1

Topic: Associate domains with AD/LDAP containers

General question :
We have 3 companies sharing common infrastructure: inet, lan , dns , active directory .. etc
Because of specific internal security policy, every company leave in separate container in our  active directory .
In addition we have 4th company , with separate non trusted AD.

I am quite curious , is it possible to manage mail server of all 4 company , using different AA (authentication & authorisation) mechanism, based on uniq AD/container pair .
for example :
mail@comp1.com   authenticate vs   AD1/container1
mail@comp2.com   authenticate vs   AD1/container3
mail@comp4.com   authenticate vs   AD2 no container / filter

In addition is it possible to integrate iredmail with ispconfig .
Let me be quite clear , i am not trying to skip license of iredmail but to integrate management of similar services in one place .

Adding sogo as web-mail  and groupware will fit to my best use case scenario .

So having in mind this scenario ,  which version we should aim at (mysql / ldap)
.. and do you think my dreams come true at all ,

regards Zanon

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Associate domains with AD/LDAP containers

svetozar.urumov wrote:

is it possible to manage mail server of all 4 company , using different AA (authentication & authorisation) mechanism, based on uniq AD/container pair .

Sure. Let me give you an example:

*) One LDAP query in Postfix configured by iRedMail is:

virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_maps.cf

And ldap query related setting in this file:

server_host     = ...
server_port     = ...
version         = ...
bind            = ...
start_tls       = ...
bind_dn         = cn=vmail,dc=iredmail,dc=org
bind_pw         = 98PQWPsuMmMJDwaLi6s7mZxCbC9asF
search_base     = o=domains,dc=iredmail,dc=org
scope           = sub
query_filter    = (&(objectClass=mailUser)(|(mail=%s)(&(enabledService=shadowaddress)(shadowAddress=%s)))(accountStatus=active)(enabledService=mail)(enabledService=deliver))
result_attribute= mailMessageStore
result_format   = %s/Maildir/

As you can see, `search_base =` defines the container which stores mail accounts.

*) There're two ways to query multiple containers:

1) If all containers are stored under the same AD/LDAP server and same parent container, you can change the `search_base =` to its parent container, this way Postfix can query all accounts.

2) If all containers are stored under separated containers:

2.1) Add multiple LDAP queries files in Postfix 'virtual_mailbox_maps', each query file uses different container to query accounts. For example:

virtual_mailbox_maps =
    proxy:ldap:/etc/postfix/ldap/container_1.cf
    proxy:ldap:/etc/postfix/ldap/container_2.cf
    proxy:ldap:/etc/postfix/ldap/container_3.cf
    proxy:ldap:/etc/postfix/ldap/container_3.cf

Then create these files (container_X.cf), use different containers in `search_base =` (of course you should make sure other ldap related settings like server address, port number, bind dn/password are correct too). This way Postfix will query them (in specified order) to get mail accounts.

*) There're several Postfix settings need LDAP queries, you should update them all in the same way.
*) And you should update other components to query LDAP server in the same way, e.g. Dovecot, Roundcube webmail.