [1] SELECT `vars`, `ip`, `changed`, now() AS ts FROM `session` WHERE `sess_id` = 'jnpavlql4dtg9m3ucsnbo4akb6';
***** mail roundcube: <jnpavlql> [2] SELECT * FROM `users` WHERE `user_id` = '1';
***** mail roundcube: <jnpavlql> [3] SELECT * FROM `contacts` AS c WHERE c.`del` <> 1 AND c.`user_id` = '1' AND ((((`name` LIKE '%p%') OR (`firstname` LIKE '%p%') OR (`surname` LIKE '%p%') OR (`email` LIKE '%p%'))) AND `email` <> '') ORDER BY CONCAT(c.`surname`, c.`firstname`, c.`name`, c.`email`) ASC LIMIT 15;
***** mail roundcube: <jnpavlql> [4] SELECT * FROM `contactgroups` WHERE `del` <> 1 AND `user_id` = '1' AND `name` LIKE '%p%' ORDER BY `name`;
***** mail roundcube: <jnpavlql> C: Connect [ad1.oplosan.ao:389]
***** mail roundcube: <jnpavlql> S: OK
***** mail roundcube: <jnpavlql> C: Bind [dn: vmail@oplosan.ao]
***** mail roundcube: <jnpavlql> S: OK
***** mail roundcube: <jnpavlql> C: Search base dn: [CN=Users,DC=oplosan,DC=ao] scope [sub] with filter [(&(&(objectclass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(|(cn=*p*)(givenname=*p*)(sn=*p*)(mail=*p*)))]
***** mail roundcube: <jnpavlql> Using function ldap_search on scope sub ($ns_function is ldap_search)
***** mail roundcube: <jnpavlql> C: (Without VLV) Setting a filter of (&(&(objectclass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(|(cn=*p*)(givenname=*p*)(sn=*p*)(mail=*p*)))
***** mail roundcube: <jnpavlql> Executing search with return attributes: array (#012  0 => 'cn',#012  1 => 'sn',#012  2 => 'givenname',#012  3 => 'title',#012  4 => 'mail',#012  5 => 'telephonenumber',#012  6 => 'mobile',#012  7 => 'facsimiletelephonenumber',#012  8 => 'street',#012  9 => 'postalcode',#012  10 => 'l',#012  11 => 'departmentnumber',#012  12 => 'description',#012  13 => 'jpegphoto',#012  14 => 'objectClass',#012  15 => 'cn',#012)
***** mail roundcube: <jnpavlql> S: 1 record(s) found
***** mail roundcube: <jnpavlql> C: Search base dn: [CN=Users,DC=oplosan,DC=ao] scope [] with filter [(&(=*p*))]
***** mail roundcube: <jnpavlql> Using function ldap_list on scope  ($ns_function is ldap_read)
***** mail roundcube: <jnpavlql> C: (Without VLV) Setting a filter of (&(=*p*))
***** mail roundcube: <jnpavlql> Executing search with return attributes: array (#012  0 => 'dn',#012  1 => 'objectClass',#012  2 => NULL,#012  3 => 'mail',#012)
***** mail roundcube: <jnpavlql> PHP Error: LDAP: ldap_list failed for dn=CN=Users,DC=oplosan,DC=ao. Bad search filter (POST /mail/?_task=mail&_action=autocomplete)
***** mail roundcube: <jnpavlql> C: Close


The following is what I do :

sudo postconf -e virtual_alias_maps=''
sudo postconf -e sender_bcc_maps=''
sudo postconf -e recipient_bcc_maps=''
sudo postconf -e relay_domains=''
sudo postconf -e relay_recipient_maps=''
sudo postconf -e sender_dependent_relayhost_maps=''

sudo postconf -e smtpd_sasl_local_domain='oplosan.ao'
sudo postconf -e virtual_mailbox_domains='oplosan.ao'


sudo postconf -e transport_maps='hash:/etc/postfix/transport'
sudo postconf -e smtpd_sender_login_maps='proxy:ldap:/etc/postfix/ad_sender_login_maps.cf'
sudo postconf -e virtual_mailbox_maps='proxy:ldap:/etc/postfix/ad_virtual_mailbox_maps.cf'
sudo postconf -e virtual_alias_maps='proxy:ldap:/etc/postfix/ad_virtual_group_maps.cf'

Below is my configuration:

#/etc/postfix/ad_sender_login_maps.cf
-------------------------------------
server_host     = ad1.oplosan.ao
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = vmail@oplosan.ao
bind_pw         = mypassword
search_base     = CN=Users,DC=oplosan,DC=ao
scope           = sub
query_filter    = (&(userPrincipalName=%s)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
result_attribute= userPrincipalName
debuglevel      = 0

#/etc/postfix/ad_virtual_mailbox_maps.cf
-------------------------------------
server_host     = ad1.oplosan.ao
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = vmail@oplosan.ao
bind_pw         = mypassword
search_base     = CN=Users,DC=oplosan,DC=ao
scope           = sub
query_filter    = (&(objectclass=person)(userPrincipalName=%s))
result_attribute= userPrincipalName
result_format   = %d/%u/Maildir/
debuglevel      = 0

#/etc/postfix/ad_virtual_group_maps.cf
-------------------------------------
server_host     = ad1.oplosan.ao
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = vmail@oplosan.ao
bind_pw         = mypassword
search_base     = CN=Groups,DC=oplosan,DC=ao
scope           = sub
query_filter    = (&(objectClass=group)(mail=%s))
special_result_attribute = member
leaf_result_attribute = mail
result_attribute= userPrincipalName
debuglevel      = 0

#/etc/dovecot/dovecot-ldap.conf
-------------------------------------
hosts           = ad1.oplosan.ao:389
ldap_version    = 3
auth_bind       = yes
dn              = vmail@oplosan.ao
dnpass          = mypassword
base            = cn=users,dc=oplosan,dc=ao
scope           = subtree
deref           = never
user_filter     = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_filter     = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs      = userPassword=password
default_pass_scheme = CRYPT
user_attrs      = =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir/

#/opt/www/roundcubemail-1.2.0/config/config.inc.php
-------------------------------------

..........

#
# Global LDAP Address Book with AD.
#
$config['ldap_public']["global_ldap_abook"] = array(
    'name'              => 'Global LDAP Address Book',
    'hosts'             => array('ad1.oplosan.ao'),
    'port'              => 389,
    'use_tls'           => false,
    'ldap_version'      => '3',
    'network_timeout'   => 10,
    'user_specific'     => true,


    'base_dn'       => "CN=Users,DC=oplosan,DC=ao", // <- Set base dn in AD
    'bind_dn'       => "vmail@oplosan.ao",             // <- bind dn
    'bind_pass'     => "mypassword", // <- bind password

    'writable'      => false,               // <- Do not allow mail user write data back to AD.

    'search_fields' => array('mail', 'cn', 'sAMAccountName', 'displayname', 'sn', 'givenName'),

    // mapping of contact fields to directory attributes
    'fieldmap' => array(
        'name'        => 'cn',
        'surname'     => 'sn',
        'firstname'   => 'givenName',
        'title'       => 'title',
        'email'       => 'mail:*',
        'phone:work'  => 'telephoneNumber',
        'phone:mobile' => 'mobile',
        'phone:workfax' => 'facsimileTelephoneNumber',
        'street'      => 'street',
        'zipcode'     => 'postalCode',
        'locality'    => 'l',
        'department'  => 'departmentNumber',
        'notes'       => 'description',
        'photo'       => 'jpegPhoto',
    ),
    'sort'          => 'cn',
    'scope'         => 'sub',
    'filter'        => "(&(objectclass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))",
    'fuzzy_search'  => true,
    'vlv'           => false,
    'sizelimit'     => '0',
    'timelimit'     => '0',
    'referrals'     => false,
);
$config['autocomplete_addressbooks'] = array('sql', 'global_ldap_abook');
#Capture logs
$config['log_session'] = true;
$config['sql_debug'] = true;
$config['ldap_debug'] = true;

Post's attachments

rc1-address-book-view.JPG 57.17 kb, file has never been downloaded. 

rc2-find-autocomplete-contacts.JPG 104.82 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: iredmail with active directory- contacts not appear when composing

I'm also using AD and the autocomplete option is working perfectly for me with almost that exact configuration. The only difference is that I'm not using as a base_dn => CN=Users,DC=oplosan,DC=ao, I'm only using DC=my domain,DC=com. And looking at your log file it clearly says:

PHP Error: LDAP: ldap_list failed for dn=CN=Users,DC=oplosan,DC=ao. Bad search filter (POST /mail/?_task=mail&_action=autocomplete)

Maybe you should check that parameter.

Regards

3

Re: iredmail with active directory- contacts not appear when composing

t10 wrote:

***** mail roundcube: <jnpavlql> PHP Error: LDAP: ldap_list failed for dn=CN=Users,DC=oplosan,DC=ao. Bad search filter (POST /mail/?_task=mail&_action=autocomplete)

As @Tony-admincujae mentioned, this is the problem. it means the "filter" you used in LDAP address book is (syntax) wrong. As a testing, try to use the simplest filter like below:

    'filter'        => "(objectclass=person)",

Also, you should set 'user_specific' to false.