Active Directory - Change email on users

Karim_Paul · November 19, 2018, 4:34pm

NethServer Version: 7

Dear Team,

I am trying to install the active directory that comes with the server,
I am having issues to have username emails customised, as I am completely blocked in adding a custom email.
I have several users that doesn’t have the same email domain that I have,
How I can I modify this?

Regards,

KC

stephdl · November 19, 2018, 5:34pm

you cannot have several domain name email like this with nethserver, you must create a first domain for the server and use alias to create the correct domain name

stephdl@domain.com could be an alias of stephdl@domain.org

go to : email address > mail aliases

Karim_Paul · November 19, 2018, 5:49pm

Thank you for your Response.
I understand however your mentioning this for the email domain.
I would like to know if there’s a chance to have multiple domains for the active directory. It seems it’s blocked entirely. If I add domain aliases will it work withe Gmail adresses and other domain?

Karim_Paul · November 19, 2018, 5:51pm

Also I don’t want to run an email server from there.
I checked what you told me and I don’t have the option. Probably because I didn’t install emails.

stephdl · November 19, 2018, 6:15pm

you need to install nethserver-mail, but indeed your question is only related to active-directory, probably with nethserver-phpldadadmin you could change the mail field property in the samba AD, but I do not know what issue you could have later.

the field to modify is userPrincipalName, I bet you could break something

Karim_Paul · November 19, 2018, 6:32pm

Is there a way to make this without having to install additional software?

mrmarkuz · November 19, 2018, 7:19pm

You may change the field from command line with ldbmodify:

https://wiki.nethserver.org/doku.php?id=howto:useful_commands#modify_the_samba4_ad_settings

Karim_Paul · November 20, 2018, 9:04am

Thank you, I had a look at your solution, unfortunately this is not working for me, I don’t have any files in that folder as recommended.
Furthermore, I am not using samba, nor emails,
My server is providing a web solution with nextcloud and other web based services.
The fact that I want to create a bind between the ldap is to have more control like a jump cloud solution.
The option of not being able to create the domain name is especially difficult as it creates a local email account for the client and I cannot change this after.
As I am providing web service to people that have their own email profiles such as some gmail, or other domains, I want to have the system sending them password and welcome email.
My domain doesn’t run emails on the machine.
I also don’t want to have my clients using other emails.

I also tried to install phpldapadmin module, and I get a php error when I try to login.

I am currently using jump cloud solution as a side service, however this is an inconvenient solution as it is 3USD per users. I’d like to run my own solution.

Please let me know if there is something else that I could do.

Thank you

stephdl · November 20, 2018, 9:51am

Well others could clarify but I feel what you intend to do is not possible with nethserver.

The property in samba is used to authenticate users in the samba AD, I really do not know what it could happen.

This is the cons with distro like ns when you want to customise it, or change the default behaviour.

@davidep do you think we could change the default email address of users in samba AD

Karim_Paul · November 20, 2018, 9:57am

That you stephdl, however I didn’t use samba, I have an active directory

Karim_Paul · November 20, 2018, 9:59am

Will it be possible to change them manually in an phpldapadmin?

davidep · November 20, 2018, 10:00am

The userPrincipalName can be changed in AD, but be aware of this action:

github.com

NethServer/nethserver-dc/blob/d584a85147e8a4c79221f1fdc3d42c95837997c7/root/etc/e-smith/events/actions/nethserver-dc-sync-upn#L75


      
          sub _cb_fix_upn
          {
              my $message = shift;
              my $entry = shift;
          
              my $user = $entry->get_value('sAMAccountName');
              if($al->is_system_user($entry->get_value('objectSid')) || $al->is_system_user($user)) {
                  return;
              }
              $entry->replace('userPrincipalName' => sprintf('%s@%s', $user, $domainName));
              my $result = $entry->update($ldif);
              if($result->is_error()) {
                  $errors ++;
              } else {
                  $updates ++;
              }
          }
          
          $ldif->done();
          close($tmpLdif);

There we are forcing the attribute to use the same domain suffix of NethServer. This is a requirement for mail servers which use a public DNS domain.

Yes as long as you retain the same domain suffix of NethServer (see hostname -d output).

Karim_Paul · November 20, 2018, 10:01am

When I try your solution with phpldapadmin I get an error which I find no support with.

stephdl · November 20, 2018, 10:02am

What version of php do you use ?

Karim_Paul · November 20, 2018, 10:02am

Thank you,

However, I am not planning to have any email server running from NS. I just want to create an AD with users that have external email addresses.

Karim_Paul · November 20, 2018, 10:04am

Here is the php -v output:

php -v

PHP 7.2.12 (cli) (built: Nov 6 2018 16:40:25) ( NTS )

stephdl · November 20, 2018, 10:06am

You upgraded php, this is the error displayed

Karim_Paul · November 20, 2018, 10:06am

I had a look at what you send me, however I am afraid my skills are not developed enough to understand this.
I only have basic knowledge.
If I seem to get you, you mean that the domain of the server is bound with the user email field. Thats exactly what I would like to change, like this apps like nextcloud can recognise a gmail email for one user as its login and also password recovery.

@stephdl should I do a downgrade ?

stephdl · November 20, 2018, 10:09am

For php ugrade I did a software collection, check the wiki

davidep · November 20, 2018, 10:20am

Be aware that AD allows a restricted set of domain suffixes in userPrincipalName attribute. That attribute has an email address syntax but is not required to be a valid email address.