[Dovecot] dovecot + postfix + active directory

Paolo Basenghi P.Basenghi at netribe.it
Mon Apr 11 15:30:33 EEST 2005


Active Directory uses kerberos protocol for authentication, so you need 
pam_krb5 module to authenticate.
I don't know if it is possible to authenticate in A.D. without Kerberos.

In the configuration I proposed to you, A.D. is required only for 
authentication, the accounting information (uid, gid) is static (vmail 
Linux user), the home dir. is determined by template (example: 
/home/vmail/mailboxes/<A.D. username>).
In other words, my config. works well if you can utilize virtual 
mailboxes *AND* each mailbox dir. name equals to A.D. username.

I heard that exists a Microsoft extension to A.D. LDAP schema to add 
Unix accounting info, but I never used it.

So I don't know if you *must* use pam+kerberos, but I suggest that you 
*should* try it, leaving out dovecot-ldap.conf.

Cheers

-- 
___________________________________________________________________

Ing. PAOLO BASENGHI :::: Systems & Networking Engineer
p.basenghi at netribe.it
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
NETRIBE srl :: Collaborative E-Business
42100 :: Reggio Emilia :: Italy :: Via della Costituzione, 27/4
ph. +39 0522 232378 :: fax +39 0522 232386 :: http://www.netribe.it
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Le informazioni contenute in questa comunicazione sono riservate e
destinate esclusivamente alla/e persona/e o all'ente sopra indicati.
È vietato ai soggetti diversi dai destinatari qualsiasi uso, copia,
diffusione di quanto in esso contenuto sia ai sensi dell'art. 616
c.p., sia ai sensi della legge 196/2003. Se questa comunicazione vi
è pervenuta per errore, vi preghiamo di rispondere a questa mail e
successivamente cancellarla dal vostro sistema.
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Askar wrote:

Hi Paolo,

>
>         Thank you for you quick reply, atm i'm trying with postfix + 
> dovecot +ad with no luck.
> Yes i'm using the virtual user for postfix vmail:vmail. however I'm 
> getting authentication errors.
> I duno If PAM is *must* in my case (i'm not using pam right now). when 
> I tries to connect with mail client "thunderbird" I also get login 
> failure.
> Here is the portion from dove-ldap.conf ....
>
> hosts = xxx.abc.edu.pk (domain name crypted(changed) for security 
> reason) :P
> dn = cn=abc,cn=Users,dc=abc,dc=edu,dc=pk
>
>
> dnpass = xxxx
>
> ldap_version = 3
>
> base = dc=abc,dc=edu,dc=pk
>
> deref = never
>
> scope = subtree
> #user_attrs = uid,,,,, (i'm trying with different settings for 
> user_attrs here)
> #user_attrs = uid,homeDirectory,,uid,,
> #user_filter = (&(objectClass=posixAccount)(uid=%u))
> user_filter = (sAMAccountName=%u)
> #user_filter = (&(objectClass=sAMACcountName)(cn=%u))
> # Password checking attributes in order:
> #  Virtual user name (user at domain)
> #  Password, may optionally start with {type}, eg. {crypt}
> pass_attrs = uid,userPassword
>
> # Filter for password lookups
> #pass_filter = (&(objectClass=posixAccount)(uid=%u))
> pass_filter = (sAMAccountName=%u)
> #user_filter = (&(objectClass=sAMACcountName)(cn=%u))
>
> # Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, CRYPT
> default_pass_scheme = PLAIN
> user_global_uid = 1009
> user_global_gid = 1003
>
> I can see that I can't get any error while starting dovecot, however 
> while trying to login via mail client it fails to authenticate.
>
> Note: is PAM is *MUST* for postfix + dovecot + Active directory ?
>
> Thanks and regards
>
> Askar
>






More information about the dovecot mailing list