Dovecot Active Directory Authentication

From QmailToaster
Revision as of 08:03, 2 November 2024 by Ebroch (talk | contribs) (Created page with "Back<br> Assumes working AD server # cd /etc/dovecot # cat > dovecot-ldap.conf.ext << __EOF__ hosts = mail.domain.tld dn = administrator@domain.tld dnpass = "adminpass" base = cn=users,dc=domain,dc=tld ldap_version = 3 auth_bind = yes iterate_attrs = userPrincipalName=user iterate_filter = (&(userPrincipalName=*)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) user_filter = (&(userPrin...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Back

Assumes working AD server

# cd /etc/dovecot
# cat >  dovecot-ldap.conf.ext << __EOF__
hosts = mail.domain.tld
dn = administrator@domain.tld
dnpass = "adminpass"
base = cn=users,dc=domain,dc=tld
ldap_version = 3
auth_bind = yes
iterate_attrs   = userPrincipalName=user
iterate_filter  = (&(userPrincipalName=*)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
user_filter     = (&(userPrincipalName=%u)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_filter     = (&(userPrincipalName=%u)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs      = userPassword=password
default_pass_scheme = CRYPT
__EOF__
Add to /etc/dovecot.conf while commenting any other passdb and userdb settings
mail_location = maildir:~/Maildir/
passdb {
  driver = ldap
  args = /etc/dovecot/dovecot-ldap.conf.ext
}
userdb {
  driver = static
  args = uid=89 gid=89 home=/home/vpopmail/domains/%d/%n
}
# systemctl restart dovecot

Configure QMT Dovecot authorization