[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: functions using postfix +ldap

To: deconya <elmailpersonal@gmail.com>
Subject: Re: functions using postfix +ldap
From: Nick Milas <nick@eurobjects.com>
Date: Fri, 06 May 2011 09:54:12 +0300
Cc: openldap-technical@openldap.org
In-reply-to: <4DC29236.1050104@ruberg.no>
References: <BANLkTingxDTfbVGahFV3aP-tfKg9YtZy7w@mail.gmail.com> <4DC29236.1050104@ruberg.no>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10


On 5/5/2011 3:04 ÎÎ, BjÃrn Ruberg wrote:

On 05. mai 2011 13:34, deconya wrote:

Hi

Im using a mail server using postfix + ldap and Im lost with how to
config openldap to made aliases inside postfix. I don't know where can
be information about this option. Any idea?

Here is the implementation we use - modified from info found in theInternet.


It took me some time to figure this out too, so I hope I can help.

The "owner" attribute was added to ease ACLs on alias entries.


================== postfix.schema ==================

#
# This is a customized version version of a publicly available
# postfix schema (available in multiple versions too).
# Customized by Nick in 2010.
#
# Note: 1.3.6.1.4.1.50999should not be currently registered.
# OIDs 1.3.6.1.4 are in the "Internet Private" range but the
# one used here (.1.50999)seems unused as far as we know.
# In any case, use/change at your own risk.
# We accept no responsibility whatsoever.
# This is only an example.
#
# postfix.schema - basic attributes based on default queries
# postfix will make for alias and virtual account lookups
# I don't think there is an official postfix schema out there,
# but if there is, this most certainly is not it.
#
# Initial version by leah@frauerpower.com
# Initial OID was 1.3.6.1.4.1.25260 registered to Frauerpower!
#

# mailacceptinguser and mailAccount added by Barrie Bremner<bjb@netcraft.com>

#

attributetype ( 1.3.6.1.4.1.50999.1.000
NAME 'mailacceptinggeneralid'
DESC 'Defines an address that we accept mail for'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

attributetype ( 1.3.6.1.4.1.50999.1.001
NAME 'maildrop'
DESC 'Defines the address mail goes to'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

attributetype ( 1.3.6.1.4.1.50999.1.002
NAME 'mailacceptinguser'
DESC 'Defines if this user accepts mail'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

attributetype ( 1.3.6.1.4.1.50999.1.003
NAME 'aliasInactive'
SINGLE-VALUE
EQUALITY booleanMatch
DESC 'A flag, for marking the alias as not in use'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

objectClass ( 1.3.6.1.4.1.50999.1.1.100
NAME 'virtualaccount'
DESC 'Holds mail info for a virtual account'
STRUCTURAL
MUST ( owner $ mailacceptinggeneralid $
maildrop $ cn )
MAY ( description $ aliasInactive )
)

objectClass ( 1.3.6.1.4.1.50999.1.1.101
NAME 'maillist'
DESC 'Virtual account for holding mailing list info'
STRUCTURAL
MUST ( mailacceptinggeneralid $
maildrop $ cn )
MAY ( owner $ description $ aliasInactive )
)

objectClass ( 1.3.6.1.4.1.50999.1.1.102
NAME 'mailAccount'
DESC 'Email account details'
AUXILIARY
MUST ( mailacceptinguser $
maildrop $ cn )
MAY ( mailacceptinggeneralid $ aliasInactive )
)

objectClass ( 1.3.6.1.4.1.50999.1.1.105
NAME 'virtualbox'
DESC 'Mailbox for system use'
STRUCTURAL
MUST ( owner $ mail $
uid $ cn )
MAY ( description )
)

========================================================================

========================== Some Indexes needed =========================

index mailacceptinggeneralid eq,pres
index owner eq
index aliasInactive eq

========================================================================

========================== Example alias entry =========================

dn: cn=userx,ou=Aliases,dc=example,dc=com
objectClass: virtualaccount
maildrop: userx@example.com
cn: userx
mailacceptinggeneralid: userx@example.com
mailacceptinggeneralid: userex@example.com
mailacceptinggeneralid: user.ex@example.com
description: Aliases for the user account userx
owner: cn=TechAdmins,ou=Groups,dc=example,dc=com

========================================================================

==================== Example alias entry with dynlist ==================

dn: cn=all,ou=Aliases,dc=example,dc=com
cn: all
objectClass: nisMailAlias
objectClass: labeledURIObject
description: All organization people
owner: cn=TechAdmins,ou=Groups,dc=example,dc=com
mailacceptinggeneralid: all@example.com
mailacceptinggeneralid: all@example.com
labeledURI: ldap:///ou=People,dc=example,dc=com?uid?one?
  (&(|(ou=admin)(ou=tech))(!(ou=system)))

========================================================================

========================= Excerpt from main.cf =========================

virtual_alias_maps = ...,
ldap:/etc/postfix/ldap-aliases.cf,
...
virtual_mailbox_domains = $mydomain
virtual_mailbox_base = /home/vmail/
virtual_mailbox_limit = 0
virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf
virtual_uid_maps = static:500
virtual_gid_maps = static:500

=========================================================================

============================ ldap-aliases.cf ============================

server_host = localhost
search_base = ou=Aliases, dc=example, dc=com
version = 3
scope = sub
query_filter = (&(mailacceptinggeneralid=%s)(!(aliasInactive=TRUE)))
result_attribute = maildrop, uid
bind = yes
bind_dn = uid=authenticate,ou=System,dc=example,dc=com
bind_pw = secret

=========================================================================

Regards,
Nick

References:
- functions using postfix +ldap
  - From: deconya <elmailpersonal@gmail.com>
- Re: functions using postfix +ldap
  - From: Bjørn Ruberg <bjorn@ruberg.no>

Prev by Date: Fw: openldap-technical Digest, Vol 42, Issue 4
Next by Date: Re: Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
Index(es):
- Chronological
- Thread