Howto authenticate smartPhone via Active Directory
mj
lists at merit.unu.edu
Tue Dec 5 17:42:15 EET 2017
Hi,
Not much time to reply now.
On 12/05/2017 05:21 AM, Mark Foley wrote:
> mj - thanks! That the first useful example I've received from any forum/list. I'm getting ready
> to try my config (have to do so after hours), but I have some probably simple-minded questions:
Well, that looks as if you are testing/trying out on your production
machine. Why not setup a seperate (virtual?) test server to play with..?
Use the same os version, with the same dovecot version.
Or clone your production machine, so you can test as much as you like,
without time pressure, at any given time.
> Your example is not the complete dovecot-ldap.conf.ext file, right? Have you just given me
> differences in your config from the "original"? You've kept the hosts, base, ldap_version,
> scope, deref, debug_level, and auth_bind_userdn settings in your config, right?
Not the complete file, no. I just provided the essentials.
> Your dn is:
>
> dn = cn=search_dovecit,cn=users,dc=company,dc=com
>
> Mine (original) is:
>
> dn = cn=user_for_bind,cn=Users,dc=dom
>
> Can you tell me why you have "search_dovecit" versus "user_for_bind"? Is that something I need
> in order to make this work?
It's the user that dovecot uses to search for your user, Can be
anything, as long as it can authenticate using the password in:
> My dnpass (original) is:
>
> dnpass = ************
>
> your example is:
>
> dnpass = top_secret
Use the password of whatever user you use.
> If meta, what is actually supposed to go there?
The password of user_for_bind
> With your "this user/passwd filter". Can you tell me why you have "userAccountControl=514"? Is
> that 514 bit documented somewhere? Your user_filer/pass_filter is *completely* different from
> my installed original.
https://social.msdn.microsoft.com/Forums/vstudio/en-US/77f48af7-bbef-4cd7-9c83-d9359b255534/ldap-query-get-nonlockeddisabled-accounts?forum=netfxbcl
For the rest: my advise is that you *really* need to pay around with
this much more. Get yourself a test environment, and play and test.
Plus: read some dovecot/ad howto's, and try things in your own environment.
Quick google returns:
https://www.howtoforge.com/postfix-dovecot-authentication-against-active-directory-on-centos-5.x
Enjoy :-)
MJ
More information about the dovecot
mailing list