On 07/10/10 22:57 +0200, Andreas Ntaflos wrote:
On Tuesday 05 October 2010 05:57:16 Dan White wrote:
Postfix, as you probably already know, has LDAP support for looking up most tables, which is how I implement virtual domain lookups.
I've asked this in another message as well but how would an LDAP query for Postfix's virtual_mailbox_domains look like, typically? Would the DIT need an additional ou, such as ou=VirtualDomains,dc=example,dc=com? I can't seem to get my head around that.
I hard code the list of domains within my main.cf, with virtual_mailbox_domains, since its a small list.
You could replace that static list with a call to LDAP, like:
virtual_mailbox_domains = ldap:/etc/postfix/list-of-domains.cf
with some kind of one off LDAP entry in your tree, but that's more trouble that I'm willing to deal with. If your list of domains changes fairly often, then that makes more since (but might incur a slight performance penalty).
It could look something like:
dn: ou=domainlist,dc=example,dc=com objectClass: top objectClass: organizationalUnit ou: domainlist description: custdom.com description: example.net description: example.com description: ...
So I guess my question is really more about how to properly design a DIT that holds multiple independent domains and for each domain possibly hundreds of users and groups.
I went with a flat design, which has worked well. That is:
uid=jsmith@example.net,ou=people,dc=example,dc=com uid=jsmith@custdom.com,ou=people,dc=example,dc=com
and
cn=jsmith@example.net,ou=groups,dc=example,dc=com cn=jsmith@custdom.com,ou=groups,dc=example,dc=com
So example.com is the suffix for the whole of the hosting database and the uids and cns are fully qualified e-mail addresses? Sounds practical enough. I'll be experimenting with that starting next week.
Right.