Re: qmail-ldap + AD

[Zdravko Stoychev <zdravko.stoychev@mps.bg>]

Hi!

Razvan Turtureanu wrote:

hello list,

 

I did some research in the AD schema and I faund that we can use these Attributes:

 

mail;

userPrincipalName - for uid

userAccountControl for accoutStatus- with the values 66050 - desabled  and 66048 enabled (I don't know if this is exactly right)

Check out:

{ http://msdn.microsoft.com/library/default.asp?url=""> }
ADS_UF_ACCOUNTDISABLE   = $00000002; // The user account is disabled.
ADS_UF_LOCKOUT          = $00000010; // The account is currently locked out.
ADS_UF_PASSWORD_EXPIRED = $00800000; // The user password has expired.

info - replaytext

 

all of the above can be modified from the dsa.msc console

 

and I am think-ing to extend the active directory schema witn forestprep and domainprep, because I want to use the functionality of qmail-group, and mailForwardingAddress.

 

Dind anyone found another solution for this???

You are on the right way. Right now I am not using qmail-group, but wanna do it, so if you share any progress would be nice :)

 

 

---

From: Zdravko Stoychev [mailto:zdravko.stoychev@mps.bg]
Sent: Wednesday, January 31, 2007 16:53
To: speace@ci.webster.ny.us
Cc: ccesario@tecnomega.com.br; qmail-ldap@qmail-ldap.org
Subject: Re: qmail-ldap + AD

Hi!

Steve Peace wrote:

I did the exact same thing, and it is working fine.  I did however set up
winbind so I can use my users AD credentials to authenticate them for POP.
  

For best results one could set up SFU on Windows Domain Controller and run NIS server there,
then set up all *nix boxes to use NIS for auth.

Steve Peace
Director of Information Technology
Town of Webster
585.872.7030

-----Original Message-----
From: Zdravko Stoychev [mailto:zdravko.stoychev@mps.bg] 
Sent: Wednesday, January 31, 2007 4:38 AM
To: ccesario@tecnomega.com.br
Cc: qmail-ldap@qmail-ldap.org
Subject: Re: qmail-ldap + AD

Hi!

Carlos wrote:
  

Hi peoples, somebody friend have any experience about configure qmail to
authentic in Active Directory ? Any google search mean about change
qmail-ldap.h, but I don't search nothing specific. 

Any idea? Howto ? start guide.....
  
    

Yes, it is doable and is working just fine. All you need is to set up 
qmail-ldap.h ldap attribute names correctly according you AD scheme. 
Then setup control/ldap* files with servername, login dn, password etc. 
You could set user login to be its full email address for example.
  

thanks

Carlos

  
    

-- 
  Zdravko Stoychev
  System Software and Support
  MPS Ltd.
  zdravko.stoychev@mps.bg
  +359-2-491-1827 (ext.271)

Ако не отговарям на писмата Ви - погледнете тук: http://6lyokavitza.org/mail

This e-mail is intended only for the addressee(s) and may contain privileged and confidential information. It should not be disseminated, distributed, or copied. If you have received this e-mail message by mistake, please inform the sender, and delete it from your system.
  

-- 
  Zdravko Stoychev
  System Software and Support
  MPS Ltd.
  zdravko.stoychev@mps.bg
  +359-2-491-1827 (ext.271)

Ако не отговарям на писмата Ви - погледнете тук: http://6lyokavitza.org/mail

This e-mail is intended only for the addressee(s) and may contain privileged and confidential information. It should not be disseminated, distributed, or copied. If you have received this e-mail message by mistake, please inform the sender, and delete it from your system.

smime.p7s
Description: S/MIME Cryptographic Signature