1 (edited by louis 2011-03-17 15:26:25)

Topic: issues with integration MS AD

I am testing integration AD with iRedmail. Following the doc , I finished all the settings . Here I present some issues about the doc
1) In the section of "Enable LDAP query with AD in Postfix", there is no "ldap:" in the red line,  is it a mistake?

# Used to query mail users.
virtual_mailbox_maps = ldap:/etc/postfix/ad_virtual_mailbox_maps.cf

# Used to query mail lists/groups.
virtual_alias_maps = ldap:/etc/postfix/ad_virtual_group_maps.cf

# Used to verify sender.
smtpd_sender_login_maps = /etc/postfix/ad_sender_login_maps.cf


2) In the section of "Verify LDAP query with AD in Dovecot",  I tried with failed result.But when I restart dovecot, then tried OK.

Terminal: 
# telnet localhost 143                         # <- Type this
* OK [...] Dovecot ready.

. login user@example.com password_of_user        # <- Type this
. OK [...] Logged in
                                        # <- Quit telnet with "Ctrl+]", then type 'quit'

3) When finishing all the tasks, I found errer in the maillog, which cause the mail could not be sent out. Detailed info can be seen in the attachement.

Mar 17 15:08:22 iredmail postfix/master[3883]: warning: /usr/libexec/postfix/cleanup: bad command startup -- throttling
Mar 17 15:09:22 iredmail postfix/cleanup[3990]: fatal: open dictionary: expecting "type:name" form instead of "#AAdded"
Mar 17 15:09:23 iredmail postfix/master[3883]: warning: process /usr/libexec/postfix/cleanup pid 3990 exit status 1

Can anyone help? Thanks.

Post's attachments

main.cf 31.19 kb, 1 downloads since 2011-03-17 

You don't have the permssions to download the attachments of this post.

2

Re: issues with integration MS AD

Hi, louis.

Thanks very much for your feedback. smile

louis wrote:

1) In the section of "Enable LDAP query with AD in Postfix", there is no "ldap:" in the red line,  is it a mistake?

smtpd_sender_login_maps = /etc/postfix/ad_sender_login_maps.cf

This file is mentioned in the wiki tutorial.

louis wrote:

2) In the section of "Verify LDAP query with AD in Dovecot",  I tried with failed result.But when I restart dovecot, then tried OK.

You're right. I forgot to mention users to restart dovecot before testing.
Fixed.

louis wrote:

3) When finishing all the tasks, I found errer in the maillog,

Mar 17 15:09:22 iredmail postfix/cleanup[3990]: fatal: open dictionary: expecting "type:name" form instead of "#AAdded"

Don't use in-line comment. smile

You have some lines like below:

xxx = ldap:/etc/xxx          # AAdded by Ltp

Removing '# AAdded by Ltp' and restarting postfix should fix it.

3

Re: issues with integration MS AD

Great. Thanks very much for your help.
There are problems here. All seems OK,but when sending mail, it doesn't work. Info in the mail log:

Mar 18 09:48:13 iredmail postfix/master[8349]: warning: process /usr/libexec/postfix/smtpd pid 8409 exit status 1
Mar 18 09:48:13 iredmail postfix/master[8349]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
Mar 18 09:49:13 iredmail postfix/smtpd[8413]: fatal: open dictionary: expecting "type:name" form instead of "/etc/postfix/ad_sender_login_maps.cf"

I don't know what to do next.

The next problem is whether the iredadmin(ldapadmin) module lose its function when integrated with AD?

Post's attachments

main.cf 31.29 kb, 1 downloads since 2011-03-17 

You don't have the permssions to download the attachments of this post.

4

Re: issues with integration MS AD

louis wrote:

Mar 18 09:49:13 iredmail postfix/smtpd[8413]: fatal: open dictionary: expecting "type:name" form instead of "/etc/postfix/ad_sender_login_maps.cf"

It's clear. I found this line in your main.cf:

smtpd_sender_login_maps = /etc/postfix/ad_sender_login_maps.cf   

It should be:

smtpd_sender_login_maps = proxy:ldap:/etc/postfix/ad_sender_login_maps.cf

It's my mistake in wiki tutorial, sorry. Fixed moment ago.

Also, please change all "ldap:" to "proxy:ldap:" for better performance. Fixed in wiki too.

Thanks for your feedback. smile

5

Re: issues with integration MS AD

louis wrote:

The next problem is whether the iredadmin(ldapadmin) module lose its function when integrated with AD?

You have to manage mail accounts with Microsoft Active Directory itself, iRedAdmin doesn't work with AD.

6

Re: issues with integration MS AD

Still wrong with sending mail.

Mar 18 11:00:27 iredmail postfix/smtpd[8875]: connect from localhost.localdomain[127.0.0.1]
Mar 18 11:00:27 iredmail postfix/smtpd[8875]: warning: dict_ldap_connect: Unable to bind to server ldap://h3cmt.com:389 as cn=vmail,cn=users,dc=h3cmt,dc=com: -1 (Can't contact LDAP server)
Mar 18 11:00:27 iredmail postfix/smtpd[8875]: NOQUEUE: reject: RCPT from localhost.localdomain[127.0.0.1]: 451 4.3.0 <liutaiping@h3cmt.com>: Temporary lookup failure; from=<liutaiping@h3cmt.com> to=<vmail@h3cmt.com> proto=ESMTP helo=<10.165.3.64>
Mar 18 11:00:27 iredmail roundcube: Invalid response code received from server (451):
Mar 18 11:00:27 iredmail roundcube: [18-Mar-2011 11:00:27 +0800]: SMTP Error: SMTP error: Failed to add recipient 'vmail@h3cmt.com' in /var/www/roundcubemail-0.3.1/program/steps/mail/func.inc on line 1365 (POST /mail/?_task=mail&_action=send)
Mar 18 11:00:27 iredmail postfix/cleanup[8878]: 5F29660803: message-id=<20110318030027.5F29660803@iredmail.h3cmt.com>
Mar 18 11:00:27 iredmail postfix/smtpd[8875]: disconnect from localhost.localdomain[127.0.0.1]

The log says "Unable to bind to ldap server",but I am sure that the bindDN and password are right.

#ldapsearch -x -h h3cmt.com -D 'cn=vmail,cn=users,dc=h3cmt,dc=com' -W  -b 'cn=users,dc=h3cmt,dc=com'

# Vmail, Users, H3CMT.COM
dn: CN=Vmail,CN=Users,DC=H3CMT,DC=COM
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Vmail
sn: Vmail
distinguishedName: CN=Vmail,CN=Users,DC=H3CMT,DC=COM
instanceType: 4
whenCreated: 20110307024252.0Z
whenChanged: 20110307054939.0Z
displayName: Vmail
uSNCreated: 13860
memberOf: CN=it-so,CN=Users,DC=H3CMT,DC=COM
uSNChanged: 13871
name: Vmail
objectGUID:: MxM5TIAl7ESZznzG9ezlXg==
userAccountControl: 66048
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 129447375222784066
lastLogoff: 0
lastLogon: 129447375297782834
pwdLastSet: 129439393731269437
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAoPuxoF5G3Ke8yVp3VAQAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: vmail
sAMAccountType: 805306368
userPrincipalName: vmail@H3CMT.COM
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=H3CMT,DC=COM
mail: vmail@h3cmt.com

7

Re: issues with integration MS AD

It says:

Mar 18 11:00:27 iredmail postfix/smtpd[8875]: warning: dict_ldap_connect: Unable to bind to server ldap://h3cmt.com:389 as cn=vmail,cn=users,dc=h3cmt,dc=com: -1 (Can't contact LDAP server)

Can you reach ldap server "h3cmt.com" with port 389 on this server? Any firewall rules on AD server?
Also, you can try to use IP address instead of hostname "h3cmt.com", it's faster than hostname because it doesn't need DNS lookup.

8

Re: issues with integration MS AD

Maybe the DNS is the same as the local domain which cause the smtpd error. I change hostname to IP, it's OK to send mail.
Another issue is about the "Verify mail list/group" . What does "list"  mean? A domain group ?

# postmap -q list@example.com ldap:/etc/postfix/ad_virtual_group_maps.cf
member01@example.com
member02@example.com

I created a group named testgroup which has two members, but when I run
postmap -q testgroup@h3cmt.com ldap:/etc/postfix/ad_virtual_group_maps.cf , there is no output. If I add an attribute to testgroup (mail=testgroup@h3cmt.com),  re-running the command will display duplicated results.

# postmap -q testgroup@h3cmt.com ldap:/etc/postfix/ad_virtual_group_maps.cf
www@H3CMT.COM,www@h3cmt.com,vmail@H3CMT.COM,vmail@h3cmt.com

9

Re: issues with integration MS AD

louis wrote:

Another issue is about the "Verify mail list/group" . What does "list"  mean? A domain group ?

Yes, it's a group.

I expanded in wiki page moment ago:

* Verify mail list/group. Steps:
    * Create a group in AD, e.g. testgroup@example.com.
    * Assign at least one member to this group.
    * Execute below command on iRedMail server to verify it can get members.
louis wrote:

I created a group named testgroup which has two members, but when I run
postmap -q testgroup@h3cmt.com ldap:/etc/postfix/ad_virtual_group_maps.cf , there is no output. If I add an attribute to testgroup (mail=testgroup@h3cmt.com),  re-running the command will display duplicated results.

I didn't have this issue before, it's strange.

You can set "debuglevel      = 1" in /etc/postfix/ad_virtual_group_maps.cf, then re-run postmap to check more detail log. If you're not familiar with ldap, paste here so that others can help you. NOTE: remove/replace sensitive information before posting.

10

Re: issues with integration MS AD

I set the "debuglevel =1" , the detailed log is as follows. Pls help to analyze why the output has duplicate records.

# postmap -q testgroup@h3cmt.com ldap:/etc/postfix/ad_virtual_group_maps.cf 
postmap: dict_ldap_debug: ldap_create
postmap: dict_ldap_debug: ldap_url_parse_ext(ldap://10.63.16.115:389)
postmap: dict_ldap_debug: ldap_sasl_bind
postmap: dict_ldap_debug: ldap_send_initial_request
postmap: dict_ldap_debug: ldap_new_connection 1 1 0
postmap: dict_ldap_debug: ldap_int_open_connection
postmap: dict_ldap_debug: ldap_connect_to_host: TCP 10.63.16.115:389
postmap: dict_ldap_debug: ldap_new_socket: 4
postmap: dict_ldap_debug: ldap_prepare_socket: 4
postmap: dict_ldap_debug: ldap_connect_to_host: Trying 10.63.16.115:389
postmap: dict_ldap_debug: ldap_connect_timeout: fd: 4 tm: 10 async: 0
postmap: dict_ldap_debug: ldap_ndelay_on: 4
postmap: dict_ldap_debug: ldap_is_sock_ready: 4
postmap: dict_ldap_debug: ldap_ndelay_off: 4
postmap: dict_ldap_debug: ldap_open_defconn: successful
postmap: dict_ldap_debug: ldap_send_server_request
postmap: dict_ldap_debug: ber_scanf fmt ({it) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({i) ber:
postmap: dict_ldap_debug: ber_flush: 55 bytes to sd 4
postmap: dict_ldap_debug: ldap_result ld 0x89443a0 msgid 1
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x89443a0 msgid 1 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x89443a0 NULL
postmap: dict_ldap_debug: wait4msg ld 0x89443a0 msgid 1 (timeout 10000000 usec)
postmap: dict_ldap_debug: wait4msg continue ld 0x89443a0 msgid 1 all 1
** ld 0x89443a0 Connections:
* host: 10.63.16.115  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Mon Mar 21 10:29:21 2011

** ld 0x89443a0 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x89443a0 Response Queue:
   Empty
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x89443a0 msgid 1 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x89443a0 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0x89443a0 msgid 1 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ber_get_next: tag 0x30 len 16 contents:
postmap: dict_ldap_debug: read1msg: ld 0x89443a0 msgid 1 message type bind
postmap: dict_ldap_debug: ber_scanf fmt ({eaa) ber:
postmap: dict_ldap_debug: read1msg: ld 0x89443a0 0 new referrals
postmap: dict_ldap_debug: read1msg:  mark request completed, ld 0x89443a0 msgid 1
postmap: dict_ldap_debug: request done: ld 0x89443a0 msgid 1
postmap: dict_ldap_debug: res_errno: 0, res_error: <>, res_matched: <>
postmap: dict_ldap_debug: ldap_free_request (origid 1, msgid 1)
postmap: dict_ldap_debug: ldap_free_connection 0 1
postmap: dict_ldap_debug: ldap_free_connection: refcnt 1
postmap: dict_ldap_debug: ldap_parse_sasl_bind_result
postmap: dict_ldap_debug: ber_scanf fmt ({eaa) ber:
postmap: dict_ldap_debug: ldap_msgfree
postmap: dict_ldap_debug: ldap_search_ext
postmap: dict_ldap_debug: put_filter: "(&(objectClass=group)(mail=testgroup@h3cmt.com))"
postmap: dict_ldap_debug: put_filter: AND
postmap: dict_ldap_debug: put_filter_list "(objectClass=group)(mail=testgroup@h3cmt.com)"
postmap: dict_ldap_debug: put_filter: "(objectClass=group)"
postmap: dict_ldap_debug: put_filter: simple
postmap: dict_ldap_debug: put_simple_filter: "objectClass=group"
postmap: dict_ldap_debug: put_filter: "(mail=testgroup@h3cmt.com)"
postmap: dict_ldap_debug: put_filter: simple
postmap: dict_ldap_debug: put_simple_filter: "mail=testgroup@h3cmt.com"
postmap: dict_ldap_debug: ldap_send_initial_request
postmap: dict_ldap_debug: ldap_send_server_request
postmap: dict_ldap_debug: ber_scanf fmt ({it) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({) ber:
postmap: dict_ldap_debug: ber_flush: 138 bytes to sd 4
postmap: dict_ldap_debug: ldap_result ld 0x89443a0 msgid 2
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x89443a0 msgid 2 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x89443a0 NULL
postmap: dict_ldap_debug: wait4msg ld 0x89443a0 msgid 2 (timeout 10000000 usec)
postmap: dict_ldap_debug: wait4msg continue ld 0x89443a0 msgid 2 all 1
** ld 0x89443a0 Connections:
* host: 10.63.16.115  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Mon Mar 21 10:29:21 2011

** ld 0x89443a0 Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x89443a0 Response Queue:
   Empty
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x89443a0 msgid 2 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x89443a0 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0x89443a0 msgid 2 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ber_get_next: tag 0x30 len 181 contents:
postmap: dict_ldap_debug: read1msg: ld 0x89443a0 msgid 2 message type search-entry
postmap: dict_ldap_debug: wait4msg ld 0x89443a0 10 secs to go
postmap: dict_ldap_debug: wait4msg continue ld 0x89443a0 msgid 2 all 1
** ld 0x89443a0 Connections:
* host: 10.63.16.115  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Mon Mar 21 10:29:21 2011

** ld 0x89443a0 Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x89443a0 Response Queue:
 * msgid 2,  type 100
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x89443a0 msgid 2 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x89443a0 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0x89443a0 msgid 2 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ber_get_next: tag 0x30 len 16 contents:
postmap: dict_ldap_debug: read1msg: ld 0x89443a0 msgid 2 message type search-result
postmap: dict_ldap_debug: ber_scanf fmt ({eaa) ber:
postmap: dict_ldap_debug: read1msg: ld 0x89443a0 0 new referrals
postmap: dict_ldap_debug: read1msg:  mark request completed, ld 0x89443a0 msgid 2
postmap: dict_ldap_debug: request done: ld 0x89443a0 msgid 2
postmap: dict_ldap_debug: res_errno: 0, res_error: <>, res_matched: <>
postmap: dict_ldap_debug: ldap_free_request (origid 2, msgid 2)
postmap: dict_ldap_debug: ldap_free_connection 0 1
postmap: dict_ldap_debug: ldap_free_connection: refcnt 1
postmap: dict_ldap_debug: adding response ld 0x89443a0 msgid 2 type 101:
postmap: dict_ldap_debug: ldap_parse_result
postmap: dict_ldap_debug: ber_scanf fmt ({iaa) ber:
postmap: dict_ldap_debug: ber_scanf fmt (}) ber:
postmap: dict_ldap_debug: ldap_get_values_len
postmap: dict_ldap_debug: ber_scanf fmt ({x{{a) ber:
postmap: dict_ldap_debug: ber_scanf fmt ([V]) ber:
postmap: dict_ldap_debug: ldap_first_attribute
postmap: dict_ldap_debug: ber_scanf fmt ({xl{) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({ax}) ber:
postmap: dict_ldap_debug: ldap_get_values_len
postmap: dict_ldap_debug: ber_scanf fmt ({x{{a) ber:
postmap: dict_ldap_debug: ber_scanf fmt ([V]) ber:
postmap: dict_ldap_debug: ldap_search_ext
postmap: dict_ldap_debug: put_filter: "objectclass=*"
postmap: dict_ldap_debug: put_filter: default
postmap: dict_ldap_debug: put_simple_filter: "objectclass=*"
postmap: dict_ldap_debug: ldap_send_initial_request
postmap: dict_ldap_debug: ldap_send_server_request
postmap: dict_ldap_debug: ber_scanf fmt ({it) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({) ber:
postmap: dict_ldap_debug: ber_flush: 103 bytes to sd 4
postmap: dict_ldap_debug: ldap_result ld 0x89443a0 msgid 3
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x89443a0 msgid 3 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x89443a0 NULL
postmap: dict_ldap_debug: wait4msg ld 0x89443a0 msgid 3 (timeout 10000000 usec)
postmap: dict_ldap_debug: wait4msg continue ld 0x89443a0 msgid 3 all 1
** ld 0x89443a0 Connections:
* host: 10.63.16.115  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Mon Mar 21 10:29:21 2011

** ld 0x89443a0 Outstanding Requests:
 * msgid 3,  origid 3, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x89443a0 Response Queue:
   Empty
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x89443a0 msgid 3 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x89443a0 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0x89443a0 msgid 3 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ber_get_next: tag 0x30 len 127 contents:
postmap: dict_ldap_debug: read1msg: ld 0x89443a0 msgid 3 message type search-entry
postmap: dict_ldap_debug: wait4msg ld 0x89443a0 10 secs to go
postmap: dict_ldap_debug: wait4msg continue ld 0x89443a0 msgid 3 all 1
** ld 0x89443a0 Connections:
* host: 10.63.16.115  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Mon Mar 21 10:29:21 2011

** ld 0x89443a0 Outstanding Requests:
 * msgid 3,  origid 3, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x89443a0 Response Queue:
 * msgid 3,  type 100
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x89443a0 msgid 3 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x89443a0 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0x89443a0 msgid 3 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ber_get_next: tag 0x30 len 16 contents:
postmap: dict_ldap_debug: read1msg: ld 0x89443a0 msgid 3 message type search-result
postmap: dict_ldap_debug: ber_scanf fmt ({eaa) ber:
postmap: dict_ldap_debug: read1msg: ld 0x89443a0 0 new referrals
postmap: dict_ldap_debug: read1msg:  mark request completed, ld 0x89443a0 msgid 3
postmap: dict_ldap_debug: request done: ld 0x89443a0 msgid 3
postmap: dict_ldap_debug: res_errno: 0, res_error: <>, res_matched: <>
postmap: dict_ldap_debug: ldap_free_request (origid 3, msgid 3)
postmap: dict_ldap_debug: ldap_free_connection 0 1
postmap: dict_ldap_debug: ldap_free_connection: refcnt 1
postmap: dict_ldap_debug: adding response ld 0x89443a0 msgid 3 type 101:
postmap: dict_ldap_debug: ldap_parse_result
postmap: dict_ldap_debug: ber_scanf fmt ({iaa) ber:
postmap: dict_ldap_debug: ber_scanf fmt (}) ber:
postmap: dict_ldap_debug: ldap_get_values_len
postmap: dict_ldap_debug: ber_scanf fmt ({x{{a) ber:
postmap: dict_ldap_debug: ber_scanf fmt (x}{a) ber:
postmap: dict_ldap_debug: ber_scanf fmt (x}{a) ber:
postmap: dict_ldap_debug: ldap_first_attribute
postmap: dict_ldap_debug: ber_scanf fmt ({xl{) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({ax}) ber:
postmap: dict_ldap_debug: ldap_get_values_len
postmap: dict_ldap_debug: ber_scanf fmt ({x{{a) ber:
postmap: dict_ldap_debug: ber_scanf fmt ([V]) ber:
postmap: dict_ldap_debug: ldap_next_attribute
postmap: dict_ldap_debug: ber_scanf fmt ({ax}) ber:
postmap: dict_ldap_debug: ldap_get_values_len
postmap: dict_ldap_debug: ber_scanf fmt ({x{{a) ber:
postmap: dict_ldap_debug: ber_scanf fmt (x}{a) ber:
postmap: dict_ldap_debug: ber_scanf fmt ([V]) ber:
postmap: dict_ldap_debug: ldap_next_attribute
postmap: dict_ldap_debug: ldap_msgfree
postmap: dict_ldap_debug: ldap_search_ext
postmap: dict_ldap_debug: put_filter: "objectclass=*"
postmap: dict_ldap_debug: put_filter: default
postmap: dict_ldap_debug: put_simple_filter: "objectclass=*"
postmap: dict_ldap_debug: ldap_send_initial_request
postmap: dict_ldap_debug: ldap_send_server_request
postmap: dict_ldap_debug: ber_scanf fmt ({it) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({) ber:
postmap: dict_ldap_debug: ber_flush: 105 bytes to sd 4
postmap: dict_ldap_debug: ldap_result ld 0x89443a0 msgid 4
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x89443a0 msgid 4 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x89443a0 NULL
postmap: dict_ldap_debug: wait4msg ld 0x89443a0 msgid 4 (timeout 10000000 usec)
postmap: dict_ldap_debug: wait4msg continue ld 0x89443a0 msgid 4 all 1
** ld 0x89443a0 Connections:
* host: 10.63.16.115  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Mon Mar 21 10:29:21 2011

** ld 0x89443a0 Outstanding Requests:
 * msgid 4,  origid 4, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x89443a0 Response Queue:
   Empty
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x89443a0 msgid 4 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x89443a0 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0x89443a0 msgid 4 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ber_get_next: tag 0x30 len 133 contents:
postmap: dict_ldap_debug: read1msg: ld 0x89443a0 msgid 4 message type search-entry
postmap: dict_ldap_debug: wait4msg ld 0x89443a0 10 secs to go
postmap: dict_ldap_debug: wait4msg continue ld 0x89443a0 msgid 4 all 1
** ld 0x89443a0 Connections:
* host: 10.63.16.115  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Mon Mar 21 10:29:21 2011

** ld 0x89443a0 Outstanding Requests:
 * msgid 4,  origid 4, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x89443a0 Response Queue:
 * msgid 4,  type 100
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x89443a0 msgid 4 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x89443a0 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0x89443a0 msgid 4 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ber_get_next: tag 0x30 len 16 contents:
postmap: dict_ldap_debug: read1msg: ld 0x89443a0 msgid 4 message type search-result
postmap: dict_ldap_debug: ber_scanf fmt ({eaa) ber:
postmap: dict_ldap_debug: read1msg: ld 0x89443a0 0 new referrals
postmap: dict_ldap_debug: read1msg:  mark request completed, ld 0x89443a0 msgid 4
postmap: dict_ldap_debug: request done: ld 0x89443a0 msgid 4
postmap: dict_ldap_debug: res_errno: 0, res_error: <>, res_matched: <>
postmap: dict_ldap_debug: ldap_free_request (origid 4, msgid 4)
postmap: dict_ldap_debug: ldap_free_connection 0 1
postmap: dict_ldap_debug: ldap_free_connection: refcnt 1
postmap: dict_ldap_debug: adding response ld 0x89443a0 msgid 4 type 101:
postmap: dict_ldap_debug: ldap_parse_result
postmap: dict_ldap_debug: ber_scanf fmt ({iaa) ber:
postmap: dict_ldap_debug: ber_scanf fmt (}) ber:
postmap: dict_ldap_debug: ldap_get_values_len
postmap: dict_ldap_debug: ber_scanf fmt ({x{{a) ber:
postmap: dict_ldap_debug: ber_scanf fmt (x}{a) ber:
postmap: dict_ldap_debug: ber_scanf fmt (x}{a) ber:
postmap: dict_ldap_debug: ldap_first_attribute
postmap: dict_ldap_debug: ber_scanf fmt ({xl{) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({ax}) ber:
postmap: dict_ldap_debug: ldap_get_values_len
postmap: dict_ldap_debug: ber_scanf fmt ({x{{a) ber:
postmap: dict_ldap_debug: ber_scanf fmt ([V]) ber:
postmap: dict_ldap_debug: ldap_next_attribute
postmap: dict_ldap_debug: ber_scanf fmt ({ax}) ber:
postmap: dict_ldap_debug: ldap_get_values_len
postmap: dict_ldap_debug: ber_scanf fmt ({x{{a) ber:
postmap: dict_ldap_debug: ber_scanf fmt (x}{a) ber:
postmap: dict_ldap_debug: ber_scanf fmt ([V]) ber:
postmap: dict_ldap_debug: ldap_next_attribute
postmap: dict_ldap_debug: ldap_msgfree
postmap: dict_ldap_debug: ldap_next_attribute
postmap: dict_ldap_debug: ber_scanf fmt ({ax}) ber:
postmap: dict_ldap_debug: ldap_get_values_len
postmap: dict_ldap_debug: ber_scanf fmt ({x{{a) ber:
postmap: dict_ldap_debug: ber_scanf fmt (x}{a) ber:
postmap: dict_ldap_debug: ber_scanf fmt ([V]) ber:
postmap: dict_ldap_debug: ldap_next_attribute
postmap: dict_ldap_debug: ldap_msgfree
www@H3CMT.COM,www@h3cmt.com,vmail@H3CMT.COM,vmail@h3cmt.com
postmap: dict_ldap_debug: ldap_free_connection 1 1
postmap: dict_ldap_debug: ldap_send_unbind
postmap: dict_ldap_debug: ber_flush: 7 bytes to sd 4
postmap: dict_ldap_debug: ldap_free_connection: actually freed

11

Re: issues with integration MS AD

Did you try to use 'ldapsearch' to query AD with same filter?

# ldapsearch -h [IP_ADDRESS_OF_AD] -x -D 'bind_dn' -W -b 'cn=users,dc=h3cmt,dc=com'' "(&(objectClass=group)(mail=testgroup@h3cmt.com))"

12 (edited by louis 2011-03-21 14:19:35)

Re: issues with integration MS AD

Hi ZhangHuangbin,
      Each user in AD has two properties, userPrincipalName and mail. They are the same. I think this is the cause of duplicated output . If I comment leaf_result_attribute or result_attribute in ad_virtual_group_maps.cf, the output will be fine.

server_host     = host
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,cn=users,dc=h3cmt,dc=com
bind_pw         = <*******>
search_base     = cn=users,dc=h3cmt,dc=com
scope           = sub
query_filter    = (&(objectClass=group)(mail=%s))
special_result_attribute = member
#leaf_result_attribute = mail
result_attribute= userPrincipalName
debuglevel      = 0

13

Re: issues with integration MS AD

louis wrote:

      Each user in AD has two properties, userPrincipalName and mail. They are the same. I think this is the cause of duplicated output . If I comment this line in ad_virtual_group_maps.cf, the output will be fine.

Great, i updated wiki tutorial about this tip. Thanks for your sharing, and ENJOY. smile