Integrate Thunderbird with Active Directory
Note: this tutorial is based on my post on linux.com, with added information.
To integrate Thunderbird to the AD, you must already have installed and configured Kerberos and Samba so that you can use the net ads to obtain the information you need. There are a lot of documentation out there to get to that point. I will just highlight the main points for the sake of completeness.
We will assume your realm is EXAMPLE.AD and your domain controller, called company_dc is at 172.22.1.34.
Kerberos
The configuration is often held in /etc/krb5.conf and should look like this:
[logging] default = FILE:/var/log/kerberos/krb5libs.log kdc = FILE:/var/log/kerberos/krb5kdc.log admin_server = FILE:/var/log/kerberos/kadmind.log [libdefaults] default_realm = EXAMPLE.AD [realms] EXAMPLE.AD = { kdc = company_dc } [domain_realm] .company_dc = EXAMPLE.AD
Samba
On my system, the configuration file is found on /etc/samba/smb.conf and the relevant parts are:
workgroup = YOURWORKGROUP ; it doesn't hurt to leave it in realm = EXAMPLE.AD netbios name = your_computer_name client signing = yes client use spnego = yes security = ADS password server = * encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd username map = /etc/samba/smbusers idmap uid = 10000-20000 idmap gid = 10000-20000 winbind separator = + winbind use default domain = yes template homedir = /home/%D/%U ldap ssl = no unix charset = LOCALE
At this point, you should be able to type:
net ads info
On my machine, it returned:
LDAP server: 172.22.1.34
LDAP server name: company_dc
Realm: EXAMPLE.AD
Bind Path: dc=EXAMPLE,dc=AD
LDAP port: 389
Server time: Fri, 29 Sep 2006 11:21:57 GMT
KDC server: 172.22.1.34
Server time offset: -5
Bind DN
You need to figure out what your Bind DN is in order to login to the LDAP of your AD. You can get it with the following command (replace mydomainloginusername with your own):
net ads search '(sAMAccountName=mydomainloginusername)' userPrincipalName -U mydomainloginusername
Enter your domain login password and the result will be your Bind DN.
Configuring Thunderbird
Address Book
We now have all the information we need. In Thunderbird, open the addressbook with Tools -> Address Book and go to File -> New -> LDAP Directory and enter the following:
Name: My Company LDAP
Hostname: company_dc
Base DN: dc=EXAMPLE,dc=AD (same as Bind Path as returned by net ads info)
Port number: 3268 (the default port will work unreliably, causing lots of hanging and slowing down, while port 3268 will work perfectly)
Bind DN: yourbinddn_as_found_above
Use Secure connection (SSL): off
In the "Advanced" tab, I also selected subtree, but your results may vary
Open the preference panel (Edit -> Preferences) and select the tab "Composition". Under the section Address Autocompletion, check Local Address Books and Directory Server and pick from the dropdown the one you just created (called My Company LDAP in the example). Accept the changes, compose an email and start typing the name of a recipient. It should prompt you for your domain login password, and you may elect to have Thunderbird remember it. Voilà, Autocompletion and address book from your AD in Thunderbird!