2018-09-26 05:47:58 -05:00
<!DOCTYPE html>
< html >
< head >
< meta http-equiv = "Content-Type" content = "text/html; charset=utf-8" / >
2019-09-18 23:30:03 -05:00
< title > iRedMail Easy: Preparations for using Microsoft Active Directory as iRedMail backend< / title >
2018-09-26 05:47:58 -05:00
< link rel = "stylesheet" type = "text/css" href = "./css/markdown.css" / >
< / head >
< body >
2019-07-13 06:21:55 -05:00
2018-09-26 05:47:58 -05:00
< div id = "navigation" >
< a href = "https://www.iredmail.org" target = "_blank" >
< img alt = "iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>
< span > iRedMail< / span >
< / a >
2019-09-18 23:30:03 -05:00
// < a href = "./index.html" > Document Index< / a > < / div > < h1 id = "iredmail-easy-preparations-for-using-microsoft-active-directory-as-iredmail-backend" > iRedMail Easy: Preparations for using Microsoft Active Directory as iRedMail backend< / h1 >
2018-09-26 05:47:58 -05:00
< div class = "toc" >
< ul >
2019-09-18 23:30:03 -05:00
< li > < a href = "#iredmail-easy-preparations-for-using-microsoft-active-directory-as-iredmail-backend" > iRedMail Easy: Preparations for using Microsoft Active Directory as iRedMail backend< / a > < ul >
2018-09-26 05:47:58 -05:00
< li > < a href = "#summary" > Summary< / a > < / li >
2018-10-07 16:55:24 -05:00
< li > < a href = "#create-read-only-account-vmail" > Create read-only account: vmail< / a > < ul >
< li > < a href = "#grant-privileges" > Grant privileges< / a > < / li >
< / ul >
< / li >
< li > < a href = "#create-read-write-account-vmailadmin" > Create read-write account: vmailadmin< / a > < ul >
< li > < a href = "#grant-privileges_1" > Grant privileges< / a > < / li >
< / ul >
< / li >
2018-10-16 16:26:50 -05:00
< li > < a href = "#store-passwords-on-your-iredmail-server" > Store passwords on your iRedMail server< / a > < / li >
2018-09-26 05:47:58 -05:00
< / ul >
< / li >
< / ul >
< / div >
< h2 id = "summary" > Summary< / h2 >
< p > To query mail accounts against Microsoft Active Directory, we need a LDAP
user account which can query the Active Directory.< / p >
< p > In this tutorial, we will show you how to< / p >
< ul >
< li > create account < code > vmail< / code > with read-only privilege used to query mail accounts< / li >
< li > create account < code > vmailadmin< / code > with read-write privileges used to query and
manage mail accounts.< / li >
< / ul >
< p > This tutorial has been tested on Windows Server 2012, but it should work for
all Windows Server versions.< / p >
< h2 id = "create-read-only-account-vmail" > Create read-only account: vmail< / h2 >
< ul >
< li > Click < code > Start< / code > on bottom-left corner of your Windows OS, click < code > Server Manager< / code > .< / li >
< / ul >
< p > < img alt = "" src = "./images/ad/start-server-manager.png" / > < / p >
< ul >
< li > Click < code > Tools< / code > on top-right corner, click < code > Active Directory Domains and Trusts< / code > .< / li >
< / ul >
< p > < img alt = "" src = "./images/ad/create_ad_account_1.png" / > < / p >
< ul >
2018-10-07 16:55:24 -05:00
< li > Right click your AD domain, then click < code > Manage< / code > . It will show you a new window.
In this example, it's domain < code > iredmail.org< / code > .< / li >
2018-09-26 05:47:58 -05:00
< / ul >
< p > < img alt = "" src = "./images/ad/create_ad_account_2.png" / > < / p >
< ul >
< li > In the new windows, right click on item < code > Users< / code > , select < code > New -> User< / code > .< / li >
< / ul >
< p > < img alt = "" src = "./images/ad/create_ad_account_3.png" / > < / p >
< ul >
2018-10-01 04:31:59 -05:00
< li > Input < code > vmail< / code > in < code > User logon name< / code > field, and fill other fields, then click < code > Next< / code > .< / li >
2018-09-26 05:47:58 -05:00
< / ul >
< p > < img alt = "" src = "./images/ad/read_only_account_1.png" / > < / p >
< ul >
2018-10-07 16:55:24 -05:00
< li > Input a strong password for < code > vmail< / code > user, make sure option < code > Password never
expires< / code > is checked, and uncheck other 3 options. Then click < code > Next< / code > .< / li >
2018-09-26 05:47:58 -05:00
< / ul >
< p > < img alt = "" src = "./images/ad/read_only_account_2.png" / > < / p >
< ul >
< li > Click < code > Finish< / code > to finish account creation.< / li >
< / ul >
< p > < img alt = "" src = "./images/ad/read_only_account_3.png" / > < / p >
2018-10-07 16:55:24 -05:00
< h3 id = "grant-privileges" > Grant privileges< / h3 >
< p > We need to grant < code > vmail< / code > user required privileges.< / p >
2018-09-26 05:47:58 -05:00
< p > In the < code > Active Directory Users and Computers< / code > window, right click your AD
domian name (in our example it's < code > iredmail.org< / code > ), and select < code > Delegate Control...< / code > .< / p >
< p > < img alt = "" src = "./images/ad/create_ad_account_4.png" / > < / p >
< ul >
2019-06-06 02:36:43 -05:00
< li > Click < code > Next< / code > .< / li >
2018-09-26 05:47:58 -05:00
< / ul >
< p > < img alt = "" src = "./images/ad/create_ad_account_5.png" / > < / p >
< ul >
< li > Click < code > Add< / code > .< / li >
< / ul >
< p > < img alt = "" src = "./images/ad/create_ad_account_6.png" / > < / p >
< ul >
2018-10-07 16:55:24 -05:00
< li > Input read-only account < code > vmail< / code > , and click < code > OK< / code > .< / li >
2018-09-26 05:47:58 -05:00
< / ul >
< p > < img alt = "" src = "./images/ad/read_only_account_4.png" / > < / p >
< ul >
< li > Click < code > Next< / code > .< / li >
< / ul >
< p > < img alt = "" src = "./images/ad/read_only_account_5.png" / > < / p >
< ul >
< li > Select < code > "Read all user information"< / code > , click < code > Next< / code > .< / li >
< / ul >
< p > < img alt = "" src = "./images/ad/read_only_account_6.png" / > < / p >
< ul >
< li > Click < code > Finish< / code > to confirm.< / li >
< / ul >
< p > < img alt = "" src = "./images/ad/read_only_account_7.png" / > < / p >
2018-10-07 16:55:24 -05:00
< h2 id = "create-read-write-account-vmailadmin" > Create read-write account: vmailadmin< / h2 >
< p > This account is used to manage mail accounts.< / p >
2018-09-26 05:47:58 -05:00
< ul >
< li > Click < code > Start< / code > on bottom-left corner of your Windows OS, click < code > Server Manager< / code > .< / li >
< / ul >
< p > < img alt = "" src = "./images/ad/start-server-manager.png" / > < / p >
< ul >
< li > Click < code > Tools< / code > on top-right corner, click < code > Active Directory Domains and Trusts< / code > .< / li >
< / ul >
< p > < img alt = "" src = "./images/ad/create_ad_account_1.png" / > < / p >
< ul >
2018-10-07 16:55:24 -05:00
< li > Right click your AD domain, then click < code > Manage< / code > . In this example, it's domain < code > iredmail.org< / code > .< / li >
2018-09-26 05:47:58 -05:00
< / ul >
< p > < img alt = "" src = "./images/ad/create_ad_account_2.png" / > < / p >
< ul >
< li > At the new windows, right click < code > Users< / code > --> < code > New< / code > --> < code > User< / code > .< / li >
< / ul >
< p > < img alt = "" src = "./images/ad/create_ad_account_3.png" / > < / p >
< ul >
2018-10-07 16:55:24 -05:00
< li > Input < code > vmailadmin< / code > in < code > User logon name< / code > field, and fill other fields, then click Next.< / li >
2018-09-26 05:47:58 -05:00
< / ul >
< p > < img alt = "" src = "./images/ad/admin_account_1.png" / > < / p >
< ul >
2018-10-07 16:55:24 -05:00
< li > Input a strong password for user < code > vmailadmin< / code > , make sure option < code > Password never expires< / code > is checked, click < code > Next< / code > .< / li >
2018-09-26 05:47:58 -05:00
< / ul >
< p > < img alt = "" src = "./images/ad/admin_account_2.png" / > < / p >
< ul >
< li > Click < code > Finish< / code > to finish account creation.< / li >
< / ul >
< p > < img alt = "" src = "./images/ad/admin_account_3.png" / > < / p >
2018-10-07 16:55:24 -05:00
< h3 id = "grant-privileges_1" > Grant privileges< / h3 >
< p > Account < code > vmailadmin< / code > has been created, we need to grant it more privileges than < code > vmail< / code > user.< / p >
< p > In the Active Directory Users and Computers window, right click your AD domian
2019-06-06 02:36:43 -05:00
and select < code > Delegate Control...< / code > . In this example, it's domain < code > iredmail.org< / code > ,< / p >
2018-09-26 05:47:58 -05:00
< p > < img alt = "" src = "./images/ad/create_ad_account_4.png" / > < / p >
< ul >
2019-06-06 02:36:43 -05:00
< li > Click < code > Next< / code > .< / li >
2018-09-26 05:47:58 -05:00
< / ul >
< p > < img alt = "" src = "./images/ad/create_ad_account_5.png" / > < / p >
< ul >
< li > Click < code > Add< / code > .< / li >
< / ul >
< p > < img alt = "" src = "./images/ad/create_ad_account_6.png" / > < / p >
< ul >
2018-10-07 16:55:24 -05:00
< li > Input account name < code > vmailadmin< / code > , and click < code > OK< / code > .< / li >
2018-09-26 05:47:58 -05:00
< / ul >
< p > < img alt = "" src = "./images/ad/admin_account_4.png" / > < / p >
< ul >
< li > Click < code > Next< / code > .< / li >
< / ul >
< p > < img alt = "" src = "./images/ad/admin_account_5.png" / > < / p >
< ul >
2018-10-07 16:55:24 -05:00
< li > Select tasks listed below, then click < code > Next< / code > :< ul >
< li > < code > Create, delete, and manage user accounts< / code > < / li >
< li > < code > Reset user passowords and force password change at next logon< / code > < / li >
< li > < code > Read all user information< / code > < / li >
< li > < code > Modify the membership of a group< / code > < / li >
< / ul >
< / li >
2018-09-26 05:47:58 -05:00
< / ul >
< p > < img alt = "" src = "./images/ad/admin_account_6.png" / > < / p >
< ul >
< li > Click < code > Finish< / code > .< / li >
< / ul >
2018-10-16 16:26:50 -05:00
< p > < img alt = "" src = "./images/ad/admin_account_7.png" / > < / p >
< h2 id = "store-passwords-on-your-iredmail-server" > Store passwords on your iRedMail server< / h2 >
< p > iRedMail Cloud Deployment Platform does not store any password on its servers,
instead, it reads passwords from different files which are stored under
< code > /root/.iredmail/kv/< / code > on YOUR server. So you need to create few files to store
< code > vmail< / code > and < code > vmailadmin< / code > account passwords on the iRedMail server you're going
to integrate with Active Directory.< / p >
< p > Please login to your iRedMail server first, then:< / p >
< ul >
< li >
< p > Create directory < code > /root/.iredmail/kv/< / code > with command below (NOTE: You may need
< code > sudo< / code > privilege if you're not root user):< / p >
< p > < code > mkdir -p /root/.iredmail/kv< / code > < / p >
< / li >
< li >
< p > Create file < code > /root/.iredmail/kv/ad_ldap_vmail_password< / code > , input password of
< code > vmail< / code > user in the file. Do not leave any comment lines or other characters
in the file.< / p >
< / li >
< li > Create file < code > /root/.iredmail/kv/ad_ldap_vmailadmin_password< / code > , input password
of < code > vmailadmin< / code > user in the file. Do not leave any comment lines or other characters
in the file.< / li >
< / ul > < div class = "footer" >
2019-12-31 00:07:48 -06:00
< p style = "text-align: center; color: grey;" > All documents are available in < a href = "https://github.com/iredmail/docs/" > GitHub repository< / a > , and published under < a href = "http://creativecommons.org/licenses/by-nd/3.0/us/" target = "_blank" > Creative Commons< / a > license. You can < a href = "https://github.com/iredmail/docs/archive/master.zip" > download the latest version< / a > for offline reading. If you found something wrong, please do < a href = "https://www.iredmail.org/contact.html" > contact us< / a > to fix it.< / p >
2018-09-26 05:47:58 -05:00
< / div >
<!-- Global site tag (gtag.js) - Google Analytics -->
< script async src = "https://www.googletagmanager.com/gtag/js?id=UA-3293801-21" > < / script >
< script >
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-3293801-21');
< / script >
< / body > < / html >