Hi Mark,
sorry for late response, but I had to test a lot. For a “normal” AD with cn=users this configuration works. The AD authentication part looks like the one, nethserver creates automatically. The Mail part is not he same, but I didn’t touched it, because I didn’t use it. Here my Mail-part:
/* 20 Mail */
SOGoDraftsFolderName = "Drafts";
SOGoSentFolderName = "Sent";
SOGoTrashFolderName = "Trash";
SOGoJunkFolderName = "Junk";
SOGoIMAPServer = "localhost";
SOGoSieveServer = "sieve://localhost:4190";
SOGoSMTPServer = "127.0.0.1:10587";
SOGoMailDomain = "MyDomain";
SOGoSMTPAuthenticationType = "PLAIN";
SOGoMailingMechanism = "smtp";
NGImap4ConnectionStringSeparator = "/";For the Organization unit I created a custom template:
{
use NethServer::SSSD;
my $sssd = new NethServer::SSSD();
my $baseDN = $sssd->baseDN();
my $bindDN = $sssd->bindDN();
$bindDN =~ s/\\/\\\\/g;
my $userDN = $sssd->userDN();
my $groupDN = $sssd->groupDN();
my $bindPassword = $sssd->bindPassword();
my $host = $sssd->host();
my $ldapURI = $sssd->ldapURI();
# We must check if starttls is used
$tls = $sssd->startTls();
if ($tls){
$ldapURI = $ldapURI . '/????!StartTLS';
}
# select the email field in case of Microsotf AD bind
my $CustomEmailField = $sogod{'CustomEmailField'} || 'userPrincipalName';
if ($sssd->isLdap){
# user source: ldap
$OUT .= <<EOF
/* 45 ldap authentication */
SOGoUserSources =(
\{
id = groups;
type = ldap;
CNFieldName = cn;
UIDFieldName = cn;
IDFieldName = cn;
baseDN = "$groupDN";
bindDN = "$bindDN";
bindPassword = "$bindPassword";
scope = ONE;
canAuthenticate = YES;
MailFieldNames = ("mail");
displayName = "$SystemName groups";
hostname = $ldapURI;
isAddressBook = YES;
\},
\{
id = users;
type = ldap;
CNFieldName = cn;
UIDFieldName = uid;
IDFieldName = mail;
bindFields = (
mail,
uid
);
IMAPLoginFieldName = mail;
baseDN = "$userDN";
bindDN = "$bindDN";
bindPassword = "$bindPassword";
scope = ONE;
MailFieldNames = ("mail");
canAuthenticate = YES;
displayName = "$SystemName users";
hostname = $ldapURI;
isAddressBook = YES;
\}
);
EOF
} elsif($sssd->isAD){
# user source: AD
$bindPassword =~ s/"/\"/;
$OUT .= <<EOF
/* 45 AD authentication */
SOGoUserSources =(
\{
id = AD_Users;
type = ldap;
CNFieldName = cn;
IDFieldName = sAMAccountName;
UIDFieldName = sAMAccountName;
IMAPLoginFieldName = $CustomEmailField;
canAuthenticate = YES;
bindDN = "BindUser\@MyDomainName.local";
bindPassword = "MyBindpassword";
baseDN = "OU=MyOrganisationUnit,DC=MyDomainName,DC=local";
bindFields = (
sAMAccountName,
$CustomEmailField
);
hostname = $ldapURI;
filter = "(objectClass='user') AND (sAMAccountType=805306368)";
MailFieldNames = ("$CustomEmailField");
scope = SUB;
displayName = "$DomainName users";
isAddressBook = YES;
\}
\{
id = AD_Groups;
type = ldap;
CNFieldName = name;
IDFieldName = sAMAccountName;
UIDFieldName = sAMAccountName;
canAuthenticate = YES;
bindDN = "BindUser\@MyDomainName.local";
bindPassword = "MyBindpassword";
baseDN = "OU=MyOrganisationUnit,DC=MyDomainName,DC=local";
hostname = $ldapURI;
filter = "(objectClass='group') AND (sAMAccountType=268435456)";
MailFieldNames = ("mail");
scope = SUB;
displayName = "$DomainName groups";
isAddressBook = YES;
\},
);
EOF
}
} Also I get it working with multiple organization units.