Imapsync with external LDAP?

fausp · April 1, 2024, 2:07pm

Windows Server Version: 2022
NethServer Version: 8
Module: imapsync and mail

I cannot setup Imapsync if NS8 is joined to external LDAP…

Shouldn’t this be possible?

fausp · April 1, 2024, 2:22pm

Windows Server Version: 2022
NethServer Version: 8
Module: imapsync and mail

OK, I think I got it. I had to setup Mail first…

grafik

But there is another Problem:

stephdl · April 1, 2024, 5:39pm

Imapsync is designed to use the ns8 mail server you have to link imasync to it

fausp · April 1, 2024, 5:57pm

Hi,

I think the setup is correct?

stephdl · April 1, 2024, 6:04pm

Remove and reinstall imasync but before try to check the cli below

stephdl · April 1, 2024, 6:20pm

I did a quick test with a remote LDAP and no pb so far

stephdl · April 1, 2024, 6:21pm

[root@R4-pve ~]# tree /home/imapsync1/.config/state/
/home/imapsync2/.config/state/
├── CACHEDIR.TAG
├── agent.env
├── apitoken.cache
├── cron
├── environment
└── imapsync
    ├── stephane_9bevc3.env
    ├── stephane_9bevc3.pwd
    └── vmail.pwd

stephdl · April 1, 2024, 6:22pm

[root@R4-pve ~]# cat /home/imapsync1/.config/state/imapsync/vmail.pwd 
yrG@S..xiB%K@O/+G,g5/RplJMvZPnVa

stephdl · April 1, 2024, 6:30pm

hum can you see the mailbox of the mail server, can you list user in the web page…I bet no

go to mail module > mailboxes

stephdl · April 1, 2024, 6:33pm

stephdl · April 1, 2024, 6:37pm

please did you configure the ldap with the toggle verify the tls certificate to true ???

fausp · April 1, 2024, 7:07pm

No TLS…

stephdl · April 1, 2024, 7:09pm

you can browse users in the ldap page and in the maiboxes of the mail page ?

fausp · April 1, 2024, 7:15pm

ldap page does work but mailboxes doesnt

fausp · April 1, 2024, 8:11pm

I did a 2nd test with active TLS:

This looks good now, I will do further tests tomorrow…

stephdl · April 2, 2024, 7:29am

so to resume, you joined a remote domain without TLS, you got no error so far from the UI, but obviously you cannot list the users of the domain, does it sound close of your issue ?

fausp · April 2, 2024, 8:03am

The 1. Test without TLS and TLS verification did not work as expected.
The 2. Test, as you can see in the screenshot, works so far. I can list users etc., but I have to do forther tests to be sure mails are fetched from the provider and sorted to the users and sent out correctly…

stephdl · April 2, 2024, 8:05am

question, do you think that an AD allowing to authenticate without TLS remotely is safe enough !!!

maybe dovecot forces the TLS on its own

cc @davidep

fausp · April 2, 2024, 8:08am

No

It looks like…

stephdl · April 3, 2024, 10:34am

tested on a remote ldap account without TLS, I cannot reproduce the issue

create an AD on NS7
set to do not ask for encryption

bind to this AD on NS8 without TLS on port 389
install mail, webtop, imapsync

I can use the domain page and the mailboxes page, and the imapsync page, I can login with ldap users to webtop

If I remove the custom template I did on NS7 and I restart the nsdc, then I cannot browse remotely the users on all pages