Re: [SOGo] Email aliases in Samba AD

2015-09-11 Thread Peter Beck 
On 09/11/2015 04:23 PM, Martin Simovic wrote:
> I have’t been able to find that under AD Users and Computers, that’s why
> I use ADSI Edit.

an other solution (it this has to be done on windows) would be
powershell with Set-ADUser cmdlets [1]

Set-ADUser -Identity UserName -Add @{otherMailbox="al...@domain.tld"}

Never tried that myself, but looks plausible...as far as I know you have
to install the active directory module (which is included and enabled by
default in RSAT) and import the module first (import-module
activedirectory) in order to use it.

[1]
https://technet.microsoft.com/en-us/%5Clibrary/Hh852287%28v=WPS.630%29.aspx


-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Email aliases in Samba AD

2015-09-11 Thread Gary Richards 
On Fri, 2015-09-11 at 12:58 +0200, Martin Simovic wrote:
> Hi,
> 
> This is precisely what I am doing. Only to add, that indeed you can use 
> standard Windows management tools to manage users / aliases, 
> in this case I use ADSI edit to work on “otherMailbox” LDAP attribute.
> 
> Regards
> Martin.
> 
> 

Hi,

Thanks Peter and Martin, pretty much everything you've both mentioned is
exactly what I have been looking for.

Martin, I also worked out that you can just use the 'Active Directory
Users and Computers' plugin (I don't know if this is available in an
older mmc?) you get a more limited set of the same data in which you can
also select users properties and set the OtherMailbox attribute. This is
slightly better in this instance as there's less things for my admin
users to play with!

Thanks

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Email aliases in Samba AD

2015-09-11 Thread Peter Beck 
On 09/11/2015 12:15 PM, Gary Richards wrote:
> Ideally you would even be able to configure
> them using the standard Windows management tools 

by the way: ldap account manager gives you also an easy (web) interface
to manage samba4 users, the free edition is supporting it
(https://www.ldap-account-manager.org/lamcms/)

It's also in the Debian repos included (if Debian is your choice).

Regards
Peter
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Email aliases in Samba AD

2015-09-11 Thread Peter Beck 
On 09/11/2015 12:15 PM, Gary Richards wrote:
> I'm assuming that this means, you can configure email aliases in a
> fairly correct way within sambas directory? If that's the case, how
> might you go about doing it? Ideally you would even be able to configure
> them using the standard Windows management tools :)

Hi Gary,

I'm also using aliases with Samba4. just add as much "otherMail" entries
you need to the account. I'm doing it via ldbedit:

ldbedit -H /var/lib/samba/private/sam.ldb '(sAMAccountName=username)'

then just add "otherMail: em...@alias.tld" (without quotes) and save it.

For Postfix I've added an extra query to main.cf:

virtual_alias_maps = hash:/etc/postfix/virtual_aliases,
ldap:/etc/postfix/ldap_groups, ldap:/etc/postfix/ldap_users

and the corresponding ldap queries looks like that (ensure you've
installed the postfix-ldap package):

server_host = samba4-address
search_base = dc=domain,dc=local
version = 3
bind = yes
bind_dn = cn=LDAP Service,cn=users,dc=domain,dc=local
bind_pw = secretpassword
scope = sub
query_filter = (&(objectclass=user)(otherMailbox=%s))
result_attribute = mail

you can test your aliases with postmap:

postmap -q alias@foo.local ldap://etc/postfix/ldap_users

this should show you the "real"/main adress which will be used for delivery.

btw:
the group query looks similar to the user query, but with some settings:
query_filter = (&(objectclass=group)(|(mail=%s)(otherMailbox=%s)))
leaf_result_attribute = mail
special_result_attribute = member

I am using this configuration on lots of servers and it's working flawlessy.

Hope that helps a bit...

Regards
Peter


-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Email aliases in Samba AD

2015-09-11 Thread Martin Simovic 


> Dňa 11.9.2015 o 12:38, Peter Beck  napísal:
> 
> On 09/11/2015 12:15 PM, Gary Richards wrote:
>> I'm assuming that this means, you can configure email aliases in a
>> fairly correct way within sambas directory? If that's the case, how
>> might you go about doing it? Ideally you would even be able to configure
>> them using the standard Windows management tools :)
> 
> Hi Gary,
> 
> I'm also using aliases with Samba4. just add as much "otherMail" entries
> you need to the account. I'm doing it via ldbedit:
> 
> ldbedit -H /var/lib/samba/private/sam.ldb '(sAMAccountName=username)'
> 
> then just add "otherMail: em...@alias.tld" (without quotes) and save it.
> 
> For Postfix I've added an extra query to main.cf:
> 
> virtual_alias_maps = hash:/etc/postfix/virtual_aliases,
> ldap:/etc/postfix/ldap_groups, ldap:/etc/postfix/ldap_users
> 
> and the corresponding ldap queries looks like that (ensure you've
> installed the postfix-ldap package):
> 
> server_host = samba4-address
> search_base = dc=domain,dc=local
> version = 3
> bind = yes
> bind_dn = cn=LDAP Service,cn=users,dc=domain,dc=local
> bind_pw = secretpassword
> scope = sub
> query_filter = (&(objectclass=user)(otherMailbox=%s))
> result_attribute = mail
> 
> you can test your aliases with postmap:
> 
> postmap -q alias@foo.local ldap://etc/postfix/ldap_users
> 
> this should show you the "real"/main adress which will be used for delivery.
> 
> btw:
> the group query looks similar to the user query, but with some settings:
> query_filter = (&(objectclass=group)(|(mail=%s)(otherMailbox=%s)))
> leaf_result_attribute = mail
> special_result_attribute = member
> 

Hi,

This is precisely what I am doing. Only to add, that indeed you can use 
standard Windows management tools to manage users / aliases, 
in this case I use ADSI edit to work on “otherMailbox” LDAP attribute.

Regards
Martin.


-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Email aliases in Samba AD

2015-09-11 Thread Peter Beck 
On 09/11/2015 12:58 PM, Martin Simovic wrote:
> Only to add, that indeed you can use standard Windows management tools to 
> manage users / aliases, 
> in this case I use ADSI edit to work on “otherMailbox” LDAP attribute.

I don't like the standard utilities, so I did not know exactly where to
configure that with RSAT... ;-) I do like ldbedit because that allows me
to change samba users with vim.

But for others preferring graphical interfaces, I think LAM is worth
mentioning. Easy to use and no Windows needed, just a browser.

but just saw a typo I made - it's not otherMail in the ldbedit example,
it's otherMailbox as you correctly write...

Cheers
Peter
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Email aliases in Samba AD

2015-09-11 Thread Martin Simovic 

Hi

> On 11 Sep 2015, at 15:57, Gary Richards  
> wrote:
> 
> Martin, I also worked out that you can just use the 'Active Directory
> Users and Computers' plugin (I don't know if this is available in an
> older mmc?) you get a more limited set of the same data in which you can
> also select users properties and set the OtherMailbox attribute. This is
> slightly better in this instance as there's less things for my admin
> users to play with!

I have’t been able to find that under AD Users and Computers, that’s why I use 
ADSI Edit.

smime.p7s
Description: S/MIME cryptographic signature

Re: [SOGo] Email aliases in Samba AD

2015-09-11 Thread Peter Beck 
On 09/11/2015 04:23 PM, Martin Simovic wrote:
> I have’t been able to find that under AD Users and Computers, that’s why
> I use ADSI Edit.

I think this is only visible in RSAT if you have MS-Exchange-, Zarafa-
or whatever schema extensions installed. With "plain" active directory
it's not visible. Not sure about that but it would be a plausible
option... (we were using Zarafa and with it's extensions it was visible
in RSAT).
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Email aliases in Samba AD

2015-09-11 Thread Gary Richards 
On Fri, 2015-09-11 at 16:23 +0200, Martin Simovic wrote:

> I have’t been able to find that under AD Users and Computers, that’s
> why I use ADSI Edit.

Hrm,

Yes, it turns out i'm an idiot and still had the ADSI Edit stuff open in
the central pane despite navigating around the AD Users and Computers on
the left!

Sorry about that.

-- 
users@sogo.nu
https://inverse.ca/sogo/lists