[Samba] samba dc as source for postfix ldap maps
Kees van Vloten
keesvanvloten at gmail.com
Thu Jan 18 10:21:34 UTC 2024
On 18-01-2024 10:32, Thorsten Marquardt via samba wrote:
> Hi,
>
> I want to use my samba ad dc as the source for several postfix maps
> (virtual mailboxes, aliases and so on) but have trouble to
> authenticate against the ldap server.
>
> My config for ldap-aliases.cf:
>
> server_host = ldap://pi4.fritz.box
> search_base = OU=FritzUser,DC=fritz,DC=box
> start_tls = yes
> version = 3
> bind = yes
> bind_dn = "CN=postfix,OU=FritzUser,DC=fritz,DC=box"
> bind_pw = postfixpw
> timeout=60
> tls_require_cert = yes
> tls_ca_cert_dir = /etc/ssl/certs
> tls_cert = /etc/samba/tls/pi4cert.pem
> tls_key = /etc/samba/tls/pi4key.pem
>
> But postmap fails with:
>
> # postmap -q thorsten at fritz.box ldap:/etc/postfix/ldap-aliases.cf
> postmap: warning: dict_ldap_connect: Unable to bind to server
> ldap://pi4.fritz.box with dn
> "CN=postfix,OU=FritzUser,DC=fritz,DC=box": 49 (Invalid credentials)
> postmap: fatal: table ldap:/etc/postfix/ldap-aliases.cf: query error:
> Application error
>
Try with -v for verbose:
postmap -vq <key> ldap:/etc/postfix/ldap/ldap-aliases.cf
An example from my working configuration:
version = 3
server_host = ldap://dc1.example.com/ ldap://dc2.example.com/
start_tls = yes
bind = yes
bind_dn = CN=svc_mailserver_postfix,OU=Service Accounts,DC=example,DC=com
bind_pw = very_secret
debuglevel = 0
# Map an alias back to a mailbox (virtual_alias_maps)
# Key: Address in form name at hosted-domain.com (alias)
# Result: Addresses in form user at mail.example.com (users) -> returns
the user mailbox
# Only search when in the list of domains:
domain = example.com example.org
search_base = OU=Interactive Users,DC=example,DC=com
scope = sub
# Aliases are in url
query_filter = (&(objectCategory=person)(url=%s))
result_attribute = mail
# %s %u %d take value from result attribute, %S %U %D take value from
input (see: http://www.postfix.org/ldap_table.5.html)
result_format = %u+INBOX/%D@%d
Do note that I am abusing the attribute url to store all mail-aliases of
a user.
- Kees.
> Whereas ldapsearch performs:
>
> ldapsearch -D "CN=postfix,OU=FritzUser,DC=fritz,DC=box" -w postfixpw -ZZZ
>
> # extended LDIF
> #
> # LDAPv3
> # base <DC=fritz,DC=box> (default) with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # NTDS Quotas, fritz.box
> dn: CN=NTDS Quotas,DC=fritz,DC=box
> ...
>
> result: 0 Success
>
> # numResponses: 309
> # numEntries: 305
> # numReferences: 3
>
> What am I doing wrong?
>
>
> Thanks in advance
>
> Thorsten
>
>
>
More information about the samba
mailing list