Hi, I want to use my samba ad dc as the source for several? postfix maps (virtual mailboxes, aliases and so on) but have trouble to authenticate against the ldap server. My config for ldap-aliases.cf: server_host = ldap://pi4.fritz.box search_base = OU=FritzUser,DC=fritz,DC=box start_tls = yes version = 3 bind = yes bind_dn = "CN=postfix,OU=FritzUser,DC=fritz,DC=box" bind_pw = postfixpw timeout=60 tls_require_cert = yes tls_ca_cert_dir = /etc/ssl/certs tls_cert = /etc/samba/tls/pi4cert.pem tls_key = /etc/samba/tls/pi4key.pem But postmap fails with: # postmap -q thorsten at fritz.box ldap:/etc/postfix/ldap-aliases.cf postmap: warning: dict_ldap_connect: Unable to bind to server ldap://pi4.fritz.box with dn "CN=postfix,OU=FritzUser,DC=fritz,DC=box": 49 (Invalid credentials) postmap: fatal: table ldap:/etc/postfix/ldap-aliases.cf: query error: Application error Whereas ldapsearch performs: ldapsearch -D "CN=postfix,OU=FritzUser,DC=fritz,DC=box" -w postfixpw -ZZZ # extended LDIF # # LDAPv3 # base <DC=fritz,DC=box> (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # NTDS Quotas, fritz.box dn: CN=NTDS Quotas,DC=fritz,DC=box ... result: 0 Success # numResponses: 309 # numEntries: 305 # numReferences: 3 What am I doing wrong? Thanks in advance Thorsten
On Thu, 18 Jan 2024 10:32:19 +0100 Thorsten Marquardt via samba <samba at lists.samba.org> wrote:> Hi, > > I want to use my samba ad dc as the source for several? postfix maps > (virtual mailboxes, aliases and so on) but have trouble to > authenticate against the ldap server. > > My config for ldap-aliases.cf: > > server_host = ldap://pi4.fritz.box > search_base = OU=FritzUser,DC=fritz,DC=box > start_tls = yes > version = 3 > bind = yes > bind_dn = "CN=postfix,OU=FritzUser,DC=fritz,DC=box" > bind_pw = postfixpw > timeout=60 > tls_require_cert = yes > tls_ca_cert_dir = /etc/ssl/certs > tls_cert = /etc/samba/tls/pi4cert.pem > tls_key = /etc/samba/tls/pi4key.pem > > But postmap fails with: > > # postmap -q thorsten at fritz.box ldap:/etc/postfix/ldap-aliases.cf > postmap: warning: dict_ldap_connect: Unable to bind to server > ldap://pi4.fritz.box with dn > "CN=postfix,OU=FritzUser,DC=fritz,DC=box": 49 (Invalid credentials) > postmap: fatal: table ldap:/etc/postfix/ldap-aliases.cf: query error: > Application error > > Whereas ldapsearch performs: > > ldapsearch -D "CN=postfix,OU=FritzUser,DC=fritz,DC=box" -w postfixpw > -ZZZ > > # extended LDIF > # > # LDAPv3 > # base <DC=fritz,DC=box> (default) with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # NTDS Quotas, fritz.box > dn: CN=NTDS Quotas,DC=fritz,DC=box > ... > > result: 0 Success > > # numResponses: 309 > # numEntries: 305 > # numReferences: 3 > > What am I doing wrong? >It has been a long time since I used postfix, but I think your server_host is wrong, I do not think you need the 'ldap://' part, just the FQDN Rowland
On 18-01-2024 10:32, Thorsten Marquardt via samba wrote:> Hi, > > I want to use my samba ad dc as the source for several? postfix maps > (virtual mailboxes, aliases and so on) but have trouble to > authenticate against the ldap server. > > My config for ldap-aliases.cf: > > server_host = ldap://pi4.fritz.box > search_base = OU=FritzUser,DC=fritz,DC=box > start_tls = yes > version = 3 > bind = yes > bind_dn = "CN=postfix,OU=FritzUser,DC=fritz,DC=box" > bind_pw = postfixpw > timeout=60 > tls_require_cert = yes > tls_ca_cert_dir = /etc/ssl/certs > tls_cert = /etc/samba/tls/pi4cert.pem > tls_key = /etc/samba/tls/pi4key.pem > > But postmap fails with: > > # postmap -q thorsten at fritz.box ldap:/etc/postfix/ldap-aliases.cf > postmap: warning: dict_ldap_connect: Unable to bind to server > ldap://pi4.fritz.box with dn > "CN=postfix,OU=FritzUser,DC=fritz,DC=box": 49 (Invalid credentials) > postmap: fatal: table ldap:/etc/postfix/ldap-aliases.cf: query error: > Application error >Try with -v for verbose: postmap -vq <key> ldap:/etc/postfix/ldap/ldap-aliases.cf An example from my working configuration: version = 3 server_host = ldap://dc1.example.com/ ldap://dc2.example.com/ start_tls = yes bind = yes bind_dn = CN=svc_mailserver_postfix,OU=Service Accounts,DC=example,DC=com bind_pw = very_secret debuglevel = 0 # Map an alias back to a mailbox (virtual_alias_maps) #?? Key: Address in form name at hosted-domain.com (alias) #?? Result: Addresses in form user at mail.example.com (users) -> returns the user mailbox # Only search when in the list of domains: domain = example.com example.org search_base = OU=Interactive Users,DC=example,DC=com scope = sub # Aliases are in url query_filter = (&(objectCategory=person)(url=%s)) result_attribute = mail # %s %u %d take value from result attribute, %S %U %D take value from input (see: http://www.postfix.org/ldap_table.5.html) result_format = %u+INBOX/%D@%d Do note that I am abusing the attribute url to store all mail-aliases of a user. - Kees.> Whereas ldapsearch performs: > > ldapsearch -D "CN=postfix,OU=FritzUser,DC=fritz,DC=box" -w postfixpw -ZZZ > > # extended LDIF > # > # LDAPv3 > # base <DC=fritz,DC=box> (default) with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # NTDS Quotas, fritz.box > dn: CN=NTDS Quotas,DC=fritz,DC=box > ... > > result: 0 Success > > # numResponses: 309 > # numEntries: 305 > # numReferences: 3 > > What am I doing wrong? > > > Thanks in advance > > Thorsten > > >