I need help setting up ldap.

dronmaxman

The settings for ldap are correct. Test Connection - OK

domain user
samaccountname = kurochkina
mail = andrii.kyrochkin@mydomain.com

The network dump of the connection to ldap shows that the connection and verification are correct.

To log in, I use the user’s login in the domain.

Error in php

php-fpm-mailcow-1 | [17-Apr-2025 16:32:36] WARNING: [pool web-worker] child 45 said into stderr: “NOTICE: PHP message: mailcow UI: Invalid password for kurochkina by 95.158.XX.XX”

Where’s the error?

DonZalmrol

I had to scratch my head for the filter as well, I’ve used these settings

Username field = mail
Filter = (&(objectCategory=Person)(sAMAccountName=*)(memberOf=CN=DistuingishedNameOfyourSecurityGroupHere))
Attribute Field = SIE

Enabled Periodic full sync and import users

dronmaxman

DonZalmrol Yes, I’m using a simple filter (&(mail=*)) for testing, but judging by the ldap dump, it works correctly.

Attribute Field = SIE
Can you write about this in more detail?

DonZalmrol

dronmaxman the attribute field needs to match your attribute mapping.

Example: my settings

anomaly0617

dronmaxman I’m running into a similar problem with LDAP integration. You mention an LDAP dump above. Is there a way for me to enable debuggina and see the result set that is coming back from LDAP, or some level of verbose output when I try to log in? I’m 20+ years fluent in linux, so looking at files via SSH is not a problem.

Thanks!

dronmaxman

DonZalmrol Cool!! I changed the Username Field = mail and everything worked.

It’s a bit inconvenient, because the email and login can be significantly different, which seems to be the ideology of mailcow.

Discussion on this issue: https://community.mailcow.email/d/5-usernames-without-domain

DonZalmrol

dronmaxman yeah, but practice nowadays is to have the UPN and e-mail the same.

DocFraggle

If you use port 389 (no SSL), then you can just use tcpdump, dump it Wireshark compatible and have a look at it in Wireshark

tcpdump -vv -nn -i any -s 65535 -w /your/output/file.pcap port 389