loading...

CentOS 7 – Configuring the OpenLDAP Active Directory with Postfix

Initial Configurations of Windows server 2019

For this section, we are going to use OpenLDAP as a backend to both our Postfix (as an MTA) and Dovecot (as an POP3/IMAP server) users, in order for them to be connected to each other, and help with address lookup and aliases.

Note

OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol ( LDAP). This section doesn’t cover how to install an OpenLDAP server. We will assume that we have one already configured inside our network.

Our OpenLDAP server has the following information as follows:

dn: uid=user,ou=people,dc=packtldap,dc=co,dc=uk
objectClass: posixAccount
objectClass: inetOrgPerson
uid: user1
homeDirectory: /home/user1
userPassword: <passwordhash>

For the configuration of the LDAP settings for both of our services, we need to edit and add some options to their configuration files. We will start with Dovecot. We will first open the Dovecot main configuration file with a text editor, then make the necessary changes:


$ sudo nano /etc/dovecot/dovecot.conf

Then we check the following options if any change is needed or, if they don’t exist, we need to add them:

# Define the mail user and group UID and GID
mail_uid = 5000
mail_gid = 5000
# Define the default Authentication method
auth default {
  mechanisms = plain
  # Define the LDAP database password file
  passdb ldap {
          args = /etc/dovecot/dovecot-ldap.pass
  }
  # Define the LDAP database user file
  userdb ldap {
          args = /etc/dovecot/dovecot-ldap.user
  }

  # Define the socket Listening parameters 
  socket listen {
        client {
          path = /var/spool/postfix/private/auth
          mode = 0660
          user = postfix
          group = postfix
  }
}

Then we need to create the LDAP database files and populate them:


$ sudo nano /etc/dovecot/dovecot-ldap.user

Next, we add the following code with the necessary change, then we save:

hosts = packtldap.co.uk:389
sasl_bind = no
auth_bind = yes
ldap_version = 3
deref = never
base = uid=%n,ou=people,dc=packtldap,dc=co,dc=uk
scope = base
user_attrs = homeDirectory=home
dn = uid=manager,dc=packtldap,dc=co,dc=uk
dnpass = password

The following image shows, OpenLDAP serves both inbox and outbox mail services:

We do the same thing for the second LDAP database file:


$ sudo nano /etc/dovecot/dovecot-ldap.pass

Then we add the following code with the necessary change, save the file, and exit:

hosts = packtldap.co.uk:389
sasl_bind = no
auth_bind = yes
ldap_version = 3
deref = never
base = uid=%n,ou=people,dc=packtldap,dc=co,dc=uk
scope = base
dn = uid=manager,dc=packtldap,dc=co,dc=uk
dnpass = password

With this step, we can say that Dovecote is successfully configured to use our LDAP server. We proceed to the Postfix configuration. As usual we can edit the main configuration file, /etc/postfix/main.cf using a text editor or we can just use the fast configuration setup command:


$ sudo postconf -e 'accounts_server_host = packtldap.co.uk'
$ sudo postconf -e 'accounts_search_base = ou=people,dc=packtldap,dc=co,dc=uk'
$ sudo postconf -e 'accounts_query_filter = (&(objectClass=inetOrgPerson)(mail=%s))'
$ sudo postconf -e 'accounts_result_attribute = homeDirectory'
$ sudo postconf -e 'accounts_result_format  =  %s/Mailbox'
$ sudo postconf -e 'accounts_scope = sub'
$ sudo postconf -e 'accounts_cache = yes'
$ sudo postconf -e 'accounts_bind = yes'
$ sudo postconf -e 'accounts_bind_dn = uid=manager,dc=packtldap,dc=co,dc=uk'
$ sudo postconf -e 'accounts_bind_pw = password'
$ sudo postconf -e 'accounts_version = 3'
$ sudo postconf -e 'virtual_transport = virtual'
$ sudo postconf -e 'virtual_uid_maps = static:5000'
$ sudo postconf -e 'virtual_gid_maps = static:5000'
$ sudo postconf -e 'virtual_mailbox_base = /'
$ sudo postconf -e 'virtual_mailbox_maps = ldap:accounts'
$ sudo postconf -e 'virtual_mailbox_domains = packtldap.co.uk'

Then to submit the change, we need to restart both services:


$ sudo systemctl restart postfix.service
$ sudo systemctl restart dovecot.service

Comments are closed.

loading...