List Info

Thread: ADvice on AD setup
ADvice on AD setup
country flaguser name
Denmark		 2007-02-23 04:22:48 
Hi,

First of all I need some comments on the following setup.

I have been running the MAIA system for the past 2 years
(vers 1.0.0.RC5)
and are planning to
upgrade to version 1.0.2. Som facts: we have 25.000 users on
exchange, 200
mail domains and
use postfix as MTA.

In our current setup we use auth_method = exchange, and
users login  with
their e-mail address.
To do this the e-mail address have to be identical to the
UPN (UserPrincipalName )
in AD. I have tried to convince the AD people doing this
when creating new users but
....things get more and more messed up so I have to find
another solution.

I have installed the new MAIA version (1.0.2) on a test
server to investigate what 
is possible.

What I would like to achieve is:

        when a user logs into the system they give their
e-mail address and AD password.
        In most cases the user dont know what kind of
attribute the e-mail adress  have
        in the AD system, and they dont care.
        ( many user have 2-10 adresses as smtpProxy and 1
connected with the mail attribute)

       I have a table (MySql) I keep in sync with the AD
system. The table have 2 fields:

            email    distinquishedName (dn)

Now when a users logon to the MAIA system given their email
and AD password, I change the 
email to dn and use that in the ldap_bind (auth_method =
ldap). The auth_ldap returns the
mail atribute which should be the primary e-mail address. 
In the process of logging ind I LINK all smtpProxy to the
primary as e-mail aliases.

Would that be an OK solution or do any have better ideas?


Regards and thanks

Peter Sørensen /University of Sothern Denmark/e-mail:
maspsrsdu.dk
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
Re: ADvice on AD setup
country flaguser name
United States		 2007-02-23 10:14:46 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Feb 23, 2007, at 4:22 AM, Peter Sørensen wrote:

> In the process of logging ind I LINK all smtpProxy to
the primary  
> as e-mail aliases.
>
> Would that be an OK solution or do any have better
ideas?

That sounds right; I had written some of that code
specifically to be  
able to return an array which could then be autolinked, but
I never  
got to the autolink code.

One thing to consider, though, is http://www.maiamai
lguard.org/maia/ 
ticket/427

You know, actually, if even if they tried to log in with an
ldap  
linked account, you could have it return the primary account
from the  
auth() call, and fool Maia into logging in as the primary
account  
anyway.   Ok, that's the best of both worlds.




David Morton
Maia Mailguard http://www.maiamailguard
.com
mortondadgrmm.net



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFF3xL5Uy30ODPkzl0RAuaOAJwMqbE6RYe36RlAW/yBGLHeA/Traini
nggCfeITG
CAbnCrTc2WxiofPWIDvIE+Y=
=SMNa
-----END PGP SIGNATURE-----
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )