LDAP Address Validation

Questions and answers about how to do stuff
Post Reply
MooreSys
Posts: 6
Joined: 08 Apr 2018 02:43

LDAP Address Validation

Post by MooreSys »

There has to be a simpler way, or at least a straight-up way, to do LDAP Address Validation on incoming emails. I have for the last two days been trying to get this to work by using the the posting "How to integrate E.F.A with Active Directory on 3.0.0.9". This process does not seem to work at all! If it does I am missing a lot of pieces somewhere.

I have created the /etc/postfix/ldap_relay_recipient_maps.cf file and populated it with the following:
server_host = MyInternalDomain.com
search_base = DC=root,DC=domain,DC=com
scope = sub
bind_dn = CN=ADRead,OU=Service Accounts,DC=root,DC=domain,DC=com
bind_pw = password
bind = yes
query_filter = (|(proxyAddresses=smtp:%s) (proxyAddresses=SMTP:%s))
result_attribute = mail
version = 3

Added relay_recipient_maps = ldap:/etc/postfix/ldap_relay_recipient_maps.cf to the /etc/postfix/main.cf file and restarted the entire server. After the reboot I did a little testing to see if I could even read anything from AD.

When I run postmap -q 'validemailaddress@domain.com' ldap:/etc/postfix/ldap_relay_recipient_maps.cf I get a reply of the primary address of the user.
If I run postmap -q 'notvalidemailaddress@domain.com' ldap:/etc/postfix/ldap_relay_recipient_maps.cf I get nothing back.

It appears that I am reading AD in order to get the results from the above two test. However, if I open the Postfix Mail Server -> SMTP Server Options in Webmin, I get a "Allowed addresses for relaying Could not get attribute from (|(proxyAddresses=smtp:%s) (proxyAddresses=SMTP:%s))" at the bottom. Now I am not sure if that matters or not, but if I change the /etc/postfix/ldap_relay_recipient_maps.cf file query_filter to just proxyAddresses=%s this error message will be replace with a list of every email address in my AD. It appears that the problem is the SMTP: part.

Has any one actually got this to work? I apologize for starting another Topic on this, but the "How to integrate E.F.A with Active Directory on 3.0.0.9" topic as become over saturated with loops that have become very useless. I am also running the 3.0.2.6 version. Also, I am not sure that it is actually giving all the steps about how to enable it once these steps are done. Broke or not I would think that I would see something in the "tail -f /var/log/maillog" log were it is at least is trying to validate something.

MooreSys
MrBob
Posts: 7
Joined: 19 Apr 2018 18:54

Re: LDAP Address Validation

Post by MrBob »

I see same thing . Try to add this (mail=%s) at the end
From:
query_filter = (|(proxyAddresses=smtp:%s) (proxyAddresses=SMTP:%s))
to
query_filter = (|(proxyAddresses=smtp:%s) (proxyAddresses=SMTP:%s)(mail=%s))

I did that and it shows all email addresses from AD.
Post Reply