OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: Postfix LDAP alldomain trouble

From: Anders Bruun Olsen (andersbruun-olsen.net)
Date: Thu May 22 2003 - 08:58:33 CDT

On Thu, May 22, 2003 at 03:15:47PM +0200, Anders Bruun Olsen wrote:
> > > What I do to use more than one address for a user is use just one mail
> > > attribute per user, which is the result attribute:
> > > ldapalias_result_attribute = mail
> > > And then use another attribute for the alias, I use
> > > mailAlternateAddress, and use a query filter like:
> > > ldapalias_query_filter = (|(mail=%s)(mailAlternateAddress=%s))
> > > Works fine, the address to deliver to is just one address. (complete
> > > documentation is at www.vriesman.tk)
> I've looked at the documentation on this site, this is definitely
> something I can use :)
> > This works well until one decides to implement groups using DN references
> > or LDAP URL (dynamic lists). If support for these becomes necessary, you
> > will need to use a different result attribute for non group objects.
> > ldap_group_special_result_attribute = member
> > ldap_group_result_attribute = maildrop
> > Every user will need a "maildrop" attribute, this should point to their
> > delivery mailbox, groups *must not* have a "maildrop" attribute.
> > - "mail" might be First.Lastexample.com
> > - "maildrop" might be flastimap1.example.com
> > OR
> > - "maildrop" might be equal to "mail"
> > The reason for this is that otherwise group expansion will generate the
> > original group address in addition to all the members.
> I only need the "all" alias which delivers to all accounts on that
> domain - groups I am going to implement as shared folders which the
> correct people can subscribe to instead.
> I'll write again if I run into trouble with the advice I have gotten
> here, thanks to those who responded :)

Actually, now that I am sitting here trying to wrap my mind around this
thing (understanding how the process works is important to me!) I have
run into some questions:

What exactly is the difference between alias_maps and
virtual_alias_maps?

If what I want to achieve is that when an email arrives postfix checks
if the domain is hosted here (mydestination would be the correct way to
check that right?). Then it checks if there are multiple destination
accounts for that email (the infamous alldomain alias thingy) and if
there are goes on to get a list of all those accounts and then delivers
to each account using maildrop (mailbox_command and seperate config to
tell maildrop to make ldap lookups to determine where the mail should be
put.
If it isn't for multiple adresses then it should check if it is an alias
and fetch the real address. Then it should deliver it.

Can anybody tell me first of all if this approach is feasible and
second of all how to implement it? (we are still talking LDAP backend
here!)

Here are the parts from my main.cf that I am uncertain about:

# Delivery of mails
local_recipient_maps = $virtual_mailbox_maps
unknown_local_recipient_reject_code = 450
message_size_limit = 10280000
mailbox_command = /usr/bin/maildrop -d "$USER" -f "$SENDER" "$EXTENSION"

# aliases and virtual stuff
virtual_alias_maps = ldap:ldapvirtual
virtual_alias_domains = ldap:ldapvirtual
alias_maps = ldap:ldapaliases
virtual_minimum_uid = 1
virtual_uid_maps = static:8
virtual_gid_maps = static:100
virtual_mailbox_base = /var/spool/mail
virtual_result_attribute = mailbox
virtual_mailbox_maps = ldap:ldapvirtual
virtual_maildir_extended = yes
virtual_recipient_maps = ldap:ldapvirtual

ldapaliases_timeout = 10
ldapaliases_server_host = ldap.mydomain.tld
ldapaliases_server_port = 389
ldapaliases_search_base = ou=accounts,dc=mydomain,dc=tld
ldapaliases_query_filter = (mail=%s)
ldapaliases_result_attribute = mailForwardingAddress
ldapaliases_bind = yes
ldapaliases_bind_dn = cn=postfix,ou=daemons,dc=mydomain,dc=tld
ldapaliases_bind_pw = XXX

ldapvirtual_timeout = 10
ldapvirtual_server_host = ldap.mydomain.tld
ldapvirtual_search_base = ou=accounts,dc=mydomain,dc=tld
ldapvirtual_server_port = 389
ldapvirtual_query_filter = (mail=%s)
ldapvirtual_result_attribute = mailbox
ldapvirtual_bind = yes
ldapvirtual_bind_dn = cn=postfix,ou=daemons,dc=mydomain,dc=tld
ldapvirtual_bind_pw = XXX

I know that my ldap config options are completely wrong, so any
suggestions for result attribute and query_filter are really
appreciated. What I really need though is a good description of how the
process I described above is achieved in postfix without any special
LDAP considerations.

--
Anders
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/O d-- s:+ a-- C++ $UL+++ P++ L+++ E- W+ N(+) o K? w O- M-- V
PS+ PE Y+ PGP+ t 5 X R+ tv+ b+ DI+++ D+ G e- h !r y?
------END GEEK CODE BLOCK------
PGPKey: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8BFECB41