Comments on: Postfix Active Directory Mailing List http://www.linuxmail.info/postfix-active-directory-ldap-lookup-howto/ Rapidly deploy Linux based mail solutions today Sat, 12 Sep 2009 22:40:43 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: David Wooldridge http://www.linuxmail.info/postfix-active-directory-ldap-lookup-howto/#comment-3488 David Wooldridge Mon, 02 Mar 2009 14:38:38 +0000 http://linux-mail.info/postfix-active-directory-ldap-lookup-howto/#comment-3488 yeah, that's good too. Cheers yeah, that’s good too. Cheers

]]> By: consultant http://www.linuxmail.info/postfix-active-directory-ldap-lookup-howto/#comment-3485 consultant Mon, 02 Mar 2009 14:25:04 +0000 http://linux-mail.info/postfix-active-directory-ldap-lookup-howto/#comment-3485 Hi David Wooldridge, Yeah, that bothered me too. Anyway, try my new solution above. Hi David Wooldridge,

Yeah, that bothered me too. Anyway, try my new solution above.

]]> By: David Wooldridge http://www.linuxmail.info/postfix-active-directory-ldap-lookup-howto/#comment-3484 David Wooldridge Mon, 02 Mar 2009 13:51:32 +0000 http://linux-mail.info/postfix-active-directory-ldap-lookup-howto/#comment-3484 Hi, I did think about doing the above but wanted to have friendly names in the directory, but this works fine. Thanks alot. David Hi, I did think about doing the above but wanted to have friendly names in the directory, but this works fine. Thanks alot.

David

]]> By: consultant http://www.linuxmail.info/postfix-active-directory-ldap-lookup-howto/#comment-3480 consultant Sat, 28 Feb 2009 22:30:04 +0000 http://linux-mail.info/postfix-active-directory-ldap-lookup-howto/#comment-3480 Hi David Wooldridge, You are right, the above instruction do not work for Winbind. Please read the article again, I've updated its content. Thanks. Hi David Wooldridge,

You are right, the above instruction do not work for Winbind. Please read the article again, I’ve updated its content. Thanks.

]]> By: David Wooldridge http://www.linuxmail.info/postfix-active-directory-ldap-lookup-howto/#comment-3474 David Wooldridge Tue, 24 Feb 2009 10:04:29 +0000 http://linux-mail.info/postfix-active-directory-ldap-lookup-howto/#comment-3474 Hi, many thanks for all the great howtos. I have a postfix (2.5.6) and dovecot server setup authenticating via AD using winbind with one local domain (example.com) so no virtual accounts/domains. I have everything working apart from getting the mailing lists from AD as described above. I have the following in my main.cf: alias_maps = hash:/etc/postfix/aliases, ldap:/etc/postfix/ldap-groups.cf My ldap-groups.cf is: # cat ldap-groups.cf server_host = dc1.corp.example.com search_base = dc=corp,dc=example,dc=com version = 3 query_filter = (&(objectclass=group)(mail=%s)) leaf_result_attribute = mail special_result_attribute = member bind = yes bind_dn = mailserver@corp.example.com bind_pw = password One of my mailing lists is this: # postmap -q ukbackups@example.com ldap:/etc/postfix/ldap-groups.cf user1@example.com,user2@example.com when i send mail to this, I get this in the log file: Feb 24 09:29:23 flanders postfix/local[3895]: 196DA1CEA7E: to=, relay=local, delay=0.13, delays=0.07/0.01/0/0.06, dsn=5.1.1, status=bounced (unknown user: "ukbackups") How can I tell postfix that this isn't a local user? I thought putting this in alias_maps would be enough. If I change the mailing list "mail" attribute to just "ukbackups" without the domain, it works ok, but then this breaks the lookup in the directory/address book etc. Cheers David Hi, many thanks for all the great howtos. I have a postfix (2.5.6) and dovecot server setup authenticating via AD using winbind with one local domain (example.com) so no virtual accounts/domains. I have everything working apart from getting the mailing lists from AD as described above. I have the following in my main.cf:

alias_maps = hash:/etc/postfix/aliases, ldap:/etc/postfix/ldap-groups.cf

My ldap-groups.cf is:

# cat ldap-groups.cf
server_host = dc1.corp.example.com
search_base = dc=corp,dc=example,dc=com
version = 3
query_filter = (&(objectclass=group)(mail=%s))
leaf_result_attribute = mail
special_result_attribute = member
bind = yes
bind_dn = mailserver@corp.example.com
bind_pw = password

One of my mailing lists is this:

# postmap -q ukbackups@example.com ldap:/etc/postfix/ldap-groups.cf
user1@example.com,user2@example.com

when i send mail to this, I get this in the log file:

Feb 24 09:29:23 flanders postfix/local[3895]: 196DA1CEA7E: to=, relay=local, delay=0.13, delays=0.07/0.01/0/0.06, dsn=5.1.1, status=bounced (unknown user: “ukbackups”)

How can I tell postfix that this isn’t a local user? I thought putting this in alias_maps would be enough.

If I change the mailing list “mail” attribute to just “ukbackups” without the domain, it works ok, but then this breaks the lookup in the directory/address book etc.

Cheers David

]]> By: consultant http://www.linuxmail.info/postfix-active-directory-ldap-lookup-howto/#comment-3378 consultant Wed, 14 Jan 2009 23:25:42 +0000 http://linux-mail.info/postfix-active-directory-ldap-lookup-howto/#comment-3378 Hi cach0rr0, This article handles the two items below -distribution list addresses -distribution group addresses For the items -user primary addresses -user proxy addresses See the related page <a href="/postfix-dovecot-ldap-centos-5/">How to integrate Active Directory into Postfix and Dovecot</a> I used the <em>othermailbox</em> attribute for the proxy address because <em>proxyAddresses</em> is available only if you have Microsoft Exchange. Hi cach0rr0,

This article handles the two items below
-distribution list addresses
-distribution group addresses

For the items
-user primary addresses
-user proxy addresses

See the related page How to integrate Active Directory into Postfix and Dovecot

I used the othermailbox attribute for the proxy address because proxyAddresses is available only if you have Microsoft Exchange.

]]> By: cach0rr0 http://www.linuxmail.info/postfix-active-directory-ldap-lookup-howto/#comment-3377 cach0rr0 Wed, 14 Jan 2009 13:25:25 +0000 http://linux-mail.info/postfix-active-directory-ldap-lookup-howto/#comment-3377 Cheers for that, nifty guide (and quite painless). The one minuscule flaw I can see, is it doesn't appear to handle addresses stored in the proxyAddresses attribute (?) Generally speaking, with an LDAP lookup, this should be possible - but I'm unclear exactly what's expected in this .cf The filter, I've worked out should be something like: (&(objectclass=*)(|(mail=%s)(proxyAddresses=smtp:%s))) The idea being, we don't simply want users' primary e-mail. We want: -distribution list addresses -distribution group addresses -public folder addresses -user primary addresses -user proxy addresses Can debate the sensibility of allowing external parties to e-mail an internal DL later - fact is some people need to do it, so it'd be nice if we had this same flexibility. Of course given the need described above, I'm not sure the relevance of the 'member' attribute, since we don't just want group members, we want *everything*, including the group's address itself (if available) I know I'm somewhat on the right track, but alas what I have this far is incomplete. Any ideas? Cheers for that, nifty guide (and quite painless).

The one minuscule flaw I can see, is it doesn’t appear to handle addresses stored in the proxyAddresses attribute (?)

Generally speaking, with an LDAP lookup, this should be possible – but I’m unclear exactly what’s expected in this .cf

The filter, I’ve worked out should be something like:

(&(objectclass=*)(|(mail=%s)(proxyAddresses=smtp:%s)))

The idea being, we don’t simply want users’ primary e-mail. We want:

-distribution list addresses
-distribution group addresses
-public folder addresses
-user primary addresses
-user proxy addresses

Can debate the sensibility of allowing external parties to e-mail an internal DL later – fact is some people need to do it, so it’d be nice if we had this same flexibility.

Of course given the need described above, I’m not sure the relevance of the ‘member’ attribute, since we don’t just want group members, we want *everything*, including the group’s address itself (if available)

I know I’m somewhat on the right track, but alas what I have this far is incomplete.

Any ideas?

]]> By: davtup http://www.linuxmail.info/postfix-active-directory-ldap-lookup-howto/#comment-2061 davtup Fri, 22 Aug 2008 16:03:31 +0000 http://linux-mail.info/postfix-active-directory-ldap-lookup-howto/#comment-2061 Thank you very much for your reply. your link is very helpful for me! Thank you very much for your reply.
your link is very helpful for me!

]]> By: consultant http://www.linuxmail.info/postfix-active-directory-ldap-lookup-howto/#comment-2060 consultant Fri, 22 Aug 2008 13:38:31 +0000 http://linux-mail.info/postfix-active-directory-ldap-lookup-howto/#comment-2060 See <a href="/postfix-dovecot-ldap-centos-5/">Postfix, Dovecot and Active Directory</a> Mailbox creation is automatic, all you have to do is assign a value in the Email field of Active Directory. See Postfix, Dovecot and Active Directory

Mailbox creation is automatic, all you have to do is assign a value in the Email field of Active Directory.

]]> By: davtup http://www.linuxmail.info/postfix-active-directory-ldap-lookup-howto/#comment-2055 davtup Fri, 22 Aug 2008 07:15:34 +0000 http://linux-mail.info/postfix-active-directory-ldap-lookup-howto/#comment-2055 sorry, after I follow these steps. I done with LDAP query. But now I don't know how to create mailbox on Postfix by using user on AD. Could please someones guide me, or do you have any document about that? Thanks a lot sorry,
after I follow these steps. I done with LDAP query. But now I don’t know how to create mailbox on Postfix by using user on AD.

Could please someones guide me, or do you have any document about that?

Thanks a lot

]]>