All,i am working on a replacement for a mail server I have, that is currently a Merak Mail /Icewarp mail system that I am moving over to Postfix and Dovecot. My current issue with Postfix is that I am not able to get the LDAP account mapping to work correctly with my Active Directory security settings. My AD LDAP system requires strong authentication, by means of SASL signing of the LDAP connections, as outlined in this document: http://support.microsoft.com/kb/935834. I can't get Postfix to connect VIA SSL (Which is my usual work around since it seems only Samba does this, by way of client ldap sasl wrapping = sign in the configuration). As soon as I enable TLS, or SSL in the postfix LDAP configuration it claims it cannot connect to the LDAP server, but when I modify my GPO to take that signing requirement off (for testing purposes only) the bind works no problem. My server configuration right now for the LDAP portion is as follows:
# Server config server_host = ldap://DC.domain.net search_base = CN=Users,DC=domain,DC=net version = 3 start_tls = no query_filter = (&(objectclass=person)(|(mail=%s)(othermailbox=%s))) result_attribute = samaccountname result_format = %s/Mail/ bind = yes bind_dn = CN=admin,CN=Users,DC=domain,DC=net bind_pw = p...@s$w0rd tls_cert = /etc/pki/tls/certs/server.crt tls_key = /etc/pki/tls/private/server.key tls_ca_cert_file = /etc/pki/tls/certs/ca_domain.crt tls_require_cert = no tls_random_file = /dev/urandomI have changed to ldaps://DC.domain.net for the SSL connection and used only ldap:// when doing STARTTLS.
Any help would be appreciated. ~Seann
smime.p7s
Description: S/MIME Cryptographic Signature
