Re: My dovecot works fine against Active Directory 2003, but not against AD2008
Fran - thanks for your reply. I'm cc'ing you directly on this as well as posting to the list as I'm not sure how often you check the list and I'm down to hanging by my last fingernail on this project.
I have some preliminary questions interspersed below.
Thanks, --Mark
-----Original Message-----
Subject: Re: My dovecot works fine against Active Directory 2003, but not against AD2008 To: dovecot@dovecot.org From: Fran cumc-4361-2@chguadalquivir.es Date: Thu, 10 Sep 2015 13:26:21 +0200
Hi Mark,
when I say AD 2003/8 I mean Active Directory 2003/8.
Hmmm, I've not heard of "Active Directory 2003" or 2008. The year numbers indicated to me you might be talking about Windows Small Business Server 2003 or 2008. Is your AD Server Windows? Linux? Something else? I'm using Samba4 AD/DC on Linux.
My configuration is attached.
Thank you very much for that. If I make some headway, I'll likely have more questions on specifics.
I based my installation (dovecot+postfix) in the guides of this site: http://www.linuxmail.info
The LDAP part is this: http://www.linuxmail.info/postfix-dovecot-ldap-centos-5/
If you were able to make sense out of these sites' tiny screen-shots and one-line descriptions my hat's off to you. "Your a better man that I am Gunga-Din!" If there was more detailed narrative somewhere I couldn't find it. Also, I don't have jXplorer on my system, so probably I couldn't get too far anyway.
BIG QUESTIONS:
Are you using MS Outlook IMAP clients in your environment? If so, how are you making them connect with LDAP? By checking the SPA checkbox?
The mail_gid/mail_uid as vmail confuses me. I see that setting a lot, including in your config. http://wiki2.dovecot.org/VirtualUsers says, "You can create, for example, one vmail user which owns all the mails, or you can assign a separate UID for each user." I have assigned a separte UID for each based on the UID returned by
wbinfo -u <username>. Does assigning separate UIDs mess up my ability to adapt your configuration?
little questions:
I'm not planning on using quotas. Can I safely omit your mail_plugins = " quota" setting and all your plugin { quota_...} settings? I want to be as simple as possible to start.
Likewise, dovecot seems to be able to find users' mailboxes just fine. Can I omit the namespace inbox {} setting?
These may seem like amaturish questions, but little details have foiled me a lot on this Dovecot project.
If I feel confident with the answers you provide here, I'll move on to trying some things.
Thanks a lot for your help!!!
--Mark
You can also use PAM to connect to AD (http://www.linuxmail.info/active-directory-dovecot-pam-authentication/) but that way doesn't allow to retrieve custom fields from the AD (ex. a field to set quota per user), so I'm using the standard LDAP method.
Regards
El 10/09/2015 a las 4:51, Mark Foley escribió:
Fran and/or Matthias,
Could you publish your doveconf -n? I can't get dovecot to authenticate with my AD. Maybe you have a solution I could try.
What mail client(s) are you using? I assume by "AD 2003/8" You mean SBS2003/8 and are therefore using Outlook?
--Mark
-----Original Message-----
[deleted]
On 9/12/2015 12:31 AM, Mark Foley wrote:
Hmmm, I've not heard of "Active Directory 2003" or 2008. The year numbers indicated to me you might be talking about Windows Small Business Server 2003 or 2008. Is your AD Server Windows? Linux? Something else? I'm using Samba4 AD/DC on Linux.
The OP probably is referring to AD functional levels:
https://technet.microsoft.com/en-us/library/cc787290%28v=ws.10%29.aspx
Thanks, Shawn
Exactly, that's what I meant.
El 16/09/2015 a las 15:37, Shawn Heisey escribió:
On 9/12/2015 12:31 AM, Mark Foley wrote:
Hmmm, I've not heard of "Active Directory 2003" or 2008. The year numbers indicated to me you might be talking about Windows Small Business Server 2003 or 2008. Is your AD Server Windows? Linux? Something else? I'm using Samba4 AD/DC on Linux. The OP probably is referring to AD functional levels:
https://technet.microsoft.com/en-us/library/cc787290%28v=ws.10%29.aspx
Thanks, Shawn
I'm sorry for the late response, I missed this mail. I'll answer your questions below. I'm sending a BCC of this mail to your personal address, but it seems to have some problem because your server bounces it:
El 12/09/2015 a las 8:31, Mark Foley escribió:
Fran - thanks for your reply. I'm cc'ing you directly on this as well as posting to the list as I'm not sure how often you check the list and I'm down to hanging by my last fingernail on this project.
I have some preliminary questions interspersed below.
Thanks, --Mark
Subject: Re: My dovecot works fine against Active Directory 2003, but not against AD2008 To: dovecot@dovecot.org From: Fran cumc-4361-2@chguadalquivir.es Date: Thu, 10 Sep 2015 13:26:21 +0200
Hi Mark,
when I say AD 2003/8 I mean Active Directory 2003/8. Hmmm, I've not heard of "Active Directory 2003" or 2008. The year numbers indicated to me you might be talking about Windows Small Business Server 2003 or
-----Original Message----- 2008. Is your AD Server Windows? Linux? Something else? I'm using Samba4 AD/DC on Linux.
https://technet.microsoft.com/en-us/library/cc787290%28v=ws.10%29.aspx
My configuration is attached. Thank you very much for that. If I make some headway, I'll likely have more questions on specifics.
I based my installation (dovecot+postfix) in the guides of this site: http://www.linuxmail.info
The LDAP part is this: http://www.linuxmail.info/postfix-dovecot-ldap-centos-5/ If you were able to make sense out of these sites' tiny screen-shots and one-line descriptions my hat's off to you. "Your a better man that I am Gunga-Din!" If there was more detailed narrative somewhere I couldn't find it. Also, I don't have jXplorer on my system, so probably I couldn't get too far anyway.
You don't need jXplorer at all, in fact I didn't use it. If you need to browser throught your LDAP directory you can use any LDAP browser. The descriptions of that site are short, that's true, but it contains the essential info to adapt it to any similar environment. Don't take it like a step by step guide, unless you use exactly the same environment and versions, you won't find same files in same places. Try to understand how differents parts work and adapt it to your environment.
BIG QUESTIONS:
- Are you using MS Outlook IMAP clients in your environment? If so, how are you making them connect with LDAP? By checking the SPA checkbox?
There are Thunderbird, Roundcube, Outlook, IOS and Android clients on my environment. All of them use standard IMAP connections. I don't understand very well your question, the client doesn't need to connect with LDAP, it's dovecot itself who connect with AD to validate the IMAP user login.
- The mail_gid/mail_uid as vmail confuses me. I see that setting a lot, including in your config. http://wiki2.dovecot.org/VirtualUsers says, "You can create, for example, one vmail user which owns all the mails, or you can assign a separate UID for each user." I have assigned a separte UID for each based on the UID returned by
wbinfo -u <username>. Does assigning separate UIDs mess up my ability to adapt your configuration?
I assigned one vmail user which owns all the mails. You can still use my configuration for many other parts though.
little questions:
- I'm not planning on using quotas. Can I safely omit your mail_plugins = " quota" setting and all your plugin { quota_...} settings? I want to be as simple as possible to start.
You don't need that plugin if you don't plan to use it.
- Likewise, dovecot seems to be able to find users' mailboxes just fine. Can I omit the namespace inbox {} setting?
I don't think so. This is my in /etc/dovecot/conf.d/10-mail.conf mail_home = /home/vmail/<domain>/%Lu mail_location = maildir:~/Maildir mail_uid = 1000 mail_gid = 1000 namespace inbox { # Namespace type: private, shared or public type = private inbox = yes
mailbox Trash {
auto = subscribe
special_use = \Trash
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
}I think this is essential to have a minimal directory structure in any new mail account
These may seem like amaturish questions, but little details have foiled me a lot on this Dovecot project.
If I feel confident with the answers you provide here, I'll move on to trying some things.
Thanks a lot for your help!!!
--Mark
You can also use PAM to connect to AD (http://www.linuxmail.info/active-directory-dovecot-pam-authentication/) but that way doesn't allow to retrieve custom fields from the AD (ex. a field to set quota per user), so I'm using the standard LDAP method.
Regards
El 10/09/2015 a las 4:51, Mark Foley escribió:
Fran and/or Matthias,
Could you publish your doveconf -n? I can't get dovecot to authenticate with my AD. Maybe you have a solution I could try.
What mail client(s) are you using? I assume by "AD 2003/8" You mean SBS2003/8 and are therefore using Outlook?
--Mark
-----Original Message----- [deleted] ç
Regards
participants (3)
-
Fran
-
Mark Foley
-
Shawn Heisey