Re: exim4 + ldap for virtual domains

To: debian-isp@lists.debian.org
Subject: Re: exim4 + ldap for virtual domains
From: Maximilian Wilhelm <max@rfc2324.org>
Date: Wed, 20 Jul 2005 00:44:43 +0200
Message-id: <[🔎] 20050719224443.GB5408@rfc2324.org>
Mail-followup-to: debian-isp@lists.debian.org
In-reply-to: <[🔎] 42DB0D1D.3040505@surestorm.com>
References: <[🔎] 42DB0D1D.3040505@surestorm.com>

Am Montag, den 18. Juli hub jonathan gonzalez folgendes in die Tasten:

Hi!

> i'm having a lot of trouble while integrating ldap (openldap) and exim4. 
> I would like to know if some of you have integrated the same products 
> and if you can point me in the good direction.

I have this combination running in productive environment.

My exim does more or less only use LDAP as source for any information.

My LDAP structure:

[-] dc=my,dc=base,dc=dn
 [+] ou=dom
  [+] ou=barbarossa.name
  [+] ou=sub.domain.tld
  [-] ou=rfc2324.org
   [+] uid=max


--- BEGIN User entry ---
objectClass: top
objectClass: posixAccount
objectClass: qmailUser
uid: max
uidNumber: 42006
gidNumber: 23017
gecos: Maximilian Wilhelm
mail: max@rfc2324.org
cn: Maximilian Wilhelm
mailMessageStore: /path/to/Maildir/of/user
mailAlternateAddress: maximilian@rfc2324.org
userPassword: <myabsolutlysecretMailboxpassword>
--- END User entry ---


--- BEGIN catchall entry ---
objectClass: top
objectClass: qmailUser
uid: CATCHALL
mail: CATCHALL@rfc2324.org
mailForwardingAddress: max@rfc2324.org
--- END catchall entry ---


--- BEGIN forward entry ---
objectClass: top
objectClass: qmailUser
uid: max
mail: max@barbarossa.name
mailForwardingAddress: max@rfc2324.org
--- END forward entry ---


As you see, I'm using the qmail.schema [42] for the mail related stuff.
But here's the point where I made a little hack to make things easier:
 If just changed the qmail schema to a structural class to allow
 minimizing the number of classes to use per user.

Maybe I'll make this point clean in the future. :-)

(The User password supplied above is use be courier which also uses the
 LDAP for information about the Maildir paths.)


Some bits from my exim4.conf:

-----snipp-----
LDAPSERVER = ldap.dom.ain
LDAPBASE = dc=my,dc=base,dc=dn

##
# Get the domains
domainlist local_domains = @ : \
    @[] : \
    localhost : \
    my.host.name :\
    lists.dom.ain :\
    ldapm;ldap::///ou=${domain},ou=dom,LDAPBASE??base


###
#
# Directors

##
# Check for users in LDAP (only users with local mailboxes)
#
ldapuser:
  driver = accept
  condition = ${if eq {}{${lookup ldap {ldap://LDAPSERVER/ou=${domain},ou=dom,LDAPBASE?mailMessageStore?sub?(|(mail=${local_part}@${domain})(mailAlternateAddress=${local_part}@${domain}))}}}{no}{yes}}
  retry_use_local_part
  transport = ldap_delivery


##
# Check for forwarding entries in LDAP 
# 
ldapalias:
  driver = redirect
  data = ${lookup ldap {ldap://LDAPSERVER/ou=${domain},ou=dom,LDAPBASE?mailForwardingAddress?sub?(|(mail=${local_part}@${domain})(mailAlternateAddress=${local_part}@${domain}))} {$value} fail }

##
# Check the LDAP for existing catchall for this domain.
#
catchall:
  driver = redirect
  data = ${lookup ldap {ldap://LDAPSERVER/ou=${domain},ou=dom,LDAPBASE?mailForwardingAddress?sub?(mail=CATCHALL@${domain})} {$value} fail }



###
#
# Transports

##
# Deliver mail to users stored in the LDAP
#
ldap_delivery:
  driver = appendfile
  check_string = ""
  create_directory
  delivery_date_add
  directory =  ${lookup ldap {ldap://LDAPSERVER/ou=${domain},ou=dom,LDAPBASE?mailMessageStore?sub?(|(mail=${local_part}@${domain})(mailAlternateAddress=${local_part}@${domain}))} {$value} fail }
  directory_mode = 0700
  envelope_to_add
#  user = mail
#  group = mail
  user =  ${lookup ldap {ldap://LDAPSERVER/ou=${domain},ou=dom,LDAPBASE?uidNumber?sub?(|(mail=${local_part}@${domain})(mailAlternateAddress=${local_part}@${domain}))} {$value} fail }
  group =  ${lookup ldap {ldap://LDAPSERVER/ou=${domain},ou=dom,LDAPBASE?gidNumber?sub?(|(mail=${local_part}@${domain})(mailAlternateAddress=${local_part}@${domain}))} {$value} fail }
  maildir_format
  message_prefix = ""
  message_suffix = ""
  mode = 0660
  no_mode_fail_narrower
  return_path_add
#  quota = ${lookup ldap {ldap://LDAPSERVER/ou=${domain},ou=dom,LDAPBASE?mailQuota?sub?(|(mail=${local_part}@${domain})(mailAlternateAddress=${local_part}@${domain}))} {$value}  }
-----snipp-----

So thats all the magic...

> The biggest trouble is in the most important part of the configuration 
> of exim: virtual_uses, virtual_alias and authenticators.

I have to admit that I do not have authenticator which auth against the
LDAP as it's only a few people who can relay via this server so I hacked
it via a plain text file. If I have the time...

Hope that helps a bit :)

Ciao
Max

[42] http://www.rfc2324.org/qmail.schema
-- 
	Follow the white penguin.

Reply to:

References:
- exim4 + ldap for virtual domains
  - From: jonathan gonzalez <jonathan@surestorm.com>

Prev by Date: sarge and promise fasttrak100
Next by Date: Re: SATA RAID5 PCI-X adaptor (with xor engine) other than 3ware?
Previous by thread: exim4 + ldap for virtual domains
Next by thread: NFS oddity with Sarge/2.6.11
Index(es):
- Date
- Thread