Re: exim4 + ldap for virtual domains
Am Montag, den 18. Juli hub jonathan gonzalez folgendes in die Tasten:
Hi!
> i'm having a lot of trouble while integrating ldap (openldap) and exim4.
> I would like to know if some of you have integrated the same products
> and if you can point me in the good direction.
I have this combination running in productive environment.
My exim does more or less only use LDAP as source for any information.
My LDAP structure:
[-] dc=my,dc=base,dc=dn
[+] ou=dom
[+] ou=barbarossa.name
[+] ou=sub.domain.tld
[-] ou=rfc2324.org
[+] uid=max
--- BEGIN User entry ---
objectClass: top
objectClass: posixAccount
objectClass: qmailUser
uid: max
uidNumber: 42006
gidNumber: 23017
gecos: Maximilian Wilhelm
mail: max@rfc2324.org
cn: Maximilian Wilhelm
mailMessageStore: /path/to/Maildir/of/user
mailAlternateAddress: maximilian@rfc2324.org
userPassword: <myabsolutlysecretMailboxpassword>
--- END User entry ---
--- BEGIN catchall entry ---
objectClass: top
objectClass: qmailUser
uid: CATCHALL
mail: CATCHALL@rfc2324.org
mailForwardingAddress: max@rfc2324.org
--- END catchall entry ---
--- BEGIN forward entry ---
objectClass: top
objectClass: qmailUser
uid: max
mail: max@barbarossa.name
mailForwardingAddress: max@rfc2324.org
--- END forward entry ---
As you see, I'm using the qmail.schema [42] for the mail related stuff.
But here's the point where I made a little hack to make things easier:
If just changed the qmail schema to a structural class to allow
minimizing the number of classes to use per user.
Maybe I'll make this point clean in the future. :-)
(The User password supplied above is use be courier which also uses the
LDAP for information about the Maildir paths.)
Some bits from my exim4.conf:
-----snipp-----
LDAPSERVER = ldap.dom.ain
LDAPBASE = dc=my,dc=base,dc=dn
##
# Get the domains
domainlist local_domains = @ : \
@[] : \
localhost : \
my.host.name :\
lists.dom.ain :\
ldapm;ldap::///ou=${domain},ou=dom,LDAPBASE??base
###
#
# Directors
##
# Check for users in LDAP (only users with local mailboxes)
#
ldapuser:
driver = accept
condition = ${if eq {}{${lookup ldap {ldap://LDAPSERVER/ou=${domain},ou=dom,LDAPBASE?mailMessageStore?sub?(|(mail=${local_part}@${domain})(mailAlternateAddress=${local_part}@${domain}))}}}{no}{yes}}
retry_use_local_part
transport = ldap_delivery
##
# Check for forwarding entries in LDAP
#
ldapalias:
driver = redirect
data = ${lookup ldap {ldap://LDAPSERVER/ou=${domain},ou=dom,LDAPBASE?mailForwardingAddress?sub?(|(mail=${local_part}@${domain})(mailAlternateAddress=${local_part}@${domain}))} {$value} fail }
##
# Check the LDAP for existing catchall for this domain.
#
catchall:
driver = redirect
data = ${lookup ldap {ldap://LDAPSERVER/ou=${domain},ou=dom,LDAPBASE?mailForwardingAddress?sub?(mail=CATCHALL@${domain})} {$value} fail }
###
#
# Transports
##
# Deliver mail to users stored in the LDAP
#
ldap_delivery:
driver = appendfile
check_string = ""
create_directory
delivery_date_add
directory = ${lookup ldap {ldap://LDAPSERVER/ou=${domain},ou=dom,LDAPBASE?mailMessageStore?sub?(|(mail=${local_part}@${domain})(mailAlternateAddress=${local_part}@${domain}))} {$value} fail }
directory_mode = 0700
envelope_to_add
# user = mail
# group = mail
user = ${lookup ldap {ldap://LDAPSERVER/ou=${domain},ou=dom,LDAPBASE?uidNumber?sub?(|(mail=${local_part}@${domain})(mailAlternateAddress=${local_part}@${domain}))} {$value} fail }
group = ${lookup ldap {ldap://LDAPSERVER/ou=${domain},ou=dom,LDAPBASE?gidNumber?sub?(|(mail=${local_part}@${domain})(mailAlternateAddress=${local_part}@${domain}))} {$value} fail }
maildir_format
message_prefix = ""
message_suffix = ""
mode = 0660
no_mode_fail_narrower
return_path_add
# quota = ${lookup ldap {ldap://LDAPSERVER/ou=${domain},ou=dom,LDAPBASE?mailQuota?sub?(|(mail=${local_part}@${domain})(mailAlternateAddress=${local_part}@${domain}))} {$value} }
-----snipp-----
So thats all the magic...
> The biggest trouble is in the most important part of the configuration
> of exim: virtual_uses, virtual_alias and authenticators.
I have to admit that I do not have authenticator which auth against the
LDAP as it's only a few people who can relay via this server so I hacked
it via a plain text file. If I have the time...
Hope that helps a bit :)
Ciao
Max
[42] http://www.rfc2324.org/qmail.schema
--
Follow the white penguin.
Reply to: