1 Topic by crazykilla86

  • crazykilla86
  • Member
  • Offline
  • Registered: 2012-04-19
  • Posts: 6

Topic: Dovecot/LDAP/AD issues --Help please!

==== Provide required information to help troubleshoot and get quick answer ====
- iRedMail version:0.7.4
- Linux/BSD distribution name and version: Ubuntu 10.04 Server
- Any related log? Log is helpful for troubleshooting. -YES! (below)
====

Hello there, i am having some crazy issues with dovecot. I've been following the tutorial here - http://iredmail.org/wiki/index.php?titl … y.iRedMail . I'm to the part where we telnet into the localhost and attempt the . login etc etc. Let me give you some background.

We want our users to be able to have the same user/pw combo for email as they do for windows(active directory) .  Here is a copy of my dovecot-ldap.conf file.
#
# File generated by iRedMail (2012.04.18.13.55.17):
#
# Version:  0.7.4
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

hosts           = 172.x.x.x:389
ldap_version    = 3
auth_bind       = yes
dn              = mydomain\my_bind_user
dnpass          = bind_user_pw
base            = ou=X X Users,dc=mydomain,dc=local
scope           = subtree
deref           = never
user_filter     = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
pass_filter     = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(
(enabledService=shadowaddress)(shadowAddress=%u))))
pass_attrs      = mail=user,userPassword=password
default_pass_scheme = CRYPT
user_attrs      = mail=user,homeDirectory=home,mailMessageStore=mail=maildir:/var/vmail/%$/Maildir/,mailQuota=quota_rule=*:bytes=%$
####
According to the log it is appending .local to my email addresses instead of .com which is my mail domain. Can you help at all? I'd be happy to post any logs/conf files you'd need. BTW Ldap search is successful. Just Dovecot!






Thanks in advance!

Steve

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by crazykilla86 (edited by crazykilla86 2012-04-19 23:29:48)

  • crazykilla86
  • Member
  • Offline
  • Registered: 2012-04-19
  • Posts: 6

Re: Dovecot/LDAP/AD issues --Help please!

We got it to work by logging in with email addresses specified in AD. Here's our file in case anyone else has this issue.

#
# File generated by iRedMail (2012.04.18.13.55.17):
#
# Version:  0.7.4
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

hosts           = 172.x.,x.x:389
ldap_version    = 3
auth_bind       = yes
dn              = mydomain\my_bind_user
dnpass          = bind_pw
base            = ou=X X Users,dc=mydomain,dc=local
scope           = subtree
deref           = never
user_filter     = (&(mail=%u)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_filter     = (&(mail=%u)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs      = userPassword=password
default_pass_scheme = CRYPT
user_attrs      = =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir/

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Dovecot/LDAP/AD issues --Help please!

Did you get it solved?

4 Reply by crazykilla86

  • crazykilla86
  • Member
  • Offline
  • Registered: 2012-04-19
  • Posts: 6

Re: Dovecot/LDAP/AD issues --Help please!

Kind of lol.
Here's what we *wanted*..
Say my name is John Smith and my email address is john_s@mydomain.com. Our AD naming scheme would have my windows logon to be JSmith and lets say my password is 123. What we wanted is to have me have the same credentials for both windows and email. We tried so many different variables in the ldap-conf file, and finally settled on being able to log in to windows as JSmith/123 and log into email as john_s@mydomain.com/123. So it's successfully pulling my password, but we couldnt figure out how to make it work with the username. We were thinking the samaccountname string but couldn't get it to work properly. It's acceptable now but we'd like it to be the way i described with one username/password for both services. Thanks for the speedy reply!

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Dovecot/LDAP/AD issues --Help please!

crazykilla86 wrote:

What we wanted is to have me have the same credentials for both windows and email.

By following the wiki tutorial, you should be able to login to mail service (via POP3/IMAP/SMTP) with email address john_s@mydomain.com (or john_s, depends on your setting) and password 123. What you need is tweaking user_filter and pass_filter to get correct mail user objects, and the dovecot-ldap.conf in your second post looks just fine.

There's no need to update AD naming scheme, actually, it doesn't need to update any data in AD. It just uses existing data for mail service.

6 Reply by crazykilla86

  • crazykilla86
  • Member
  • Offline
  • Registered: 2012-04-19
  • Posts: 6

Re: Dovecot/LDAP/AD issues --Help please!

I think we can be satisfied with logging in with Username: email address Password: Active Directory password.

Forgive me if i should create a seperate topic for this, but i have some other questions for you. We would like to archive every email that passes through our system. Our old server had some scripts that copied all emails sent and recieved into a MySQL database, but since we are using LDAP for the new system, no MySQL databases are being used. Do you have any suggestions? I might add that the BCC option is not an option as some of our 100+ users desire to keep the BCC functionality and i've read that if we use it for archiving, then it will remove the option for users. Thanks in advance!

Steve

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Dovecot/LDAP/AD issues --Help please!

crazykilla86 wrote:

Our old server had some scripts that copied all emails sent and recieved into a MySQL database, but since we are using LDAP for the new system, no MySQL databases are being used.

OpenLDAP backend still requires MySQL database, it was used to store application data, e.g. Policyd, Roundcube.

8 Reply by crazykilla86

  • crazykilla86
  • Member
  • Offline
  • Registered: 2012-04-19
  • Posts: 6

Re: Dovecot/LDAP/AD issues --Help please!

Okay, we may look into that at a later date. That's not a pressing issue. I am having trouble with distribution groups though.
When i create a distribution group in Active Directory, add myself to it, and have one of my users send an email to the groups email address (testgroup@mydomain.com) i don't recieve the message and the sender gets an error stating that Recipient rejected - User unkown in virtual mailbox table. Any suggestions? I Can post any config files you need. Thanks in advance.

9 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Dovecot/LDAP/AD issues --Help please!

Please verify it first:
http://iredmail.org/wiki/index.php?titl … in_Postfix

If command 'postmap' returns nothing, please turn on debug mode by appending option '-v' to postmap and try again.

# postmap -v ...

Also, paste related config file here to help troubleshoot.

10 Reply by crazykilla86

  • crazykilla86
  • Member
  • Offline
  • Registered: 2012-04-19
  • Posts: 6

Re: Dovecot/LDAP/AD issues --Help please!

Sorry for the delay. This issue has been resolved. We had an error in our AD_virtual_group_maps file, We had the result coming as user principal name which returned user@mydomain.local instead of user@mydomain.com, changing the result to mail resolved this issue! Thanks for all of your help! You can mark this as RESOLVED!