[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: LDAP & postfix



On Thu, 12 Aug 2004 07:57:17 EDT, Fraser Campbell writes:
>> What MDA are you using? I've just set up postfix/OpenLDAP/courier
>>  for a customer.

>Exactly what I would like to use.  My problem is mainly with LDAP, I've set up
>postfix many times using mysql for account storage and using virtual users.  
>This time around I want to store accounts in LDAP and use "real" accounts (as 
>opposed to the postfix virtual delivery agent).
>
>Any chance you could show me the LDAP setup along with a dump (LDIF) of how a 
>few accounts are set up?

Sure.

main.cf:

alias_maps = hash:/etc/aliases ldap:ldapsource
...
virtual_mailbox_base = /
virtual_mailbox_maps = ldap:ldapsource
virtual_uid_maps = static:8
virtual_gid_maps = static:8
virtual_minimum_uid = 8
virtual_mailbox_size = 10000000
...
ldapsource_server_host = localhost
ldapsource_search_base = ou=virtualusers,dc=XXX,dc=at
ldapsource_query_filter = (&(mail=%s)(objectClass=CourierMailAccount))
ldapsource_result_attribute = homeDirectory
ldapsource_result_filter = %s/Maildir/
ldapsource_scope = sub
ldapsource_bind = yes
ldapsource_bind_dn = cn=postfix,ou=daemons,dc=XXX,dc=at
ldapsource_bind_pw = xxx
# ldapsource_debuglevel = 99

courier is pretty straightforward, I only had grief with shared IMAP 
 folders. If you need that config, too, I'll need to find half an hour 
 to dig out the necessary bits.

In LDAP I have objects for both courier and postfix, like
 dn: cn=courier,ou=daemons,dc=XXX,dc=at
 objectClass: top
 objectClass: applicationProcess
 objectClass: simpleSecurityObject
 cn: courier
 userPassword:: XXX
 creatorsName: cn=admin
 createTimestamp: 20040708123655Z
 modifiersName: cn=admin
 modifyTimestamp: 20040708123655Z

And
 dn: ou=virtualusers,dc=XXX,dc=at
 objectClass: organizationalUnit
 ou: virtualusers
 creatorsName: cn=admin
 createTimestamp: 20040708123730Z
 modifiersName: cn=admin
 modifyTimestamp: 20040708123730Z

And users like
 dn: cn=waldner,ou=virtualusers,dc=XXX,dc=at
 creatorsName: cn=admin
 createTimestamp: 20040708124820Z
 userPassword:: XXX
 objectClass: top
 objectClass: CourierMailAccount
 mail: rw@XXX.at
 mail: waldner@XXX.at
 mail: r.waldner@XXX.at
 uidNumber: 8
 gidNumber: 8
 homeDirectory: /var/mail/waldner/
 clearPassword: XXX
 modifiersName: cn=admin
 modifyTimestamp: 20040723110831Z

I've extended an ldap-scheme I found somewhere[0] a bit, because I 
 needed other, and more, stuff (like vacation info, but I'll not 
 include that here). OpenLDAP itself didn't need more tweaking than is 
 obvious in the config-files.

0: google for ISPEnv2.schema

cheers,
&rw
-- 
/ Ing. Robert Waldner | Security Engineer |  CoreTec IT-Security  \
\   <rw@coretec.at>   | T +43 1 503 72 73 | F +43 1 503 72 73 x99 /


Attachment: pgpeGJKcPVM7h.pgp
Description: PGP signature


Reply to: