[Samba] ADFS support?

[Andrew Morgan]

On Tue, 31 May 2016, Alex wrote:

> Hi,
>
> Is it possible to query an Exchange server for its user list via ADFS
> using samba?
>
> I'm interested in integrating this support with postfix on my fedora
> system instead of having to maintain the list in Exchange and the list
> as a map in postfix.
>
> I really don't know much about Exchange and whether/how this would
> work. Is it secure?
>
> Is LDAPS an alternative? Is it secure?
>
> Thanks,
> Alex

Alex,

ADFS (Active Directory Federation Services) is an SSO (Single Sign On) 
solution from Microsoft.  It speaks several federated authentication 
protocols, such as WS-Federation and SAML.

Perhaps you're thinking of querying AD (Active Directory).  AD is a 
Microsoft directory service used by many Microsoft products, such as 
Exchange, to store user, group, and computer objects.  All of your users 
with Exchange mailboxes will have user objects in AD, so you really want 
to query AD from Postfix (or some intermediate script).  Fortunately, AD 
speaks LDAP too, which is an IETF standard.

I don't know a lot about Postfix, but LDAP is a very common place to store 
users, so I expect that Postfix can talk to pretty much any LDAP server, 
including AD.

LDAPS is LDAP-over-SSL.  If you're using LDAP to authenticate users, then 
you should be using LDAPS.  If you are querying simple user information on 
an internal network, then plain LDAP is probably okay.  However, LDAPS is 
very easy to use, so I'd recommend it.  Why not use encryption if it's 
easy?

The LDAP (AD) attributes that contain email addresses are "mail" (the 
user's primary email address) and "proxyAddresses" (a list of all the 
user's email addresses).

I hope this helps!

 	Andy