Mark Foley
2015-Sep-12 06:31 UTC
My dovecot works fine against Active Directory 2003, but not against AD2008
Fran - thanks for your reply. I'm cc'ing you directly on this as well as posting to the list as I'm not sure how often you check the list and I'm down to hanging by my last fingernail on this project. I have some preliminary questions interspersed below. Thanks, --Mark -----Original Message-----> Subject: Re: My dovecot works fine against Active Directory 2003, but not > against AD2008 > To: dovecot at dovecot.org > From: Fran <cumc-4361-2 at chguadalquivir.es> > Date: Thu, 10 Sep 2015 13:26:21 +0200 > > Hi Mark, > > when I say AD 2003/8 I mean Active Directory 2003/8.Hmmm, I've not heard of "Active Directory 2003" or 2008. The year numbers indicated to me you might be talking about Windows Small Business Server 2003 or 2008. Is your AD Server Windows? Linux? Something else? I'm using Samba4 AD/DC on Linux.> > My configuration is attached.Thank you very much for that. If I make some headway, I'll likely have more questions on specifics.> > I based my installation (dovecot+postfix) in the guides of this site: > http://www.linuxmail.info > > The LDAP part is this: > http://www.linuxmail.info/postfix-dovecot-ldap-centos-5/If you were able to make sense out of these sites' tiny screen-shots and one-line descriptions my hat's off to you. "Your a better man that I am Gunga-Din!" If there was more detailed narrative somewhere I couldn't find it. Also, I don't have jXplorer on my system, so probably I couldn't get too far anyway. BIG QUESTIONS: 1. Are you using MS Outlook IMAP clients in your environment? If so, how are you making them connect with LDAP? By checking the SPA checkbox? 2. The mail_gid/mail_uid as vmail confuses me. I see that setting a lot, including in your config. http://wiki2.dovecot.org/VirtualUsers says, "You can create, for example, one vmail user which owns all the mails, or you can assign a separate UID for each user." I have assigned a separte UID for each based on the UID returned by `wbinfo -u <username>`. Does assigning separate UIDs mess up my ability to adapt your configuration? little questions: 3. I'm not planning on using quotas. Can I safely omit your mail_plugins = " quota" setting and all your plugin { quota_...} settings? I want to be as simple as possible to start. 4. Likewise, dovecot seems to be able to find users' mailboxes just fine. Can I omit the namespace inbox {} setting? These may seem like amaturish questions, but little details have foiled me a lot on this Dovecot project. If I feel confident with the answers you provide here, I'll move on to trying some things. Thanks a lot for your help!!! --Mark> > You can also use PAM to connect to AD > (http://www.linuxmail.info/active-directory-dovecot-pam-authentication/) > but that way doesn't allow to retrieve custom fields from the AD (ex. a > field to set quota per user), so I'm using the standard LDAP method. > > Regards > > El 10/09/2015 a las 4:51, Mark Foley escribi?: > > Fran and/or Matthias, > > > > Could you publish your doveconf -n? I can't get dovecot to authenticate with my > > AD. Maybe you have a solution I could try. > > > > What mail client(s) are you using? I assume by "AD 2003/8" You mean SBS2003/8 > > and are therefore using Outlook? > > > > --Mark > > > > -----Original Message-----[deleted]
Shawn Heisey
2015-Sep-16 13:37 UTC
My dovecot works fine against Active Directory 2003, but not against AD2008
On 9/12/2015 12:31 AM, Mark Foley wrote:> Hmmm, I've not heard of "Active Directory 2003" or 2008. The year numbers > indicated to me you might be talking about Windows Small Business Server 2003 or > 2008. Is your AD Server Windows? Linux? Something else? I'm using Samba4 AD/DC > on Linux.The OP probably is referring to AD functional levels: https://technet.microsoft.com/en-us/library/cc787290%28v=ws.10%29.aspx Thanks, Shawn
Fran
2015-Oct-29 10:50 UTC
My dovecot works fine against Active Directory 2003, but not against AD2008
Exactly, that's what I meant. El 16/09/2015 a las 15:37, Shawn Heisey escribi?:> On 9/12/2015 12:31 AM, Mark Foley wrote: >> Hmmm, I've not heard of "Active Directory 2003" or 2008. The year numbers >> indicated to me you might be talking about Windows Small Business Server 2003 or >> 2008. Is your AD Server Windows? Linux? Something else? I'm using Samba4 AD/DC >> on Linux. > The OP probably is referring to AD functional levels: > > https://technet.microsoft.com/en-us/library/cc787290%28v=ws.10%29.aspx > > Thanks, > Shawn >
Fran
2015-Oct-29 11:16 UTC
My dovecot works fine against Active Directory 2003, but not against AD2008
I'm sorry for the late response, I missed this mail. I'll answer your questions below. I'm sending a BCC of this mail to your personal address, but it seems to have some problem because your server bounces it: El 12/09/2015 a las 8:31, Mark Foley escribi?:> Fran - thanks for your reply. I'm cc'ing you directly on this as well as posting > to the list as I'm not sure how often you check the list and I'm down to hanging > by my last fingernail on this project. > > I have some preliminary questions interspersed below. > > Thanks, --Mark > > -----Original Message----- >> Subject: Re: My dovecot works fine against Active Directory 2003, but not >> against AD2008 >> To: dovecot at dovecot.org >> From: Fran <cumc-4361-2 at chguadalquivir.es> >> Date: Thu, 10 Sep 2015 13:26:21 +0200 >> >> Hi Mark, >> >> when I say AD 2003/8 I mean Active Directory 2003/8. > Hmmm, I've not heard of "Active Directory 2003" or 2008. The year numbers > indicated to me you might be talking about Windows Small Business Server 2003 or > 2008. Is your AD Server Windows? Linux? Something else? I'm using Samba4 AD/DC > on Linux.https://technet.microsoft.com/en-us/library/cc787290%28v=ws.10%29.aspx>> My configuration is attached. > Thank you very much for that. If I make some headway, I'll likely have more > questions on specifics. > >> I based my installation (dovecot+postfix) in the guides of this site: >> http://www.linuxmail.info >> >> The LDAP part is this: >> http://www.linuxmail.info/postfix-dovecot-ldap-centos-5/ > If you were able to make sense out of these sites' tiny screen-shots and one-line > descriptions my hat's off to you. "Your a better man that I am Gunga-Din!" If > there was more detailed narrative somewhere I couldn't find it. Also, I don't > have jXplorer on my system, so probably I couldn't get too far anyway.You don't need jXplorer at all, in fact I didn't use it. If you need to browser throught your LDAP directory you can use any LDAP browser. The descriptions of that site are short, that's true, but it contains the essential info to adapt it to any similar environment. Don't take it like a step by step guide, unless you use exactly the same environment and versions, you won't find same files in same places. Try to understand how differents parts work and adapt it to your environment.> > BIG QUESTIONS: > > 1. Are you using MS Outlook IMAP clients in your environment? If so, how are you > making them connect with LDAP? By checking the SPA checkbox?There are Thunderbird, Roundcube, Outlook, IOS and Android clients on my environment. All of them use standard IMAP connections. I don't understand very well your question, the client doesn't need to connect with LDAP, it's dovecot itself who connect with AD to validate the IMAP user login.> > 2. The mail_gid/mail_uid as vmail confuses me. I see that setting a lot, > including in your config. http://wiki2.dovecot.org/VirtualUsers says, "You can > create, for example, one vmail user which owns all the mails, or you can assign > a separate UID for each user." I have assigned a separte UID for each based on > the UID returned by `wbinfo -u <username>`. Does assigning separate UIDs mess > up my ability to adapt your configuration?I assigned one vmail user which owns all the mails. You can still use my configuration for many other parts though.> > little questions: > > 3. I'm not planning on using quotas. Can I safely omit your mail_plugins = " quota" > setting and all your plugin { quota_...} settings? I want to be as simple as > possible to start.You don't need that plugin if you don't plan to use it.> > 4. Likewise, dovecot seems to be able to find users' mailboxes just fine. Can I > omit the namespace inbox {} setting?I don't think so. This is my in /etc/dovecot/conf.d/10-mail.conf mail_home = /home/vmail/<domain>/%Lu mail_location = maildir:~/Maildir mail_uid = 1000 mail_gid = 1000 namespace inbox { # Namespace type: private, shared or public type = private inbox = yes mailbox Trash { auto = subscribe special_use = \Trash } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Junk { auto = subscribe special_use = \Junk } } I think this is essential to have a minimal directory structure in any new mail account> > These may seem like amaturish questions, but little details have foiled me a lot > on this Dovecot project. > > If I feel confident with the answers you provide here, I'll move on to trying > some things. > > Thanks a lot for your help!!! > > --Mark > >> You can also use PAM to connect to AD >> (http://www.linuxmail.info/active-directory-dovecot-pam-authentication/) >> but that way doesn't allow to retrieve custom fields from the AD (ex. a >> field to set quota per user), so I'm using the standard LDAP method. >> >> Regards >> >> El 10/09/2015 a las 4:51, Mark Foley escribi?: >>> Fran and/or Matthias, >>> >>> Could you publish your doveconf -n? I can't get dovecot to authenticate with my >>> AD. Maybe you have a solution I could try. >>> >>> What mail client(s) are you using? I assume by "AD 2003/8" You mean SBS2003/8 >>> and are therefore using Outlook? >>> >>> --Mark >>> >>> -----Original Message----- > [deleted] > ?Regards
Reasonably Related Threads
- My dovecot works fine against Active Directory 2003, but not against AD2008
- My dovecot works fine against Active Directory 2003, but not against AD2008
- My dovecot works fine against Active Directory 2003, but not against AD2008
- My dovecot works fine against Active Directory 2003, but not against AD2008
- My dovecot works fine against Active Directory 2003, but not against AD2008