We will be using the following attributes
- samaccountname or uid – User Name for Active Directory or OpenLDAP respectively.
- mail – Email Address. For Active Directory users, you need to fill-up the E-mail field of the User.
- othermailbox – For Active Directory only. We will use this field to store email aliases. Use ADSI Edit to update this field.
Create the Virtual Mail User Account
Since the Active Directory/OpenLDAP user names are not part of the Linux system, we will have to create a user that will be the owner for all the files belonging to the LDAP user names.
1. Create a new user, we will call it vmail. Change the Login Shell to /sbin/nologin, this user account should not be used for logging in.
2. Take note of the User ID and Home Directory of vmail(example 502).
3. Now note down the Group ID of vmail. We’ll be needing all of them later.
Postfix Active Directory/LDAP Integration
1. Create the file /etc/postfix/ldap-users.cf containing the lines below
server_host = dc.test.vn
search_base = dc=test,dc=vn
version = 3
query_filter = (&(objectclass=person)(mail=%s))
result_attribute = samaccountname #Account from DC
result_format = %s/Maildir/
If you are connecting to an Active Directory server and would like to have email alias capability, change the query filter to (&(objectclass=person)(|(mail=%s)(othermailbox=%s))) to include the othermailbox field in the search.
Change samaccountname to uid if you will be connecting to an Active Directory server. If your server requires authentication, add the lines below
bind = yes2. Test your postfix configuration file by typing in the command
bind_dn = cn=mailuser,dc=test,dc=vn
bind_dn = mailuser@test.vn
postmap -q cuibap@test.vn ldap:/etc/postfix/ldap-users.cf3. Edit the postfix configuration file /etc/postfix/main.cf and edit the line below
If you are querying a Windows 2003 Server and postmap does
not seem to work,try
enabling the Windows 2003 Active Directory.
mydestination = $myhostname, localhost.$mydomain, localhost
and add the lines below
virtual_mailbox_domains = $mydomainvirtual_mailbox_base, virtual_uid_maps and virtual_gid_maps should contain the home directory, user id and group id of vmail respectively.
virtual_mailbox_base = /home/vmail/
virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf
virtual_uid_maps = static:502
virtual_gid_maps = static:502
Make sure $mydomain in mydestination has been removed, otherwise the lookup will not work and you will get a “User unknown in local recipient table” error.
4. Restart the Postfix
5. You should now be able to send email to addresses found in your LDAP server. sing LDAP email addresses instead of the system user names.
Dovecot Active Directory/LDAP Integration
1. Create the file /etc/dovecot-ldap.conf containing the lines belowserver_host = dc.test.vn
search_base = dc=test,dc=vn
ldap_version = 3
auth_bind_userdn = test\%u
2. Edit the file /etc/dovecot.conf and change the value of the following keys below
auth_username_format = %Lu
passdb ldap {
args = /etc/dovecot-ldap.conf
}
userdb static {
args = uid=502 gid=502 home=/home/vmail/%u
}
uid, gid and home should contain the user id, group id and home directory respectively of the vmail user account.
3. Restart the dovecot service
No comments:
Post a Comment