Hi, Is it possible to query an Exchange server for its user list via ADFS using samba? I'm interested in integrating this support with postfix on my fedora system instead of having to maintain the list in Exchange and the list as a map in postfix. I really don't know much about Exchange and whether/how this would work. Is it secure? Is LDAPS an alternative? Is it secure? Thanks, Alex
On Tue, 31 May 2016, Alex wrote:> Hi, > > Is it possible to query an Exchange server for its user list via ADFS > using samba? > > I'm interested in integrating this support with postfix on my fedora > system instead of having to maintain the list in Exchange and the list > as a map in postfix. > > I really don't know much about Exchange and whether/how this would > work. Is it secure? > > Is LDAPS an alternative? Is it secure? > > Thanks, > AlexAlex, ADFS (Active Directory Federation Services) is an SSO (Single Sign On) solution from Microsoft. It speaks several federated authentication protocols, such as WS-Federation and SAML. Perhaps you're thinking of querying AD (Active Directory). AD is a Microsoft directory service used by many Microsoft products, such as Exchange, to store user, group, and computer objects. All of your users with Exchange mailboxes will have user objects in AD, so you really want to query AD from Postfix (or some intermediate script). Fortunately, AD speaks LDAP too, which is an IETF standard. I don't know a lot about Postfix, but LDAP is a very common place to store users, so I expect that Postfix can talk to pretty much any LDAP server, including AD. LDAPS is LDAP-over-SSL. If you're using LDAP to authenticate users, then you should be using LDAPS. If you are querying simple user information on an internal network, then plain LDAP is probably okay. However, LDAPS is very easy to use, so I'd recommend it. Why not use encryption if it's easy? The LDAP (AD) attributes that contain email addresses are "mail" (the user's primary email address) and "proxyAddresses" (a list of all the user's email addresses). I hope this helps! Andy
Postfix can query Samba4/ADS/Exchange for users and password without any problems. EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: tropenklinik.de -----Ursprüngliche Nachricht----- Von: Andrew Morgan [mailto:morgan at orst.edu] Gesendet: Mittwoch, 1. Juni 2016 08:13 An: Alex <mysqlstudent at gmail.com> Cc: samba at lists.samba.org Betreff: Re: [Samba] ADFS support? On Tue, 31 May 2016, Alex wrote:> Hi, > > Is it possible to query an Exchange server for its user list via ADFS > using samba? > > I'm interested in integrating this support with postfix on my fedora > system instead of having to maintain the list in Exchange and the list > as a map in postfix. > > I really don't know much about Exchange and whether/how this would > work. Is it secure? > > Is LDAPS an alternative? Is it secure? > > Thanks, > AlexAlex, ADFS (Active Directory Federation Services) is an SSO (Single Sign On) solution from Microsoft. It speaks several federated authentication protocols, such as WS-Federation and SAML. Perhaps you're thinking of querying AD (Active Directory). AD is a Microsoft directory service used by many Microsoft products, such as Exchange, to store user, group, and computer objects. All of your users with Exchange mailboxes will have user objects in AD, so you really want to query AD from Postfix (or some intermediate script). Fortunately, AD speaks LDAP too, which is an IETF standard. I don't know a lot about Postfix, but LDAP is a very common place to store users, so I expect that Postfix can talk to pretty much any LDAP server, including AD. LDAPS is LDAP-over-SSL. If you're using LDAP to authenticate users, then you should be using LDAPS. If you are querying simple user information on an internal network, then plain LDAP is probably okay. However, LDAPS is very easy to use, so I'd recommend it. Why not use encryption if it's easy? The LDAP (AD) attributes that contain email addresses are "mail" (the user's primary email address) and "proxyAddresses" (a list of all the user's email addresses). I hope this helps! Andy -- To unsubscribe from this list go to the following URL and read the instructions: lists.samba.org/mailman/options/samba