[Samba] samba dc as source for postfix ldap maps
Thorsten Marquardt
Marquardt at koehler-bracht.de
Thu Jan 18 11:04:39 UTC 2024
Am 18.01.24 um 11:21 schrieb Kees van Vloten via samba:
> On 18-01-2024 10:32, Thorsten Marquardt via samba wrote:
>> Hi,
>>
>> I want to use my samba ad dc as the source for several postfix maps
>> (virtual mailboxes, aliases and so on) but have trouble to
>> authenticate against the ldap server.
>>
>> My config for ldap-aliases.cf:
>>
>> server_host = ldap://pi4.fritz.box
>> search_base = OU=FritzUser,DC=fritz,DC=box
>> start_tls = yes
>> version = 3
>> bind = yes
>> bind_dn = "CN=postfix,OU=FritzUser,DC=fritz,DC=box"
>> bind_pw = postfixpw
>> timeout=60
>> tls_require_cert = yes
>> tls_ca_cert_dir = /etc/ssl/certs
>> tls_cert = /etc/samba/tls/pi4cert.pem
>> tls_key = /etc/samba/tls/pi4key.pem
>>
>> But postmap fails with:
>>
>> # postmap -q thorsten at fritz.box ldap:/etc/postfix/ldap-aliases.cf
>> postmap: warning: dict_ldap_connect: Unable to bind to server
>> ldap://pi4.fritz.box with dn
>> "CN=postfix,OU=FritzUser,DC=fritz,DC=box": 49 (Invalid credentials)
>> postmap: fatal: table ldap:/etc/postfix/ldap-aliases.cf: query error:
>> Application error
>>
> Try with -v for verbose:
>
> postmap -vq <key> ldap:/etc/postfix/ldap/ldap-aliases.cf
>
>
> An example from my working configuration:
>
> version = 3
> server_host = ldap://dc1.example.com/ ldap://dc2.example.com/
> start_tls = yes
> bind = yes
> bind_dn = CN=svc_mailserver_postfix,OU=Service Accounts,DC=example,DC=com
> bind_pw = very_secret
> debuglevel = 0
>
> # Map an alias back to a mailbox (virtual_alias_maps)
> # Key: Address in form name at hosted-domain.com (alias)
> # Result: Addresses in form user at mail.example.com (users) -> returns
> the user mailbox
>
> # Only search when in the list of domains:
> domain = example.com example.org
> search_base = OU=Interactive Users,DC=example,DC=com
> scope = sub
> # Aliases are in url
> query_filter = (&(objectCategory=person)(url=%s))
> result_attribute = mail
> # %s %u %d take value from result attribute, %S %U %D take value from
> input (see: http://www.postfix.org/ldap_table.5.html)
> result_format = %u+INBOX/%D@%d
>
>
> Do note that I am abusing the attribute url to store all mail-aliases of
> a user.
>
> - Kees.
>
>
>> Whereas ldapsearch performs:
>>
>> ldapsearch -D "CN=postfix,OU=FritzUser,DC=fritz,DC=box" -w postfixpw -ZZZ
>>
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <DC=fritz,DC=box> (default) with scope subtree
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>>
>> # NTDS Quotas, fritz.box
>> dn: CN=NTDS Quotas,DC=fritz,DC=box
>> ...
>>
>> result: 0 Success
>>
>> # numResponses: 309
>> # numEntries: 305
>> # numReferences: 3
>>
>> What am I doing wrong?
>>
>>
>> Thanks in advance
>>
>> Thorsten
>>
Thank you Kees and Rowland for the hints. Finally it came out, that
the quotes around the bind_dn where causing the trouble.
More information about the samba
mailing list