Hi On Monday 01 July 2013 12:36:39 Carsten Laun-De Lellis wrote: > Hi Pavel > > Thankx for your reply. > > When you were setting up your ldap query what kind of password crypto > did you specify plain ntlm gssapi or anything else? The password field > in your query is userPassword or am I wrong here?
the password field is hidden (only the user can see it) by default, and not stored as a unix-friendly value (anything a crypt() would understand) what I use is auth_bind (which uses user-supplied password to bind to the LDAP directory). what it means is that on every login there are 2 lookups (first one using your "service" DN to find the user DN, second one with your user DN to check the password) that also means that you need a password format that your LDAP can understand (mostly a plaintext password, or NTLM if your mail server is a Samba domain member). As long as you only offer IMAP/SSL I dont think plaintext (as in "auth_mechanisms = plain") is an issue, security wise. as far as the service account (the one that is used to look up users) goes, I am using the default option (setting "dn" and "dnpass" variables), which I think is a simple bind. it is possible that it only works because Samba4 and dovecot run on the same machine. Pavel Herrmann > > I will try it again. > --- > > Mit freundlichem Gruß > > Carsten Laun-De Lellis > > Hauptstrasse 13 > D-67705 Trippstadt > > Phone: +49 6306 992140 > Fax: +49 6306 992142 > Mobile: +49 151 27530865 > email: [email protected] > > http://www.linkedin.com/in/carstenlaundelellis [1] > > Am 2013-07-01 11:24, schrieb Pavel Herrmann: > > Hi > > > > On Friday 28 June 2013 07:17:39 Carsten Laun-De Lellis wrote: > >> Hi all I am trying to set up an email Server with a Samba4 AD as user > >> Directory. Does anybody know a good how-to to setup user auth against AD > >> ? Or could anyone tell me how to do it? I am having an email Server up > >> and running with openldap but want to change to Samba4 AD, because of > >> the openchange Integration. I would appreciate any help on this topic.> > > I have an AD/Samba4 auth for dovecot, it works the same as any LDAP would > > (with authenticated lookups and auth_bind) > > > > I would suggest you try it, and ask if there are any issues. > > > > Pavel Herrmann > > Links: > ------ > [1] http://www.linkedin.com/in/carstenlaundelellis
