1

Topic: ADS-iRedmail issue

I was trying to integrate iredmail to AD.I am sucessfully able to integrate users and able to query too.Thanks to your wiki.
But not able to query group.It is simply blank result.Please find below the debug information,need help

postmap: dict_ldap_debug: ldap_create
postmap: dict_ldap_debug: ldap_url_parse_ext(ldap://172.30.65.30:389)
postmap: dict_ldap_debug: ldap_sasl_bind
postmap: dict_ldap_debug: ldap_send_initial_request
postmap: dict_ldap_debug: ldap_new_connection 1 1 0
postmap: dict_ldap_debug: ldap_int_open_connection
postmap: dict_ldap_debug: ldap_connect_to_host: TCP 172.30.65.30:389
postmap: dict_ldap_debug: ldap_new_socket: 4
postmap: dict_ldap_debug: ldap_prepare_socket: 4
postmap: dict_ldap_debug: ldap_connect_to_host: Trying 172.30.65.30:389
postmap: dict_ldap_debug: ldap_connect_timeout: fd: 4 tm: 10 async: 0
postmap: dict_ldap_debug: ldap_ndelay_on: 4
postmap: dict_ldap_debug: ldap_is_sock_ready: 4
postmap: dict_ldap_debug: ldap_ndelay_off: 4
postmap: dict_ldap_debug: ldap_open_defconn: successful
postmap: dict_ldap_debug: ldap_send_server_request
postmap: dict_ldap_debug: ber_scanf fmt ({it) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({i) ber:
postmap: dict_ldap_debug: ber_flush: 25 bytes to sd 4
postmap: dict_ldap_debug: ldap_result ld 0x9370578 msgid 1
postmap: dict_ldap_debug: wait4msg ld 0x9370578 msgid 1 (timeout 10000000 usec)
postmap: dict_ldap_debug: wait4msg continue ld 0x9370578 msgid 1 all 1
** ld 0x9370578 Connections:
* host: 172.30.65.30  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Sun Jul  3 15:33:51 2011

** ld 0x9370578 Outstanding Requests:
* msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x9370578 Response Queue:
   Empty
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x9370578 msgid 1 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x9370578 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0x9370578 msgid 1 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ber_get_next: tag 0x30 len 16 contents:
postmap: dict_ldap_debug: read1msg: ld 0x9370578 msgid 1 message type bind
postmap: dict_ldap_debug: ber_scanf fmt ({eaa) ber:
postmap: dict_ldap_debug: read1msg: ld 0x9370578 0 new referrals
postmap: dict_ldap_debug: read1msg:  mark request completed, ld 0x9370578 msgid 1
postmap: dict_ldap_debug: request done: ld 0x9370578 msgid 1
postmap: dict_ldap_debug: res_errno: 0, res_error: <>, res_matched: <>
postmap: dict_ldap_debug: ldap_free_request (origid 1, msgid 1)
postmap: dict_ldap_debug: ldap_parse_sasl_bind_result
postmap: dict_ldap_debug: ber_scanf fmt ({eaa) ber:
postmap: dict_ldap_debug: ldap_msgfree
postmap: dict_ldap_debug: ldap_search_ext
postmap: dict_ldap_debug: put_filter: "(&(objectClass=group)(mail=testgroup@tarangtech.com))"
postmap: dict_ldap_debug: put_filter: AND
postmap: dict_ldap_debug: put_filter_list "(objectClass=group)(mail=testgroup@tarangtech.com)"
postmap: dict_ldap_debug: put_filter: "(objectClass=group)"
postmap: dict_ldap_debug: put_filter: simple
postmap: dict_ldap_debug: put_simple_filter: "objectClass=group"
postmap: dict_ldap_debug: put_filter: "(mail=testgroup@tarangtech.com)"
postmap: dict_ldap_debug: put_filter: simple
postmap: dict_ldap_debug: put_simple_filter: "mail=testgroup@tarangtech.com"
postmap: dict_ldap_debug: ldap_send_initial_request
postmap: dict_ldap_debug: ldap_send_server_request
postmap: dict_ldap_debug: ber_scanf fmt ({it) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({) ber:
postmap: dict_ldap_debug: ber_flush: 142 bytes to sd 4
postmap: dict_ldap_debug: ldap_result ld 0x9370578 msgid 2
postmap: dict_ldap_debug: wait4msg ld 0x9370578 msgid 2 (timeout 10000000 usec)
postmap: dict_ldap_debug: wait4msg continue ld 0x9370578 msgid 2 all 1
** ld 0x9370578 Connections:
* host: 172.30.65.30  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Sun Jul  3 15:33:51 2011

** ld 0x9370578 Outstanding Requests:
* msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x9370578 Response Queue:
   Empty
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x9370578 msgid 2 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x9370578 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0x9370578 msgid 2 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ber_get_next: tag 0x30 len 16 contents:
postmap: dict_ldap_debug: read1msg: ld 0x9370578 msgid 2 message type search-result
postmap: dict_ldap_debug: ber_scanf fmt ({eaa) ber:
postmap: dict_ldap_debug: read1msg: ld 0x9370578 0 new referrals
postmap: dict_ldap_debug: read1msg:  mark request completed, ld 0x9370578 msgid 2
postmap: dict_ldap_debug: request done: ld 0x9370578 msgid 2
postmap: dict_ldap_debug: res_errno: 0, res_error: <>, res_matched: <>
postmap: dict_ldap_debug: ldap_free_request (origid 2, msgid 2)
postmap: dict_ldap_debug: ldap_parse_result
postmap: dict_ldap_debug: ber_scanf fmt ({iaa) ber:
postmap: dict_ldap_debug: ber_scanf fmt (}) ber:
postmap: dict_ldap_debug: ldap_msgfree
postmap: dict_ldap_debug: ldap_free_connection 1 1
postmap: dict_ldap_debug: ldap_send_unbind
postmap: dict_ldap_debug: ber_flush: 7 bytes to sd 4
postmap: dict_ldap_debug: ldap_free_connection: actually freed



Please find below the ad_virtual_group_maps.cf file detail

server_host     = 172.30.65.30
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = vmail
bind_pw         = tmp100
search_base     = cn=users,dc=tarangtech,dc=com
scope           = sub
query_filter    = (&(objectClass=group)(mail=%s))
special_result_attribute = member
#leaf_result_attribute = mail
result_attribute= userPrincipalName
debuglevel      = 1
_______________________________________________________________________________________

Please find below the Ldiff data drom ADS -  Actually not able to get group member in postmap query.

dn: CN=santosh k,OU=Sample,DC=tarangtech,DC=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: santosh k
sn: k
givenName: santosh
distinguishedName: CN=santosh k,OU=Sample,DC=tarangtech,DC=com
instanceType: 4
whenCreated: 20110703132158.0Z
whenChanged: 20110704182716.0Z
displayName: santosh k
uSNCreated: 16423
memberOf: CN=testgroup,OU=Sample,DC=tarangtech,DC=com
memberOf: CN=test,CN=Users,DC=tarangtech,DC=com
uSNChanged: 16501
name: santosh k
objectGUID:: s+5eiAJTqkWSUpjnqSUygw==
userAccountControl: 66048
badPwdCount: 1
codePage: 0
countryCode: 0
badPasswordTime: 129542393197672500
lastLogoff: 0
lastLogon: 0
pwdLastSet: 129541729186422500
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAA9AL8vHebK/6NJA0mVQQAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: santoshk
sAMAccountType: 805306368
userPrincipalName: santoshk@tarangtech.com
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=tarangtech,DC=com
dSCorePropagationData: 20110704182716.0Z
dSCorePropagationData: 20110704182716.0Z
dSCorePropagationData: 20110704182716.0Z
dSCorePropagationData: 16010108151056.0Z

note: As per your advice I have created new topic.Thanks in advance.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: ADS-iRedmail issue

santoshkrg wrote:

Please find below the ad_virtual_group_maps.cf file detail
server_host     = 172.30.65.30
[...]
#leaf_result_attribute = mail

Did you try to enable 'leaf_result_attribute'?

3

Re: ADS-iRedmail issue

Yes I tried again enabling 'leaf_result_attribute' but postmap result is blank.enabling or disabling this gives the same result.

4

Re: ADS-iRedmail issue

I found the problem:

Defined search base in postfix is:

search_base     = cn=users,dc=tarangtech,dc=com

But your group accountt is under OU=Sample,DC=tarangtech,DC=com

dn: CN=santosh k,OU=Sample,DC=tarangtech,DC=com

That's why you can't find it.

5

Re: ADS-iRedmail issue

Thanks Zhang for the prompt support.

But no luck .I tried creating a group under users in ADS without any change in postfix search base.But it didn't return any result.

Do I need to change search base in postfix.

Please ignore my poor Ldap knowledge.Without this I am not able to proceed.

6

Re: ADS-iRedmail issue

santoshkrg wrote:

Do I need to change search base in postfix.

Why not just try it? smile