My dovecot works fine against Active Directory 2003, but not against AD2008

Fran cumc-4361-2 at chguadalquivir.es
Thu Oct 29 11:16:04 UTC 2015 

I'm sorry for the late response, I missed this mail. I'll answer your
questions below. I'm sending a BCC of this mail to your personal
address, but it seems to have some problem because your server bounces it:

El 12/09/2015 a las 8:31, Mark Foley escribió:
> Fran - thanks for your reply. I'm cc'ing you directly on this as well as posting
> to the list as I'm not sure how often you check the list and I'm down to hanging
> by my last fingernail on this project.
>
> I have some preliminary questions interspersed below.
>
> Thanks, --Mark
>
> -----Original Message-----
>> Subject: Re: My dovecot works fine against Active Directory 2003, but not
>> 	against AD2008
>> To: dovecot at dovecot.org
>> From: Fran <cumc-4361-2 at chguadalquivir.es>
>> Date: Thu, 10 Sep 2015 13:26:21 +0200
>>
>> Hi Mark,
>>
>> when I say AD 2003/8 I mean Active Directory 2003/8.
> Hmmm, I've not heard of "Active Directory 2003" or 2008.  The year numbers
> indicated to me you might be talking about Windows Small Business Server 2003 or
> 2008.  Is your AD Server Windows? Linux? Something else? I'm using Samba4 AD/DC
> on Linux. 

https://technet.microsoft.com/en-us/library/cc787290%28v=ws.10%29.aspx



>> My configuration is attached.
> Thank you very much for that. If I make some headway, I'll likely have more
> questions on specifics.
>
>> I based my installation (dovecot+postfix) in the guides of this site:
>> http://www.linuxmail.info
>>
>> The LDAP part is this:
>> http://www.linuxmail.info/postfix-dovecot-ldap-centos-5/
> If you were able to make sense out of these sites' tiny screen-shots and one-line
> descriptions my hat's off to you. "Your a better man that I am Gunga-Din!" If
> there was more detailed narrative somewhere I couldn't find it. Also, I don't
> have jXplorer on my system, so probably I couldn't get too far anyway.

You don't need jXplorer at all, in fact I didn't use it. If you need to
browser throught your LDAP directory you can use any LDAP browser.
The descriptions of that site are short, that's true, but it contains
the essential info to adapt it to any similar environment. Don't take it
like a step by step guide, unless you use exactly the same environment
and versions, you won't find same files in same places. Try to
understand how differents parts work and adapt it to your environment.

>
> BIG QUESTIONS:
>
> 1. Are you using MS Outlook IMAP clients in your environment? If so, how are you
> making them connect with LDAP? By checking the SPA checkbox?

There are Thunderbird, Roundcube, Outlook, IOS and Android clients on my
environment. All of them use standard IMAP connections. I don't
understand very well your question, the client doesn't need to connect
with LDAP, it's dovecot itself who connect with AD to validate the IMAP
user login.

>
> 2.  The mail_gid/mail_uid as vmail confuses me.  I see that setting a lot,
> including in your config.  http://wiki2.dovecot.org/VirtualUsers says, "You can
> create, for example, one vmail user which owns all the mails, or you can assign
> a separate UID for each user." I have assigned a separte UID for each based on
> the UID returned by `wbinfo -u <username>`.  Does assigning separate UIDs mess
> up my ability to adapt your configuration?

I assigned one vmail user which owns all the mails. You can still use my
configuration for many other parts though.


>
> little questions:
>
> 3. I'm not planning on using quotas. Can I safely omit your mail_plugins = " quota"
> setting and all your plugin { quota_...} settings? I want to be as simple as
> possible to start.

You don't need that plugin if you don't plan to use it.

>
> 4. Likewise, dovecot seems to be able to find users' mailboxes just fine. Can I
> omit the namespace inbox {} setting?
I don't think so. This is my in /etc/dovecot/conf.d/10-mail.conf
       
            mail_home = /home/vmail/<domain>/%Lu
            mail_location = maildir:~/Maildir
            mail_uid = 1000
            mail_gid = 1000
               
             namespace inbox {
                  # Namespace type: private, shared or public
                  type = private
                 
                  inbox = yes

                  mailbox Trash {
                    auto = subscribe
                    special_use = \Trash
                  }
                  mailbox Drafts {
                    auto = subscribe
                    special_use = \Drafts
                  }
                  mailbox Sent {
                        auto = subscribe
                        special_use = \Sent
                  }
                  mailbox Junk {
                    auto = subscribe
                        special_use = \Junk
                  }
                }

I think this is essential to have a minimal directory structure in any
new mail account

>
> These may seem like amaturish questions, but little details have foiled me a lot
> on this Dovecot project. 
>
> If I feel confident with the answers you provide here, I'll move on to trying
> some things.
>
> Thanks a lot for your help!!!
>
> --Mark
>
>> You can also use PAM to connect to AD
>> (http://www.linuxmail.info/active-directory-dovecot-pam-authentication/)
>> but that way doesn't allow to retrieve custom fields from the AD (ex. a
>> field to set quota per user), so I'm using the standard LDAP method.
>>
>> Regards
>>
>> El 10/09/2015 a las 4:51, Mark Foley escribió:
>>> Fran and/or Matthias,
>>>
>>> Could you publish your doveconf -n? I can't get dovecot to authenticate with my
>>> AD. Maybe you have a solution I could try.
>>>
>>> What mail client(s) are you using? I assume by "AD 2003/8" You mean SBS2003/8
>>> and are therefore using Outlook?
>>>
>>> --Mark
>>>
>>> -----Original Message-----
> [deleted]
> ç

Regards

More information about the dovecot mailing list