Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Tony Earnshaw (tonnihetnet.nl)
Date: Sat Jul 28 2007 - 06:02:09 CDT
Patrick - South Valley Internet skrev, on 26-07-2007 22:14:
> I've been having a wonderful time trying to get Postfix to talk with
> LDAP. I've been trying to follow several different HOWTO's and such,
> and although I'm slowly understanding everything as a whole, I feel much
> better doing this without using another HOWTO that isn't complete.
> I've read http://www.postfix.org/LDAP_README.html but I still have a few
> questions regarding what to put where.
> I'm using an existing working configuration of main.cf from our current
> mail server. This new mail server with LDAP implementation is going to
> replace our old server. The current server does not have any LDAP
> entries in main.cf.
> This server will not be hosting any virtual domains when I'm finished.
> It will have different variations of our domain name, such as .biz,
> .info, and .org. I don't know if those count as virtual domains to
> If I want to have Postfix to authenticate users via LDAP, what entries
> would I edit? Here's what our current entries look like which I believe
> to be LDAP related:
> virtual_alias_maps = hash:/etc/postfix/virtual
> virtual_alias_domains = $virtual_alias_maps
> transport_maps = hash:/etc/postfix/transport
> alias_database = hash:/etc/postfix/aliases,
What's in these maps? Quote one line of each, apart from transport.
> Secondly, I want to be able to configure a separate /home for each user
> that will be different from where their mail is. I also want to use
> Maildir format, because the /home and mail directory will be NFS
> mounted. After reading a bunch of stuff regarding Postfix and LDAP, I
> found something regarding the qmail.schema which will allow me to define
> a mail directory as well as a home directory. I don't know how I would
> be able to configure Postfix to accommodate that. Any ideas?
The high school site of which I'm mail/LDAP admin has mail users on a
dedicated mail server with all their mail folders under a common
hierarchy which has nothing to do with their home directories on other
(e.g. Samba, Linux Terminal Server Project etc.) servers. We use LDAP
across the board for authentication (and other reasons), so that each
user has a common login (POSIX UID) id and password for all services.
Postfix (2.4.3) hands mail to Courier maildrop for distribution to the
mail folders, and Postfix doesn't know anything about the above
hierarchy, it just authenticates the users. maildrop (actually Courier
authlib) *does* have to know about the virtual user used for mail and
where the mail folders are, but that has nothing to do with Postfix. As
an aside, maildrop can deal with virtual domains, procmail (at least,
older versions) can't. We also use Courier IMAP, not dovecot.
here's a typical group ldap .cf file, that's defined in
timeout = 20
version = 3
domain = barlaeus.nl
server_host = ldapi://%2Fvar%2frun%2fslapd%2Fldapi/
search_base = ou=docenten,dc=school,dc=nl
scope = sub
query_filter = (&(objectClass=posixAccount)(|(mail=%s)(uid=%u)))
#result_attribute = mail
result_attribute = uid
We also use LDAP for most aliases (not Unix system users), but not for
transport (no point, we have 1,500+ users, but only a couple of transports).
> I think I'll hold off on any Dovecot questions, mainly because I want to
> get Postfix up and running and accepting new mail before I test out
Here's authlib's configuration file, so you know what we do. Note that
there's no reference to users' home directories, which the ns libraries
(e.g. getent passwd, getent group) use to find out each user's real home
1034 [root:mercurius.intern] /etc/authlib # grep '^[^#]' authldaprc
Note the fallback ldap server in each example; if the LDAP server on the
mail server breaks down, all hell breaks loose without a fallback server.
mailMessageStore is, indeed, from qmail.schema
Email: tonni at hetnet dot nl