> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ville Walveranta > Sent: Friday, 14 November 2008 3:27 PM > To: Postfix users > Subject: Authenticating aginst ActiveDirectory? > > There is very little on the topic on the web and on the > Postfix Users archives. The little I find seems to imply it's > very difficult to extract password information from AD (say, > to sync to OpenLDAP). > > Since the last thread about this topic in this group is from > last year, I'm asking whether a solution exists at this > point. There is a product called PowerADvantage that would > seem to do the job, but the fact that they don't post their > prices on their website probably suggests that the cost is > likely in four figures which exceeds the available budget > (I'm checking with them anyway). The environment where I'd > need this solution is small, with a dozen or so AD logins, > and so I may just have to maintain the domain passwords > separately from the mail passwords. AD will be kept around to > facilitate resource sharing on the Windows LAN but the mail > is moving from Exchange 2003 to Postfix as soon as possible. > > An OpenSource solution would be preferable, though on > Windows/AD side a utility worth few hundred dollars might > skirt the budget. > > Many thanks again for any advice! >
I'm sorry, why do you need to sync passwords to relay mail to your Exchange servers? To do relay recipient validation, you just need to do a simple LDAP lookup to the AD to verify valid email addresses. Since you only have a single Exchange server, you don't even need to do anything out of the ordinary with LDAP queries to specify the destination relay server for your recipients. If you want AD users to logon to *nix boxes (which is nothing to do with mail services), enable Services for Unix on the AD, and setup LDAP authentication for the specified users in PAM.
