Comments on: How to Configure and Integrate iRedMail Services to Samba4 AD DC – Part 11 https://www.tecmint.com/integrate-iredmail-to-samba4-ad-dc-on-centos-7/ Tecmint - Linux Howtos, Tutorials, Guides, News, Tips and Tricks. Sun, 24 May 2020 11:45:57 +0000 hourly 1 By: Razmo https://www.tecmint.com/integrate-iredmail-to-samba4-ad-dc-on-centos-7/comment-page-1/#comment-1334998 Sun, 24 May 2020 11:45:57 +0000 https://www.tecmint.com/?p=25585#comment-1334998 Hello, In the last versions of samba need to use TLS encrypted connections, otherwise, you cannot connect to LDAP.

ldapsearch -H ldap://pdc1.domain.lan -D "cn=test1,cn=users,dc=domain,dc=lan" -W -s base -b "" supportedSASLMechanisms

ldap_bind: Strong(er) authentication required (8)
	additional info: BindSimple: Transport encryption required.

I spent a lot of time-solving this problem.

Here is my solution:

To fix it, you need to copy /var/lib/samba/private/tls/ca.pem from samba ad server to centos 8 mail server folder /etc/pki/ca-trust/source/anchors/ and run update-ca-trust.

Then comment string beginning at TLS_CACERT in file /etc/openldap/ldap.conf.

Thereafter we can access to ldaps using simple authentication

ldapsearch -H ldaps://pdc1.domain.lan:636 -x -D "cn=test1,cn=users,dc=domain,dc=lan" -W -s base -b "" supportedSASLMechanisms

In postfix files ad_sender_login_maps.cf, ad_virtual_mailbox_maps.cf, and ad_virtual_group_maps.cf need modify lines 

 
server_host     = ldaps://pdc1.domain.lan:636
#server_port     = 636

In dovecot file dovecot-ldap.conf need modify this lines.

uris            = ldaps://pdc1.domain.lan:636
auth_bind       = yes
dn              = vmail@domain.lan

Everything should work now.

]]> By: Elmer Ernesto Cortez Menendez https://www.tecmint.com/integrate-iredmail-to-samba4-ad-dc-on-centos-7/comment-page-1/#comment-1036789 Mon, 17 Sep 2018 23:37:00 +0000 https://www.tecmint.com/?p=25585#comment-1036789 In reply to lemassykoi.

Many thanks..:)

]]> By: lemassykoi https://www.tecmint.com/integrate-iredmail-to-samba4-ad-dc-on-centos-7/comment-page-1/#comment-1036025 Sat, 15 Sep 2018 22:13:47 +0000 https://www.tecmint.com/?p=25585#comment-1036025 In reply to Elmer Ernesto Cortez Menendez.

you need to change auth part in /etc/sogo/sogo.conf

https://github.com/lemassykoi/temp/blob/master/sogo.conf

]]> By: Elmer Ernesto Cortez Menendez https://www.tecmint.com/integrate-iredmail-to-samba4-ad-dc-on-centos-7/comment-page-1/#comment-1035165 Thu, 13 Sep 2018 04:53:14 +0000 https://www.tecmint.com/?p=25585#comment-1035165 In reply to Trevor Lewis.

Hi, how did you get iRedMail/SOGo integrated with AD users please ?
thanks

]]> By: lemassykoi https://www.tecmint.com/integrate-iredmail-to-samba4-ad-dc-on-centos-7/comment-page-1/#comment-1001038 Sun, 03 Jun 2018 20:41:56 +0000 https://www.tecmint.com/?p=25585#comment-1001038 In reply to Trevor Lewis.

Hi, how did you get iRedMail/SOGo integrated with AD users please ?
thanks

]]>