Skip to content

LDAP account synchronization and authentication for mailcow-dockerized

Notifications You must be signed in to change notification settings

p-artur/ldap-mailcow

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ldap-mailcow

Adds LDAP accounts to mailcow-dockerized and enables LDAP (e.g., Active Directory) authentication.

How does it work

A python script periodically checks and creates new LDAP accounts and deactivates deleted and disabled ones with mailcow API. It also enables LDAP authentication in SOGo and dovecot.

Usage

  1. Create a data/ldap directory. SQLite database for synchronization will be stored there.

  2. Extend your docker-compose.override.yml with an additional container:

    ldap-mailcow:
        image: programmierus/ldap-mailcow
        network_mode: host
        container_name: mailcowcustomized_ldap-mailcow
        depends_on:
            - nginx-mailcow
        volumes:
            - ./data/ldap:/db:rw
            - ./data/conf/dovecot:/conf/dovecot:rw
            - ./data/conf/sogo:/conf/sogo:rw
        environment:
            - LDAP-MAILCOW_LDAP_HOST=ldap(s)://dc.example.local
            - LDAP-MAILCOW_LDAP_BASE_DN=OU=Mail Users,DC=example,DC=local
            - LDAP-MAILCOW_LDAP_BIND_DN=CN=Bind DN,CN=Users,DC=example,DC=local
            - LDAP-MAILCOW_LDAP_BIND_DN_PASSWORD=BindPassword
            - LDAP-MAILCOW_LDAP_FILTER=(&(objectClass=user)(objectCategory=person))
            - LDAP-MAILCOW_LDAP_FIELDS_MAIL=userPrincipalName
            - LDAP-MAILCOW_LDAP_FIELDS_NAME=cn
            - LDAP-MAILCOW_API_HOST=https://mailcow.example.local
            - LDAP-MAILCOW_API_KEY=XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX
            - LDAP-MAILCOW_API_SSL_VERIFY=1
            - LDAP-MAILCOW_SYNC_INTERVAL=300
  3. Configure environmental variables:

    • LDAP-MAILCOW_LDAP_HOST - LDAP (e.g., Active Directory) server (must be reachable from within the container)
    • LDAP-MAILCOW_LDAP_BASE_DN - base DN where user accounts can be found
    • LDAP-MAILCOW_LDAP_BIND_DN - bind DN of a special LDAP account that will be used to browse for users
    • LDAP-MAILCOW_LDAP_BIND_DN_PASSWORD - password for bind DN account
    • LDAP-MAILCOW_LDAP_FILTER - LDAP filter string to find users account
    • LDAP-MAILCOW_LDAP_FIELDS_MAIL - LDAP user mail field
    • LDAP-MAILCOW_LDAP_FIELDS_NAME - LDAP user full name field
    • LDAP-MAILCOW_API_HOST - mailcow API url. Make sure it's enabled and accessible from within the container for both reads and writes
    • LDAP-MAILCOW_API_KEY - mailcow API key (read/write)
    • LDAP-MAILCOW_API_SSL_VERIFY - 1 - Enable, 0 - Disable SSL certificate validation when request to mailcow API
    • LDAP-MAILCOW_SYNC_INTERVAL - interval in seconds between LDAP synchronizations
  4. Start additional container: docker-compose up -d ldap-mailcow

  5. Check logs docker-compose logs ldap-mailcow

  6. Restart dovecot and SOGo if necessary docker-compose restart sogo-mailcow dovecot-mailcow

LDAP Fine-tuning

Container internally uses the following configuration templates:

  • SOGo: /templates/sogo/plist_ldap
  • dovecot: /templates/dovecot/ldap/passdb.conf

These files have been tested against Active Directory running on Windows Server 2019 DC. If necessary, you can edit and remount them through docker volumes. Some documentation on these files can be found here: dovecot, SOGo

About

LDAP account synchronization and authentication for mailcow-dockerized

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 97.0%
  • Dockerfile 3.0%