Adds LDAP accounts to mailcow-dockerized and enables LDAP (e.g., Active Directory) authentication.
A python script periodically checks and creates new LDAP accounts and deactivates deleted and disabled ones with mailcow API. It also enables LDAP authentication in SOGo and dovecot.
Create a data/ldap
directory. SQLite database for synchronization will be stored there.
Extend your docker-compose.override.yml
with an additional container:
ldap-mailcow:
image: programmierus/ldap-mailcow
network_mode: host
container_name: mailcowcustomized_ldap-mailcow
depends_on:
- nginx-mailcow
volumes:
- ./data/ldap:/db:rw
- ./data/conf/dovecot:/conf/dovecot:rw
- ./data/conf/sogo:/conf/sogo:rw
environment:
- LDAP-MAILCOW_LDAP_HOST=ldap(s)://dc.example.local
- LDAP-MAILCOW_LDAP_BASE_DN=OU=Mail Users,DC=example,DC=local
- LDAP-MAILCOW_LDAP_BIND_DN=CN=Bind DN,CN=Users,DC=example,DC=local
- LDAP-MAILCOW_LDAP_BIND_DN_PASSWORD=BindPassword
- LDAP-MAILCOW_LDAP_FILTER=(&(objectClass=user)(objectCategory=person))
- LDAP-MAILCOW_LDAP_FIELDS_MAIL=userPrincipalName
- LDAP-MAILCOW_LDAP_FIELDS_NAME=cn
- LDAP-MAILCOW_API_HOST=https://mailcow.example.local
- LDAP-MAILCOW_API_KEY=XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX
- LDAP-MAILCOW_API_SSL_VERIFY=1
- LDAP-MAILCOW_SYNC_INTERVAL=300
- LDAP-MAILCOW_EMAIL_DOMAINS=mydomain1.com,mydomain2.com
Configure environmental variables:
LDAP-MAILCOW_LDAP_HOST
- LDAP (e.g., Active Directory) server (must be reachable from within the container)LDAP-MAILCOW_LDAP_BASE_DN
- base DN where user accounts can be foundLDAP-MAILCOW_LDAP_BIND_DN
- bind DN of a special LDAP account that will be used to browse for usersLDAP-MAILCOW_LDAP_BIND_DN_PASSWORD
- password for bind DN accountLDAP-MAILCOW_LDAP_FILTER
- LDAP filter string to find users accountLDAP-MAILCOW_LDAP_FIELDS_MAIL
- LDAP user mail fieldLDAP-MAILCOW_LDAP_FIELDS_NAME
- LDAP user full name fieldLDAP-MAILCOW_API_HOST
- mailcow API url. Make sure it's enabled and accessible from within the container for both reads and writesLDAP-MAILCOW_API_KEY
- mailcow API key (read/write)LDAP-MAILCOW_API_SSL_VERIFY
- 1 - Enable, 0 - Disable SSL certificate validation when request to mailcow APILDAP-MAILCOW_SYNC_INTERVAL
- interval in seconds between LDAP synchronizationsLDAP-MAILCOW_EMAIL_DOMAINS
- Domain names to considerStart additional container: docker-compose up -d ldap-mailcow
Check logs docker-compose logs ldap-mailcow
Restart dovecot and SOGo if necessary docker-compose restart sogo-mailcow dovecot-mailcow
Container internally uses the following configuration templates:
/templates/sogo/plist_ldap
/templates/dovecot/ldap/passdb.conf
These files have been tested against Active Directory running on Windows Server 2019 DC. If necessary, you can edit and remount them through docker volumes. Some documentation on these files can be found here: dovecot, SOGo