Integrate Thunderbird with Active Directory

December 18, 2006 at 3:32 pm | Posted in Active Directory, Mozilla, Thunderbird | Leave a comment

To integrate Thunderbird to the AD, you must already have installed and configured Kerberos and Samba so that you can use the net ads to obtain the information you need. There are a lot of documentation out there to get to that point. I will just highlight the main points for the sake of completeness.

We will assume your realm is EXAMPLE.AD and your domain controller, called company_dc is at 172.22.1.34.

Kerberos

The configuration is often held in /etc/krb5.conf and should look like this:

[logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log

[libdefaults]
default_realm = EXAMPLE.AD

[realms]
EXAMPLE.AD = {
kdc = company_dc
}

[domain_realm]
.company_dc = EXAMPLE.AD

Samba

On my system, the configuration file is found on /etc/samba/smb.conf and the relevant parts are:

workgroup = YOURWORKGROUP ; it doesn’t hurt to leave it in
realm = EXAMPLE.AD
netbios name = your_computer_name
client signing = yes
client use spnego = yes
security = ADS
password server = *
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
username map = /etc/samba/smbusers
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
winbind use default domain = yes
template homedir = /home/%D/%U
ldap ssl = no
unix charset = LOCALE

At this point, you should be able to type:

net ads info

On my machine, it returned:

LDAP server: 172.22.1.34
LDAP server name: company_dc
Realm: EXAMPLE.AD
Bind Path: dc=EXAMPLE,dc=AD
LDAP port: 389
Server time: Fri, 29 Sep 2006 11:21:57 GMT
KDC server: 172.22.1.34
Server time offset: -5

Bind DN
ou need to figure out what your Bind DN is in order to login to the LDAP of your AD. You can get it with the following command (replace mydomainloginusername with your own):

(all one line)

net ads search ‘(sAMAccountName=mydomainloginusername)’ userPrincipalName -U mydomainloginusername

Enter your domain login password and the result will be your Bind DN.

Configuring Thunderbird

Address Book
We now have all the information we need. In Thunderbird, open the addressbook with Tools -> Address Book and go to File -> New -> LDAP Directory and enter the following:

Name: My Company LDAP
Hostname: company_dc
Base DN: dc=EXAMPLE,dc=AD (same as Bind Path as returned by net ads info)
Port number: 3268 (the default port will work unreliably, causing lots of hanging and slowing down, while port 3268 will work perfectly)
Bind DN: yourbinddn_as_found_above
Use Secure connection (SSL): off

In the “Advanced” tab, I also selected subtree, but your results may vary

Email

Open the preference panel (Edit -> Preferences) and select the tab “Composition”. Under the section Address Autocompletion, check Local Address Books and Directory Server and pick from the dropdown the one you just created (called My Company LDAP in the example). Accept the changes, compose an email and start typing the name of a recipient. It should prompt you for your domain login password, and you may elect to have Thunderbird remember it. VoilĂ , Autocompletion and address book from your AD in Thunderbird!

Advertisements

Leave a Comment »

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: