1

Topic: Bug ? LDAP accounts not candidate to restriction in iRedAdmin

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.2
- Linux/BSD distribution name and version: Debian 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
- Related log if you're reporting an issue:
====

Hello,

I installed iRedMail SQL backend. I also add directives to make Dovecot and Postfix able to seek for AD accounts in their respective config files.

If I need to set an option via iRedAdmin Pro to an AD account, I have to create an account the same email address in MySQL database, it's OK for me.
All options works (General, forwarding, BCC...) but not options in "Advanced" tab like disabling "sending mails via SMTP", "fetch mails via IMAP" etc..

What should I do to resctrict mails accounts stored in AD database ?

Thanks

Nicolas

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Bug ? LDAP accounts not candidate to restriction in iRedAdmin

nicolasfo wrote:

All options works (General, forwarding, BCC...) but not options in "Advanced" tab like disabling "sending mails via SMTP", "fetch mails via IMAP" etc..
What should I do to resctrict mails accounts stored in AD database ?

I suggest you check the default SQL/LDAP config files used in Postfix and Dovecot, configured by iRedMail. All these restrictions are implemented with SQL 'WHERE' statement, or LDAP filter.

With OpenLDAP backend, we have (part of) ldap filter like "(enabledService=smtp)" or "(enabledService=smtpsecured)" for smtp restriction, when Postfix queries account with this filter, account without these attribute/value pair will be considered "disabled" (per service).

Again, if you want to make it work, i suggest you compare default iRedMail settings to understand how it works.

3 (edited by nicolasfo 2015-09-16 04:58:51)

Re: Bug ? LDAP accounts not candidate to restriction in iRedAdmin

Hello,
Just checked LDAP files from "samples" folder in iRedMail install folder.
Problem is in LDAP conf files, for example, "accountStatus" or "enabledService" are stored in iRedMail created LDAP database. But in my case, those values are stored in a MySQL (for memories, I use MySQL backend and go to catch some accounts in a MS AD database) database, is there a way to add an SQL query in those LDAP conf files to get MySQL stored restrictions ?

Thanks

Nicolas

4

Re: Bug ? LDAP accounts not candidate to restriction in iRedAdmin

nicolasfo wrote:

is there a way to add an SQL query in those LDAP conf files to get MySQL stored restrictions ?

You can add a new SQL query file, not add SQL query statements in LDAP query files.

For example, iRedMail has Postfix setting like this:

virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf

You can add additional SQL/LDAP lookup file like this:

virtual_mailbox_maps =
    proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
    proxy:mysql:/etc/postfix/mysql/your_additional_query.cf