Proxmox LDAP issue

ronald_r

New Member
Jun 22, 2019
2
0
1
42
I'm currently setting up a proxmox mail gateway in front of an iRedMail (CE) server for testing purposes.
The reason I'm using iRedMail is that is comes with OpenLDAP by default. While I'm not to well versed into LDAP I'd like to use this to give my users access to their account with a single username/password.

The thing is I configured Proxmox with LDAP authentication for the user quarantine, however when I synchronize my users only a few are displayed.
I currently have 7 domains on the iRedMail server (none of which, currently, have correct MX records). Different users of different domains (not just users in the root domain) are being displayed, but not all.

I've tried deleting all users within iRedMail (except the administrator) and I've recreated just one. After syncing proxmox again only the administrator account was being displayed, instead of the administrator + 1 user account.

My LDAP settings in Proxmox are as follows;
Enable: On
Profile name: mailusers
Protocol: ldap
Server: fqdn of iRedMail
Server: fqdn of iRedMail
Port: 389
Username: cn=vmail,dc=domain,dc=tld
Password: password
Base DN: o=domains,dc=domain,dc=tld
Base DN (groups): o=domains,dc=domain,dc=tld
Email attribute name: mail
Account attribute name: cn
LDAP filter: blank
Group ObjectClass: Groups

While I figure my username/password and Base DN are correct I'm not 100% positive on all my settings. Like Base DN Groups, Email Attribute name, Account Attribute Name, LDAP Filter and Group ObjectClass I'm really not sure about.

I've tried searching log files on both Proxmox and iRedMail but both seem to come up empty for LDAP logs.

I have also include 2 (redacted) screenshots from my LDAP server with Apache DS.

Anyone willing or able to help me out with this I'd like to thank in advance.
 

Attachments

  • LDAP_01.gif
    LDAP_01.gif
    130.7 KB · Views: 61
  • LDAP_02.gif
    LDAP_02.gif
    114 KB · Views: 60
Okay, I found the logfile where the LDAP sync logs to on proxmox.
The strange thing is however that is logs the following:

Jun 22 01:49:26 pmg-hourly[1302]: start syncing ldap profile 'mailusers' (fqdn iredmail)
Jun 22 01:49:26 pmg-hourly[1302]: finished syncing ldap profile 'mailusers' (fqdn iredmail): found 1 accounts, 3 addresses, 0 groups

and then after I add a new account within iRedMail:

Jun 22 01:52:26 pmg-hourly[1342]: start syncing ldap profile 'mailusers' (fqdn iredmail)
Jun 22 01:52:26 pmg-hourly[1342]: finished syncing ldap profile 'mailusers' (fqdn iredmail): found 1 accounts, 4 addresses, 0 groups

So I figure there must be either something wrong with the connection info I provided to Proxmox or the way that iRedMail sets up LDAP. I seems as though Proxmox sees the email addresses, but sees them as just that instead of accounts.

Any ideas on what I must have done wrong here?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!