Active Directory Integration via Webadmin

[mac0s9user]

Hello,

For the life of me I am unable to get Stalwart to play nice with Windows AD (forest level 2016). I've stood up a separate domain controller and stalwart instance (hence the names you'll see) but I seem to continually run into issues. I get a 500 error and am unable to login with AD creds. Here's the error I get from the logs:

 ERROR LDAP error (store.ldap-error) listenerId = "https", localPort = 443, remoteIp = 192.168.2.250, remotePort = 53907, reason = "I/O error: Connection refused (os error 111)", causedB                                                                                                                            y = crates/directory/src/core/dispatch.rs:29
2024-10-02T23:06:52Z TRACE HTTP response body (http.response-body) listenerId = "https", localPort = 443, remoteIp = 192.168.2.250, remotePort = 53907, contents = "{"type":"about:blank","status":500,"title"                                                                                                                            :"Internal Server Error","detail":"There was a problem while processing your request. Please contact the system administrator if this problem persists."}", code = 500, size = 195
2024-10-02T23:08:48Z DEBUG HTTP connection ended (http.connection-end) listenerId = "https", localPort = 443, remoteIp = 192.168.2.250, remotePort = 53907, elapsed = 127430ms

Maybe I don't fully understand how Stalwart integrates with AD. I assume I can create email accounts tied to an AD user? Or login with one? I have to be honest the instructions for AD are a bit...lacking. My bind.auth.dn was taken from this post: #374

config

authentication.fallback-admin.secret = "$6$ASyobWZWoDc0F.n3$XrdfB72hXYXWa8NPLN00nFtxdGckBKEQ8USDMDhCa1FS2bqpc.nkXS4.B6sbZSAqU7a3vMfkEnpxzfvgjBNrc0" authentication.fallback-admin.user = "admin" directory.internal.store = "rocksdb" directory.internal.type = "internal" directory.stalwartat.home.attributes.class = "objectClass" directory.stalwartat.home.attributes.description = "description" directory.stalwartat.home.attributes.email = "mail" directory.stalwartat.home.attributes.email-alias = "mailAlias" directory.stalwartat.home.attributes.groups = "memberOf" directory.stalwartat.home.attributes.name = "sAMAccountName" directory.stalwartat.home.attributes.quota = "diskQuota" directory.stalwartat.home.attributes.secret = "userPassword" directory.stalwartat.home.base-dn = "dc=stalwartat,dc=home" directory.stalwartat.home.bind.auth.dn = "cn=?@stalwartat.home" directory.stalwartat.home.bind.auth.enable = true directory.stalwartat.home.bind.dn = "cn=stalwart,cn=users,dc=stalwartat,dc=home" directory.stalwartat.home.bind.secret = "SquashBanana1!" directory.stalwartat.home.cache.entries = 500 directory.stalwartat.home.cache.ttl.negative = "10m" directory.stalwartat.home.cache.ttl.positive = "1h" directory.stalwartat.home.filter.domains = "(&(|(objectClass=posixAccount)(objectClass=posixGroup))(|(mail=*@?)(mailAlias=*@?)))" directory.stalwartat.home.filter.email = "(&(|(objectClass=posixAccount)(objectClass=posixGroup))(|(mail=?)(mailAlias=?)(mailList=?)))" directory.stalwartat.home.filter.expand = "(&(|(objectClass=posixAccount)(objectClass=posixGroup))(mailList=?))" directory.stalwartat.home.filter.name = "(&(|(objectClass=person))(sAMAccountName=?))" directory.stalwartat.home.filter.verify = "(&(|(objectClass=posixAccount)(objectClass=posixGroup))(|(mail=*?*)(mailAlias=*?*)))" directory.stalwartat.home.timeout = "15s" directory.stalwartat.home.tls.allow-invalid-certs = true directory.stalwartat.home.tls.enable = false directory.stalwartat.home.type = "ldap" directory.stalwartat.home.url = "ldap://stalwartat.home" lookup.default.hostname = "stalwart.stalwartat.home" server.listener.http.bind = "[::]:8080" server.listener.http.protocol = "http" server.listener.https.bind = "[::]:443" server.listener.https.protocol = "http" server.listener.https.tls.implicit = true server.listener.imap.bind = "[::]:143" server.listener.imap.protocol = "imap" server.listener.imaptls.bind = "[::]:993" server.listener.imaptls.protocol = "imap" server.listener.imaptls.tls.implicit = true server.listener.pop3.bind = "[::]:110" server.listener.pop3.protocol = "pop3" server.listener.pop3s.bind = "[::]:995" server.listener.pop3s.protocol = "pop3" server.listener.pop3s.tls.implicit = true server.listener.sieve.bind = "[::]:4190" server.listener.sieve.protocol = "managesieve" server.listener.smtp.bind = "[::]:25" server.listener.smtp.protocol = "smtp" server.listener.submission.bind = "[::]:587" server.listener.submission.protocol = "smtp" server.listener.submissions.bind = "[::]:465" server.listener.submissions.protocol = "smtp" server.listener.submissions.tls.implicit = true server.max-connections = 8192 server.socket.backlog = 1024 server.socket.nodelay = true server.socket.reuse-addr = true server.socket.reuse-port = true storage.blob = "rocksdb" storage.data = "rocksdb" storage.directory = "stalwartat.home" storage.fts = "rocksdb" storage.lookup = "rocksdb" store.rocksdb.compression = "lz4" store.rocksdb.path = "/opt/stalwart-mail/data" store.rocksdb.type = "rocksdb" tracer.log.ansi = false tracer.log.enable = true tracer.log.level = "trace" tracer.log.lossy = false tracer.log.path = "/opt/stalwart-mail/logs" tracer.log.prefix = "stalwart.log" tracer.log.rotate = "daily" tracer.log.type = "log"

[mdecimus]

Hi,

There are no specific instructions for each LDAP server type out there. In your case it seems to be a networking issue:

 ERROR LDAP error (store.ldap-error) listenerId = "https", localPort = 443, remoteIp = 192.168.2.250, remotePort = 53907, reason = "I/O error: Connection refused (os error 111)", causedB  

You need to find out why your LDAP server is refusing connections from Stalwart.