LDAP Anbindung verschlüsselt: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(4 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 41: Zeile 41:
 
==Restart==
 
==Restart==
 
*systemctl restart postfix
 
*systemctl restart postfix
=Postfix=
+
=Dovecot=
 +
;Hier bitte um Lösungsansätzen - SSL geht nicht und darum ist dies ein Killerkriterium.
 +
*stunnel?
 
==Konfiguration==
 
==Konfiguration==
* vi /etc/postfix/ad_local_recipients.cf
+
* vi /etc/dovecot/dovecot-ldap.conf.ext
 
<pre>
 
<pre>
version = 3
+
hosts = ldaps://lab34.linuggs.de:636
server_host = ldaps://lab34.linuggs.de
+
ldap_version = 3
search_base = dc=lab34,dc=linuggs,dc=de
+
auth_bind = yes
scope = sub
+
dn = cn=mailservice,cn=Users,dc=lab34,dc=linuggs,dc=de
query_filter = (userPrincipalName=%s)
+
dnpass = 12345-Xinux
result_attribute = userPrincipalName
+
base = cn=Users,dc=lab34,dc=linuggs,dc=de
bind = yes
+
scope = subtree
bind_dn = cn=mailservice,cn=Users,dc=lab34,dc=linuggs,dc=de
+
user_filter = (sAMAccountName=%u)
bind_pw = 12345-Xinux
+
user_attrs = =uid=mail,gid=mail
 +
pass_filter = (sAMAccountName=%u)
 +
pass_attrs = sAMAccountName=user
 
tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
 
tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
 
</pre>
 
</pre>
  
 
==Restart==
 
==Restart==
*systemctl restart postfix
+
* systemctl restart dovecot

Aktuelle Version vom 7. Oktober 2024, 06:56 Uhr

Voraussetzung

  • ls /usr/local/share/ca-certificates/lab34-ca.crt
Wenn noch keins vorliegt hier die Erklärung

Ldap Config

  • cat /etc/ldap/ldap.conf
BASE    dc=lab34,dc=linuggs,dc=de
URI     ldaps://win2022.lab34.linuggs.de
LDAPDEBUG 1
TLS_CACERT      /etc/ssl/certs/ca-certificates.crt

Test

  • ldapsearch -LLL -x -D cn=mailservice,cn=Users,dc=lab34,dc=linuggs,dc=de -w 12345-Xinux -b dc=lab34,dc=linuggs,dc=de cn=rudi userPrincipalName
dn: CN=rudi,CN=Users,DC=lab34,DC=linuggs,DC=de
userPrincipalName: rudi@lab34.linuggs.de

# refldaps://ForestDnsZones.lab34.linuggs.de/DC=ForestDnsZones,DC=lab34,DC=linu
 ggs,DC=de

# refldaps://DomainDnsZones.lab34.linuggs.de/DC=DomainDnsZones,DC=lab34,DC=linu
 ggs,DC=de

# refldaps://lab34.linuggs.de/CN=Configuration,DC=lab34,DC=linuggs,DC=de

Postfix

Konfiguration

  • vi /etc/postfix/ad_local_recipients.cf
version = 3
server_host = ldaps://lab34.linuggs.de
search_base = dc=lab34,dc=linuggs,dc=de
scope = sub
query_filter = (userPrincipalName=%s)
result_attribute = userPrincipalName
bind = yes
bind_dn = cn=mailservice,cn=Users,dc=lab34,dc=linuggs,dc=de
bind_pw = 12345-Xinux
tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt

Restart

  • systemctl restart postfix

Dovecot

Hier bitte um Lösungsansätzen - SSL geht nicht und darum ist dies ein Killerkriterium.
  • stunnel?

Konfiguration

  • vi /etc/dovecot/dovecot-ldap.conf.ext
hosts = ldaps://lab34.linuggs.de:636
ldap_version = 3
auth_bind = yes
dn = cn=mailservice,cn=Users,dc=lab34,dc=linuggs,dc=de
dnpass = 12345-Xinux
base = cn=Users,dc=lab34,dc=linuggs,dc=de
scope = subtree
user_filter = (sAMAccountName=%u)
user_attrs = =uid=mail,gid=mail
pass_filter = (sAMAccountName=%u)
pass_attrs = sAMAccountName=user
tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt

Restart

  • systemctl restart dovecot
Abgerufen von „http://wiki.ixheim.de/index.php?title=LDAP_Anbindung_verschlüsselt&oldid=57199