Voraussetzung

• ls /usr/local/share/ca-certificates/lab34-ca.crt

Wenn noch keins vorliegt hier die Erklärung

• Microsoft Zertifizierungstelle

Ldap Config

• cat /etc/ldap/ldap.conf

BASE    dc=lab34,dc=linuggs,dc=de
URI     ldaps://win2022.lab34.linuggs.de
LDAPDEBUG 1
TLS_CACERT      /etc/ssl/certs/ca-certificates.crt

Test

• ldapsearch -LLL -x -D cn=mailservice,cn=Users,dc=lab34,dc=linuggs,dc=de -w 12345-Xinux -b dc=lab34,dc=linuggs,dc=de cn=rudi userPrincipalName

dn: CN=rudi,CN=Users,DC=lab34,DC=linuggs,DC=de
userPrincipalName: rudi@lab34.linuggs.de

# refldaps://ForestDnsZones.lab34.linuggs.de/DC=ForestDnsZones,DC=lab34,DC=linu
 ggs,DC=de

# refldaps://DomainDnsZones.lab34.linuggs.de/DC=DomainDnsZones,DC=lab34,DC=linu
 ggs,DC=de

# refldaps://lab34.linuggs.de/CN=Configuration,DC=lab34,DC=linuggs,DC=de

Postfix

Konfiguration

• vi /etc/postfix/ad_local_recipients.cf

version = 3
server_host = ldaps://lab34.linuggs.de
search_base = dc=lab34,dc=linuggs,dc=de
scope = sub
query_filter = (userPrincipalName=%s)
result_attribute = userPrincipalName
bind = yes
bind_dn = cn=mailservice,cn=Users,dc=lab34,dc=linuggs,dc=de
bind_pw = 12345-Xinux
tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt

Restart

• systemctl restart postfix

Dovecot

Hier bitte um Lösungsansätzen - SSL geht nicht und darum ist dies ein Killerkriterium.

Konfiguration

• vi /etc/dovecot/dovecot-ldap.conf.ext

hosts = ldaps://lab34.linuggs.de:636
ldap_version = 3
auth_bind = yes
dn = cn=mailservice,cn=Users,dc=lab34,dc=linuggs,dc=de
dnpass = 12345-Xinux
base = cn=Users,dc=lab34,dc=linuggs,dc=de
scope = subtree
user_filter = (sAMAccountName=%u)
user_attrs = =uid=mail,gid=mail
pass_filter = (sAMAccountName=%u)
pass_attrs = sAMAccountName=user
tls = yes
tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt

Restart

• systemctl restart dovecot