[Samba] Integration with AD and mail service
L.P.H. van Belle
belle at bazuin.nl
Thu Oct 22 09:13:36 UTC 2015
In addition to marc's commment.
As Marc already told, you do this very easy. ( see the link of wiki )
Here are also few examples.
I set a filters like :
A simple user email adres : ( real user)
scope = sub
query_filter = (&(objectClass=person)(|(mail=%s)(otherMailbox=%s)))
result_attribute = mail
For a group adres : ( real group )
query_filter = (&(objectclass=group)(|(mail=%s)(otherMailbox=%s)))
leaf_result_attribute = mail
special_result_attribute = member
What i do also for example, im "abuseing" contacts in a separated OU.
Example of a contact abuse:
query_filter = (&(objectClass=contact)(displayName=%s))
result_attribute = displayName
And in the display name you put the email adres.
( i use this for the servers email adresses ) like root abuse etc.
and a redirect (contact abused)
scope = sub
query_filter = (&(objectClass=contact)(displayName=%s))
result_attribute = description
Here i use displayName and description.
This is used for forward adresses/redirects
And you can use any "object" you create and abuse fieds for postfix.
In addition to above, here i set root redirect other email adres also.
If i install postfix, i dont have to adjust the aliasses file.
All default there are redirect but the ldap aliasses.
Now the great thing.. install postfix and postfix ldap, copy the ldap config file to it and make postfix use it.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Marc Muehlfeld
> Verzonden: woensdag 21 oktober 2015 18:23
> Aan: Guilherme Boing; samba
> Onderwerp: Re: [Samba] Integration with AD and mail service
>
> Hello,
>
> Am 21.10.2015 um 13:21 schrieb Guilherme Boing:
> > As of now my mail server is basically postfix.
> >
> > Did anyone succeed integrating the Samba4 AD DC users with any mail
> daemon ?
>
> Yes.
>
> At work I have an LDAP proxy to AD
> (https://wiki.samba.org/index.php/OpenLDAP_as_proxy_to_AD) in my DMZ,
> because I don't have to have an DC out there.
>
> The authentication for postfix and cyrus is done via pam ldap against AD
> via that proxy.
>
> In AD we use the proxyAddresses attribute on user objects to store all
> addresses the user is allowed to send with. The mail attribute is single
> value, so you can't use that for this case (we use that one only for the
> primary mail address, to view in addressbooks, etc.). Via
> smtpd_sender_login_maps you can let postfix get that information to
> validate if the user owns the address and is allowed to send with it.
>
>
>
>
> > 1) I have several mail domains to host. Can I use all of them with my
> > single DC/DOMAIN ?
>
> Postfix can be configured to use LDAP for several things. Im sure, if
> you find places in AD where to store everything, Postfix is able to get
> that information from there.
>
>
>
> > 2) The usernames are not the same as the email (e.g.: AD user is
> > guilherme.walter but my email is somethingelse at my.domain). Would it work
> ?
>
> That's fine.
>
> I don't suggest usernames containing an @. I'm sure, it will cause
> problems one some day (didn't we had that a while ago on the list?).
>
>
> Regards,
> Marc
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list