USEFULL
/
docker-kopano
mirror of https://github.com/mlan/docker-kopano
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Page: Kopano and LDAP ADS
Pages
Container Usage Enabling aliases with delimiters General Home Kopano Core Kopano WebApp Kopano and LDAP ADS Z Push
2 Kopano and LDAP ADS
osnet edited this page 2021-01-31 13:43:50 +01:00

After some intensive tests the (at this time) optimal configuration for kopano working with enterprise LDAP will be achieved with the following settings:

  • container: app
  • file: ldap.cfg
ldap_starttls = no
ldap_uri = ldaps://111.222.333.444:636/
ldap_search_base = dc=mail,dc=net
ldap_user_type_attribute_value = user
ldap_group_type_attribute_value = group
ldap_bind_user = cn=ldapbind,cn=Users,dc=mail,dc=net
ldap_bind_passwd = secret

#########
# Object settings
ldap_object_type_attribute = objectClass
ldap_user_type_attribute_value = User
ldap_group_type_attribute_value = Group
ldap_contact_type_attribute_value = Contact
ldap_company_type_attribute_value = ou
ldap_addresslist_type_attribute_value = kopano-addresslist
ldap_dynamicgroup_type_attribute_value = kopano-dynamicgroup
ldap_user_search_filter = (kopanoAccount=1)
ldap_user_unique_attribute = objectGUID
ldap_user_unique_attribute_type = binary

ldap_group_search_filter = (objectCategory=Group)
ldap_group_unique_attribute = objectSid
ldap_group_unique_attribute_type = binary
ldap_groupname_attribute = cn
ldap_groupmembers_attribute = member
ldap_groupmembers_attribute_type = dn
ldap_group_security_attribute = groupType
ldap_group_security_attribute_type = ads

ldap_addresslist_search_filter = (objectClass=kopano-addresslist)
ldap_addresslist_unique_attribute = cn
ldap_addresslist_unique_attribute_type = dn
ldap_addresslist_filter_attribute = kopanoFilter
ldap_addresslist_search_base_attribute = kopanoBase
ldap_addresslist_name_attribute = cn

ldap_dynamicgroup_unique_attribute = cn
ldap_dynamicgroup_unique_attribute_type = binary
ldap_dynamicgroup_filter_attribute = kopanoFilter
ldap_dynamicgroup_search_base_attribute = kopanoBase
ldap_dynamicgroup_name_attribute = cn

ldap_sendas_attribute = kopanoSendAsPrivilege
ldap_sendas_attribute_type = dn
ldap_sendas_relation_attribute =

ldap_fullname_attribute = displayName
ldap_loginname_attribute = sAMAccountName
ldap_emailaddress_attribute = mail
ldap_emailaliases_attribute = otherMailbox

!propmap /etc/kopano/ldap.propmap.cfg
  • container: mta
  • file: main.cf
...
# Mail directory
virtual_mailbox_domains = hash:/etc/postfix/virtual-domains
virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf
virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf, ldap:/etc/postfix/ldap-groups.cf, regexp:/etc/postfix/address_extension
virtual_transport = lmtp:app:2003
...
  • container: mta
  • file: ldap-users.cf
start_tls = no
server_host = ldaps://111.222.333.444:636
search_base = CN=Users,DC=mail,DC=net
version = 3
bind = yes
bind_dn = CN=ldapbind,CN=Users,DC=mail,DC=net
bind_pw = secret
scope = sub
query_filter = (&(objectClass=user)(mail=%s))
result_attribute = mail
  • container: mta
  • file: ldap-aliases.cf
start_tls = no
server_host = ldaps://111.222.333.444:636
search_base = CN=Users,DC=mail,DC=net
version = 3
bind = yes
bind_dn = CN=ldapbind,CN=Users,DC=mail,DC=net
bind_pw = secret
scope = sub
query_filter = (&(objectClass=user)(otherMailbox=%s))
result_attribute = mail
  • container: mta
  • file: ldap-groups.cf
start_tls = no
server_host = ldaps://111.222.333.444:636
search_base = CN=Users,DC=mail,DC=net
version = 3
bind = yes
bind_dn = CN=ldapbind,CN=Users,DC=mail,DC=net
bind_pw = secret
scope = sub
query_filter = (&(objectClass=group)(kopanoAccount=1)(mail=%s))
leaf_result_attribute = mail
special_result_attribute = member

These settings enable the following:

  • ability to recieve mails for your alias
  • ability to recieve mails for distributions groups
  • ability for the "Send on behalf of" option