i have done some reading, and it seems that no official standard exists for group email addresses. to that end, i am looking to enlighten myself about what is done to provide mail addresses for groupOfNames groups. i would imagine there is some overlap between what many or most folks do and that would be a good starting point for me. i figure its something like "you have 7 steps to perform, and everyone does step 1,2,3 and 5 the same way. the rest, you are on your own for."
i want to setup mailboxes for these groups, for example:
cn=ldapAdmins,ou=domainGroups,ou=Groups,dc=bpk2,dc=com cn=ldapEngineers,ou=domainGroups,ou=Groups,dc=bpk2,dc=com
these are groupOfNames structural groups, with top and posixGroup classes as aux. where do most folks begin, when setting up group mailboxes? i found a schema that is not official and has been extended with the same names but different numerical OIDs. I am not sure if this is the right path to follow, or if something more "standards focused" is appropriate. any help is appreciated.
thanks,
brendan
On Wed, Jun 17, 2015 at 04:37:36PM -0400, Brendan Kearney wrote:
i have done some reading, and it seems that no official standard exists for group email addresses. to that end, i am looking to enlighten myself about what is done to provide mail addresses for groupOfNames groups.
Are you just trying to add a 'mail' attribute to the group entry, or do you want the MTA (mail system) to use LDAP data to expand the mailing list?
Adding the mail attribute is quite simple: define an AUXILIARY object class that permits the attribute, add that to the group entries, and you can then add the mail attribute.
Doing group-based mail expansion takes more work, and really depends on what MTA you are using. You would need to configure the MTA to recognise the groups as valid list-expansion targets. It would then read the group and fetch the mail attribute from each member entry to construct the list. If the MTA cannot do this two-stage process itself, you could consider using the dynlist overlay in slapd to collect the members' mail addresses into the group entry itself.
Andrew
Andrew Findlay wrote:
Adding the mail attribute is quite simple: define an AUXILIARY object class that permits the attribute, add that to the group entries, and you can then add the mail attribute.
That's what object class 'mailboxRelatedObject' [1] is for.
[1] https://tools.ietf.org/html/draft-stroeder-mailboxrelatedobject
Ciao, Michael.
I am using postfix. is there a benefit to the group based expansion piece you speak of? Postfix is already tied to my ldap instances for user aliases, etc. Andrew Findlay wrote:
Adding the mail attribute is quite simple: define an AUXILIARY object class that permits the attribute, add that to the group entries, and you can then add the mail attribute.
That's what object class 'mailboxRelatedObject' [1] is for.
[1] https://tools.ietf.org/html/draft-stroeder-mailboxrelatedobject
Ciao, Michael.
On Thu, Jun 18, 2015 at 08:13:48AM -0400, brendan kearney wrote:
I am using postfix. is there a benefit to the group based expansion piece you speak of? Postfix is already tied to my ldap instances for user aliases, etc.
It would allow you to use the LDAP groups to define the members of the mailing list as well as the address of the list. The Postfix LDAP README has some ideas about how you might set this up:
http://www.postfix.org/LDAP_README.html#example_group
Andrew
On 06/20/2015 04:54 AM, Andrew Findlay wrote:
On Thu, Jun 18, 2015 at 08:13:48AM -0400, brendan kearney wrote:
I am using postfix. is there a benefit to the group based expansion piece you speak of? Postfix is already tied to my ldap instances for user aliases, etc.
It would allow you to use the LDAP groups to define the members of the mailing list as well as the address of the list. The Postfix LDAP README has some ideas about how you might set this up:
http://www.postfix.org/LDAP_README.html#example_group
Andrew
yes, that is what i came across when i found that there is no official standard. the schemas i found have multiple different OIDs, with some folks adding their own customizations to it. for example:
http://www.ldapadmin.org/docs/postfix.schema uses 1.3.6.1.4.1.15347.2
http://fossies.org/linux/group-e/doc/examples/LDAP/schema/postfix.schema uses 1.3.6.1.4.1.4203.666
and http://www.openldap.org/lists/openldap-technical/201105/msg00033.html uses 1.3.6.1.4.1.50999.1
I am just wondering which OID (and schema) is the least unofficial or the most official one to use.
On Sat, Jun 20, 2015 at 10:11:38AM -0400, Brendan Kearney wrote:
I am just wondering which OID (and schema) is the least unofficial or the most official one to use.
It does not really matter. All you need from an OID in an LDAP system is that it does not clash with anything else. The designers of those schema have presumably allocated OIDs from a space that they control so any of them should be OK.
Attribute names are more important, and certainly must not clash with anything else that you are likely to use so make sure they have been chosen sensibly.
Andrew
Brendan Kearney wrote:
On 06/20/2015 04:54 AM, Andrew Findlay wrote:
On Thu, Jun 18, 2015 at 08:13:48AM -0400, brendan kearney wrote:
I am using postfix. is there a benefit to the group based expansion piece you speak of? Postfix is already tied to my ldap instances for user aliases, etc.
It would allow you to use the LDAP groups to define the members of the mailing list as well as the address of the list. The Postfix LDAP README has some ideas about how you might set this up:
http://www.postfix.org/LDAP_README.html#example_group
Andrew
yes, that is what i came across when i found that there is no official standard. the schemas i found have multiple different OIDs, with some folks adding their own customizations to it. for example:
http://www.ldapadmin.org/docs/postfix.schema uses 1.3.6.1.4.1.15347.2
http://fossies.org/linux/group-e/doc/examples/LDAP/schema/postfix.schema uses 1.3.6.1.4.1.4203.666
1.3.6.1.4.1.4203 is owned by the OpenLDAP Project. Non-OpenLDAP folks should not be using this. The .666 arc is for experimental schemas. Non-OpenLDAP developers should never use this.
If the Postfix developers want to propose an official schema for their use, they should use an OID arc of their own.
and http://www.openldap.org/lists/openldap-technical/201105/msg00033.html uses 1.3.6.1.4.1.50999.1
I am just wondering which OID (and schema) is the least unofficial or the most official one to use.
openldap-technical@openldap.org
-
Andrew Findlay -
brendan kearney -
Brendan Kearney
-
Howard Chu -
Michael Ströder