Re: SSO and LDAP on mailpiler docker
Hi Patrick, I am using Apache in a Piler container with mod_auth_gssapi (https://github.com/gssapi/mod_auth_gssapi) I contributed this setup to the .htaccess here https://bitbucket.org/jsuto/piler/src/master/webui/.htaccess In this setup you don't need any winbind. Just setup Kerberos as explained in the .htaccess The cool thing about this is the fact that Apache simply sets the Authenticated-User once the Kerberos authentication was successful. Piler will then use this env as the username. Additionally I set: // enable single sign-on (disabled by default) $config['ENABLE_SSO_LOGIN'] = 1; $config['PASSWORD_CHANGE_ENABLED'] = 0; $config['STRIP_DOMAIN_NAME_FROM_USERNAME'] = 0; Note that Kerberos expects the Domain part to be capitalized. If you login "manually" without SSO you will have to use "username@YOUR.KERBEROS.DOMAIN" (There's some more documentation on Kerberos and mod_auth_gssapi on my Blog - in German :( https://blog.loetzimmer.de/2021/04/activedirectory-sso-mit-apache.html) Alex Am 28.06.2023 12:31, schrieb patrick.we...@rgi.net: Hello Janos! At the moment i am trying to configure my mailpiler docker solution to use SSO. I am using your instruction on https://www.mailpiler.org/wiki/current:single-sign-on [1], but I am not sure if this will work for the docker solution. My server contains of 3 dockers (piler, mysql, memcached). The piler docker runs the nginx webserver, the piler (version 1.4.4) and manticore. Samba and winbind is not installed. My best guest is, that i have to install samba and winbind in the piler docker instead of installing it on the host. Am I right? - Patrick Links: -- [1] https://www.mailpiler.org/wiki/current:single-sign-on
Re: Restore to O365 fails
Just a follow-up on this... It looks like this issue has been resolved by a code change: https://bitbucket.org/jsuto/piler/issues/1211/likely-logical-bug-in-piler_mime_decode Restore to O365 works for me now! Alex
Re: O365 - ADSync and groups
What's the ultimate goal? Merely adding another group to the user or to add the group address to the user? Assuming it's the latter, then you may skip adding the group, simply just add the Public Folder email addresses to the selected users. Anyway, I may extend the auth_data array with the groups, if it's the more elegant and effective solution to your problem. Janos Since I don't have the Public folder/Distribution-group addresses in Active Directory (but in O365 only) it's easy to add a group on Piler and attach the Public folder address there. Then in Active Directory I would add users to a group which represents this public folder. If that group could be added to the Piler user session, that would be perfect. But I don't want you to build something that's only useful to me :D I was just curious where the group information in Piler derives from and if I could leverage that myself. Alex
Re: O365 - ADSync and groups
I created a group in Piler by the name of a Public Folder and assigned the email addresses from the rcpt table for that Public Folder. Now I am trying to add the Group to the user session via CUSTOM_EMAIL_QUERY_FUNCTION but apparently the auth_data doesn't have a group field... :( I would like to avoid having to add all email addresses of the Public Folders, is there any way to add a group to the session data? Piler is setup to do Authentication against MS-ActiveDirectory. All Mailboxes are hosted on O365, sent to Piler via a Journaling rule. AD-Sync is setup to sync with Azure-Ad (O365). Now when I login to Piler (Auto-Login via SSO) I don't see any additional groups for my user. It looks like for Exchange On-Premises this attribute would get populated by my distribution-groups membership. Since Groups created in O365 are not synced back, they don't exist in my AD. I know, I can use https://www.mailpiler.org/wiki/current:custom-authentication to create group attributes based on arbitrary AD groups. I just would like to know how other people are tackling that issue. For Public-Folder email addresses I created Groups within Piler and assigned users there. Alex
O365 - ADSync and groups
Piler is setup to do Authentication against MS-ActiveDirectory. All Mailboxes are hosted on O365, sent to Piler via a Journaling rule. AD-Sync is setup to sync with Azure-Ad (O365). Now when I login to Piler (Auto-Login via SSO) I don't see any additional groups for my user. It looks like for Exchange On-Premises this attribute would get populated by my distribution-groups membership. Since Groups created in O365 are not synced back, they don't exist in my AD. I know, I can use https://www.mailpiler.org/wiki/current:custom-authentication to create group attributes based on arbitrary AD groups. I just would like to know how other people are tackling that issue. For Public-Folder email addresses I created Groups within Piler and assigned users there. Alex
Restore to O365 fails
I do realize that this is very likely not a Piler issue but rather O365 related… but maybe somebody already came across this issue and knows how to remediate it. When I restore a deleted email in my O365 account, the message transfer always fails: 550 4.3.2 QUEUE.TransportAgent; message deleted by transport agent The Piler server is setup as a connector in Exchange Online. The Smarthost is .mail.protection.outlook.com. Mails seem to be originating from MicrosoftExchange329e71ec88ae4615bbc36ab6ce41109e@.onmicrosoft.com The error states that there is an NDR sent to that address, but even after assigning that address to myself, no NDR is ever received. I have set $config['REWRITE_MESSAGE_ID'] = 1; Any help is greatly appreciated! Alex