Page:
Configure LDAP
Pages
Configure AWS SES
Configure Accounts
Configure Aliases
Configure DKIM
Configure DMARC
Configure Fail2ban
Configure LDAP
Configure POP3
Configure Relay Hosts
Configure SPF
Configure SSL
Configure Sieve filters
Configure autodiscover
Debugging
FAQ and Tips
Forward Only mailserver with LDAP authentication
Full text search
Home
IPv6
Installation Examples
Introduction
List of optional config files & directories
Override Default Dovecot Configuration
Override Default Postfix Configuration
Retrieve emails from a remote mail server (using builtin fetchmail)
Understanding the ports
Update and cleanup
Using in Kubernetes
setup.sh
5
Configure LDAP
Semir Patel edited this page 2021-03-13 12:35:51 -06:00
Introduction
Getting started with ldap and this mailserver we need to take 3 parts in account:
- POSTFIX
- DOVECOT
- SASLAUTHD (this can also be handled by dovecot above)
List with the variables to control the container provisioning
POSTFIX:
LDAP_QUERY_FILTER_USERLDAP_QUERY_FILTER_GROUPLDAP_QUERY_FILTER_ALIASLDAP_QUERY_FILTER_DOMAIN
SASLAUTHD:
SASLAUTHD_LDAP_FILTER
DOVECOT:
DOVECOT_USER_FILTERDOVECOT_PASS_FILTER
NOTE: This page will provide several use cases like recipes to show, how this project can be used with it's LDAP Features.
Ldap Setup - Kopano/Zarafa
---
version: '2'
services:
mail:
image: docker.io/mailserver/docker-mailserver:latest
hostname: mail
domainname: domain.com
container_name: mail
ports:
- "25:25"
- "143:143"
- "587:587"
- "993:993"
volumes:
- maildata:/var/mail
- mailstate:/var/mail-state
- ./config/:/tmp/docker-mailserver/
environment:
# We are not using dovecot here
- SMTP_ONLY=1
- ENABLE_SPAMASSASSIN=1
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1
- SASLAUTHD_PASSWD=
# >>> SASL Authentication
- ENABLE_SASLAUTHD=1
- SASLAUTHD_LDAP_SERVER=<yourLdapContainer/yourLdapServer>
- SASLAUTHD_LDAP_PROTO=
- SASLAUTHD_LDAP_BIND_DN=cn=Administrator,cn=Users,dc=mydomain,dc=loc
- SASLAUTHD_LDAP_PASSWORD=mypassword
- SASLAUTHD_LDAP_SEARCH_BASE=dc=mydomain,dc=loc
- SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person))
- SASLAUTHD_MECHANISMS=ldap
# <<< SASL Authentication
# >>> Postfix Ldap Integration
- ENABLE_LDAP=1
- LDAP_SERVER_HOST=<yourLdapContainer/yourLdapServer>
- LDAP_SEARCH_BASE=dc=mydomain,dc=loc
- LDAP_BIND_DN=cn=Administrator,cn=Users,dc=mydomain,dc=loc
- LDAP_BIND_PW=mypassword
- LDAP_QUERY_FILTER_USER=(&(objectClass=user)(mail=%s))
- LDAP_QUERY_FILTER_GROUP=(&(objectclass=group)(mail=%s))
- LDAP_QUERY_FILTER_ALIAS=(&(objectClass=user)(otherMailbox=%s))
- LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(mailalias=*@%s)(mailGroupMember=*@%s))(mailEnabled=TRUE))
# <<< Postfix Ldap Integration
# >>> Kopano Integration
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
- POSTFIX_DAGENT=lmtp:kopano:2003
# <<< Kopano Integration
- ONE_DIR=1
- DMS_DEBUG=0
- SSL_TYPE=letsencrypt
- PERMIT_DOCKER=host
cap_add:
- NET_ADMIN
volumes:
maildata:
driver: local
mailstate:
driver: local
If your directory has not the postfix-book schema installed, then you must change the internal attribute handling for dovecot. For this you have to change the pass_attr and the user_attr mapping, as shown in the example below:
- DOVECOT_PASS_ATTR=<YOUR_USER_IDENTIFYER_ATTRIBUTE>=user,<YOUR_USER_PASSWORD_ATTRIBUTE>=password
- DOVECOT_USER_ATTR=<YOUR_USER_HOME_DIRECTORY_ATTRIBUTE>=home,<YOUR_USER_MAILSTORE_ATTRIBUTE>=mail,<YOUR_USER_MAIL_UID_ATTRIBUTE>=uid, <YOUR_USER_MAIL_GID_ATTRIBUTE>=gid
The following example illustrates this for a directory that has the qmail-schema installed and that uses uid:
- DOVECOT_PASS_ATTRS=uid=user,userPassword=password
- DOVECOT_USER_ATTRS=homeDirectory=home,qmailUID=uid,qmailGID=gid,mailMessageStore=mail
- DOVECOT_PASS_FILTER=(&(objectClass=qmailUser)(uid=%u)(accountStatus=active))
- DOVECOT_USER_FILTER=(&(objectClass=qmailUser)(uid=%u)(accountStatus=active))
© Docker Mailserver Organization
This project is licensed under the MIT license.