How to combine MySQL with AD?

[gyd1]

In my scenario, there is an AD server and the mail client uses an NGINX server. There is no problem with network connectivity. However, when verifying the account and password, the verification fails. How can I synchronize with the AD database?

[pavelkim]

Hello @gyd1,

AD is a completely separate thing from MySQL on many levels. Different protocol, different design, etc.

You mentioned synctonisation, and that could be a workaround for you. It looks possible to export from AD to MySQL/PgSQL everything that's required for the authentication procedure. The downside is that you'd need to do it as often as the AD data gets updated.

The proper way though requires a refactoring the data source bit in nginx-mail-auth-http-server. At this point nginx-mail-auth-http-server only supports whatever jmoiron/sqlxsupports as database backends.

If that's a feature request, I could get to it sometime soon.

[gyd1]

This is a feature request, thank you very much. After looking at the Workflow Diagram in the code, I have a few questions.

1. Why is there a Gmail between the Client and NGINX?
2. In step 8, what data is transmitted from MTA to MySQL?

[gyd1]

My requirement is to use NGINX to proxy SMTP/IMAP4/POP3/services, and then use nginx-mail-auth-http-server to verify the account and password. However, AD will definitely be used when using Exchange Server, so the issue of synchronization between AD data and MySQL is raised.

[gyd1]

Later, the customer required the addition of two-factor authentication. My idea is as shown in the figure. I don’t know if it is correct. Please advise.