[Samba] Samba4 AD delegation to read userPassword attribute

Christian Hailer Chrissi at amusing.de
Tue Jan 15 15:38:11 MST 2013 

PERFECT! It works!!! Thank you very much!!!

Best regards, Christian

-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Achim Gottinger
Gesendet: Dienstag, 15. Januar 2013 21:42
An: samba at lists.samba.org
Betreff: Re: [Samba] Samba4 AD delegation to read userPassword attribute

Am 15.01.2013 20:02, schrieb Christian Hailer:
> Hi Achim,
>
> thank you for this information! Unfortunately it doesn't work in my environment, the userPassword attribute still can't be read by the "ldap" user...
> I tried to bind with the domain administrator account, there it doesn't work too.
>
> Would it be possible for you to post your dovecot.conf, dovecot-ldap.conf and smb.conf files? Maybe I made a  mistake somewhere...
I use different configs for passdb and userdb for Dovecot. Dovecot stores all mail's as user vmail.vmail(999:999) in /var/lib/vmail/[username]/mail here so you might have to modify the user_attrs mappings.
With these separate config for userdb and passdb, auth_bind works for passdb and pass_attrs are not necessary.

dovecot-ldap.conf

passdb {

   driver = ldap

   args = /etc/dovecot/dovecot-ldap-passdb.conf.ext

}

userdb {

   driver = ldap

   args = /etc/dovecot/dovecot-ldap-userdb.conf.ext

}

dovecot-ldap-passdb.conf.ext
-----------------------------------

hosts = localhost

auth_bind = yes

auth_bind_userdn = cn=%u,cn=Users,dc=example,dc=de

ldap_version = 3

base = cn=Users,dc=example,dc=de

pass_filter = (&(objectClass=person)(cn=%u)(mail=*))

-----------------------------------

dovecot-ldap-userdb.conf.ext

-----------------------------------
hosts = localhost

dn = cn=ldap,cn=Users,dc=example,dc=de

dnpass = password

ldap_version = 3

base = cn=Users,dc=example,dc=de

user_attrs = =uid=999,=gid=999,=home=/var/lib/vmail/%u,=mail=/var/lib/vmail/%u/mail

user_filter = (&(objectClass=person)(cn=%u)(mail=*))

# Attributes and filter to get a list of all users

iterate_attrs = cn=user

iterate_filter = (objectClass=person)

-----------------------------------

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list