Loading ...
Sorry, an error occurred while loading the content.

Re: Dovecot LDA - Active Directory userbase

Expand Messages
  • Peter von Nostrand
    On Wed, Jan 30, 2013 at 1:29 PM, Viktor Dukhovni
    Message 1 of 5 , Jan 30, 2013
    • 0 Attachment
      On Wed, Jan 30, 2013 at 1:29 PM, Viktor Dukhovni <postfix-users@...> wrote:
      On Wed, Jan 30, 2013 at 11:34:13AM -0300, Peter von Nostrand wrote:

      > query_filter = (&(objectclass=Person)(|(mail=%s)(proxyAddresses=%s)))

      This query is perhaps wrong, the "proxyAddresses" field in AD usually
      contains address forms with <protocol>: prefixes, thus for SMTP addresses
      the content is usually "smtp:localpart@domain" not "localpart@domain".

      I don't have AD integrated with an Exchange so there is a field for proxyaddress without the use of the prefixes SMTP and smtp.
      You should also set the "domain = " attribute in the map definition so
      that lookups are always for full addresses and don't waste cycles with
      addresses in domains that never have entries in AD.

      > result_attribute = sAMAccountName
      > result_format = %u/Maildir/

      The sAMAccountName attribut is username not email address valued, so
      there is no need to use %u here, use "%s".

      > scope= sub
      > bind = yes
      > bind_dn = intranet\ldap
      > bind_pw = somepassword
      > And the result:
      > #postmap -q diego@... ldap:/etc/postfix/ldap-users.cf
      > diego.maradona/Maildir/
      > But when I try to deliver a mail to diego@..., Dovecot tries to
      > deliver it to the mail address and not the username. Returning with a "user
      > unknown" message. It works OK if I edit a file with virtual aliases,
      > mapping addresses to usernames, but I need to have all integrated on the AD.

      Since you're using Dovecot, the virtual_mailbox_maps table is only
      used for recipient validation, not for delivery, since that's done
      by Dovecot. Since you want to rewrite the envelope (Dovecot user
      address), you should use virtual_alias_maps instead, just change the
      result to:

              result_attribute = sAMAccountName
              result_format = %s@...

      with this the virtual_mailbox_domain is now a virtual_alias_domain,
      since all valid addresses are rewritten to <samaccountname>@....
      Use the resulting table in virtual_alias_maps, leaving virtual_mailbox_maps
      empty, since you're not using virtual(8) to do the deliveries and no longer
      using virtual_mailbox_domains.

      Then map the "dovecot.invalid" domain to the dovecot transport in

              dovecot.invalid         dovecot

      > master relevant line:
      > dovecot unix - n n - - pipe
      >   flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f
      > ${sender} -d ${recipient}

      This will pass the user's rewritten email address to dovecot with
      an @... suffix. See pipe(8) for instructions on passing
      just the localpart.


      OK, it worked. Changed {recipient} for {user}. And thx Wietse for his sarcasm.
      I've tried that change before but using virtual_mailbox_maps instead of virtual_alias_maps.

      Thank you very much, Viktor.
    Your message has been successfully submitted and would be delivered to recipients shortly.