[Dovecot] Active Directory Auth
Hi, this is my fist post :)
I'm trying to authenticate users to Active Directory, but I don´t know how to set up dovecot-ldap.conf to do this. Specially user_filter and pass_filter attrs.
Does someone have this configuration working?
Thanks in advance.
Juan Pablo FavaIng. en Sistemas de Información
Dovecot needs a password DB where to perform authentication and a user DB where to retrieve home directory and uid/gid. With A.D. you can perform only the first: authorization but you should use Kerberos and PAM, not LDAP. Actually, a Microsoft extension to A.D. exists; it add unix style accounting to A.D., but I did not test it (ehi, it's Microsoft stuff! Do you really think it can work? ;-) For the user DB you should use static uid/gid and virtual mailboxes (a single Linux user that own all the mailboxes).
If you are interested, search the list archives to find my post where I rougly explained how to do it. Sorry for my terrible english.
Greets.
--
Ing. PAOLO BASENGHI :::: Systems & Networking Engineer p.basenghi@netribe.it ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ NETRIBE srl :: Collaborative E-Business 42100 :: Reggio Emilia :: Italy :: Via della Costituzione, 27/4 ph. +39 0522 232378 :: fax +39 0522 232386 :: http://www.netribe.it ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Le informazioni contenute in questa comunicazione sono riservate e destinate esclusivamente alla/e persona/e o all'ente sopra indicati. È vietato ai soggetti diversi dai destinatari qualsiasi uso, copia, diffusione di quanto in esso contenuto sia ai sensi dell'art. 616 c.p., sia ai sensi della legge 196/2003. Se questa comunicazione vi è pervenuta per errore, vi preghiamo di rispondere a questa mail e successivamente cancellarla dal vostro sistema. ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Juan Pablo Fava wrote:
Hi, this is my fist post :)
I'm trying to authenticate users to Active Directory, but I don´t know how to set up dovecot-ldap.conf to do this. Specially user_filter and pass_filter attrs.
Does someone have this configuration working?
Thanks in advance.
Hi,
I wrote up something to do AD authentication from a Linux system. This is for logging in, but you can probably do what you need for Dovecot.
http://yelof.com/pam-to-active-directory/
Let me know what you think.
mikePaolo Basenghi wrote:
Dovecot needs a password DB where to perform authentication and a user DB where to retrieve home directory and uid/gid. With A.D. you can perform only the first: authorization but you should use Kerberos and PAM, not LDAP. Actually, a Microsoft extension to A.D. exists; it add unix style accounting to A.D., but I did not test it (ehi, it's Microsoft stuff! Do you really think it can work? ;-) For the user DB you should use static uid/gid and virtual mailboxes (a single Linux user that own all the mailboxes).
If you are interested, search the list archives to find my post where I rougly explained how to do it. Sorry for my terrible english.
Greets.
Not that this is the answer you are looking for, but I was iffy about manually modifying AD and samba auth didn't have the features I needed, so I used Windows SFU (free download) and set up an NIS server on the AD domain. Works great!
Jeff Graves, MCSA Customer Support Engineer Image Source, Inc. 10 Mill Street Bellingham, MA 02019
508.966.5200 - Phone 508.966.5170 - Fax jeff@image-src.com - Email www.image-src.com
-----Original Message----- From: dovecot-bounces@dovecot.org [mailto:dovecot-bounces@dovecot.org] On Behalf Of Paolo Basenghi Sent: Tuesday, May 17, 2005 3:43 AM To: dovecot@dovecot.org Cc: Juan Pablo Fava Subject: Re: [Dovecot] Active Directory Auth
Dovecot needs a password DB where to perform authentication and a user DB where to retrieve home directory and uid/gid. With A.D. you can perform only the first: authorization but you should use Kerberos and PAM, not LDAP. Actually, a Microsoft extension to A.D. exists; it add unix style accounting to A.D., but I did not test it (ehi, it's Microsoft stuff! Do you really think it can work? ;-) For the user DB you should use static uid/gid and virtual mailboxes (a single Linux user that own all the mailboxes).
If you are interested, search the list archives to find my post where I rougly explained how to do it. Sorry for my terrible english.
Greets.
--
Ing. PAOLO BASENGHI :::: Systems & Networking Engineer p.basenghi@netribe.it ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ NETRIBE srl :: Collaborative E-Business 42100 :: Reggio Emilia :: Italy :: Via della Costituzione, 27/4 ph. +39 0522 232378 :: fax +39 0522 232386 :: http://www.netribe.it ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Le informazioni contenute in questa comunicazione sono riservate e destinate esclusivamente alla/e persona/e o all'ente sopra indicati. È vietato ai soggetti diversi dai destinatari qualsiasi uso, copia, diffusione di quanto in esso contenuto sia ai sensi dell'art. 616 c.p., sia ai sensi della legge 196/2003. Se questa comunicazione vi è pervenuta per errore, vi preghiamo di rispondere a questa mail e successivamente cancellarla dal vostro sistema. ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Juan Pablo Fava wrote:
Hi, this is my fist post :)
I'm trying to authenticate users to Active Directory, but I don´t know how to set up dovecot-ldap.conf to do this. Specially user_filter and pass_filter attrs.
Does someone have this configuration working?
Thanks in advance.
participants (4)
-
Jeff Graves
-
Juan Pablo Fava
-
Mike Foley
-
Paolo Basenghi