On 5/5/2011 3:04 μμ, Bjørn Ruberg wrote:

On 05. mai 2011 13:34, deconya wrote:

...

Hi

Im using a mail server using postfix + ldap and Im lost with how to config openldap to made aliases inside postfix. I don't know where can be information about this option. Any idea?

Here is the implementation we use - modified from info found in the Internet.

It took me some time to figure this out too, so I hope I can help.

The "owner" attribute was added to ease ACLs on alias entries.

================== postfix.schema ==================

# # This is a customized version version of a publicly available # postfix schema (available in multiple versions too). # Customized by Nick in 2010. # # Note: 1.3.6.1.4.1.50999should not be currently registered. # OIDs 1.3.6.1.4 are in the "Internet Private" range but the # one used here (.1.50999)seems unused as far as we know. # In any case, use/change at your own risk. # We accept no responsibility whatsoever. # This is only an example. # # postfix.schema - basic attributes based on default queries # postfix will make for alias and virtual account lookups # I don't think there is an official postfix schema out there, # but if there is, this most certainly is not it. # # Initial version by leah@frauerpower.com # Initial OID was 1.3.6.1.4.1.25260 registered to Frauerpower! # # mailacceptinguser and mailAccount added by Barrie Bremner bjb@netcraft.com #

attributetype ( 1.3.6.1.4.1.50999.1.000 NAME 'mailacceptinggeneralid' DESC 'Defines an address that we accept mail for' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

attributetype ( 1.3.6.1.4.1.50999.1.001 NAME 'maildrop' DESC 'Defines the address mail goes to' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

attributetype ( 1.3.6.1.4.1.50999.1.002 NAME 'mailacceptinguser' DESC 'Defines if this user accepts mail' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

attributetype ( 1.3.6.1.4.1.50999.1.003 NAME 'aliasInactive' SINGLE-VALUE EQUALITY booleanMatch DESC 'A flag, for marking the alias as not in use' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

objectClass ( 1.3.6.1.4.1.50999.1.1.100 NAME 'virtualaccount' DESC 'Holds mail info for a virtual account' STRUCTURAL MUST ( owner $ mailacceptinggeneralid $ maildrop $ cn ) MAY ( description $ aliasInactive ) )

objectClass ( 1.3.6.1.4.1.50999.1.1.101 NAME 'maillist' DESC 'Virtual account for holding mailing list info' STRUCTURAL MUST ( mailacceptinggeneralid $ maildrop $ cn ) MAY ( owner $ description $ aliasInactive ) )

objectClass ( 1.3.6.1.4.1.50999.1.1.102 NAME 'mailAccount' DESC 'Email account details' AUXILIARY MUST ( mailacceptinguser $ maildrop $ cn ) MAY ( mailacceptinggeneralid $ aliasInactive ) )

objectClass ( 1.3.6.1.4.1.50999.1.1.105 NAME 'virtualbox' DESC 'Mailbox for system use' STRUCTURAL MUST ( owner $ mail $ uid $ cn ) MAY ( description ) )

========================================================================

========================== Some Indexes needed =========================

index mailacceptinggeneralid eq,pres index owner eq index aliasInactive eq

========================================================================

========================== Example alias entry =========================

dn: cn=userx,ou=Aliases,dc=example,dc=com objectClass: virtualaccount maildrop: userx@example.com cn: userx mailacceptinggeneralid: userx@example.com mailacceptinggeneralid: userex@example.com mailacceptinggeneralid: user.ex@example.com description: Aliases for the user account userx owner: cn=TechAdmins,ou=Groups,dc=example,dc=com

========================================================================

==================== Example alias entry with dynlist ==================

dn: cn=all,ou=Aliases,dc=example,dc=com cn: all objectClass: nisMailAlias objectClass: labeledURIObject description: All organization people owner: cn=TechAdmins,ou=Groups,dc=example,dc=com mailacceptinggeneralid: all@example.com mailacceptinggeneralid: all@example.com labeledURI: ldap:///ou=People,dc=example,dc=com?uid?one? (&(|(ou=admin)(ou=tech))(!(ou=system)))

========================================================================

========================= Excerpt from main.cf =========================

virtual_alias_maps = ..., ldap:/etc/postfix/ldap-aliases.cf, ... virtual_mailbox_domains = $mydomain virtual_mailbox_base = /home/vmail/ virtual_mailbox_limit = 0 virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf virtual_uid_maps = static:500 virtual_gid_maps = static:500

=========================================================================

============================ ldap-aliases.cf ============================

server_host = localhost search_base = ou=Aliases, dc=example, dc=com version = 3 scope = sub query_filter = (&(mailacceptinggeneralid=%s)(!(aliasInactive=TRUE))) result_attribute = maildrop, uid bind = yes bind_dn = uid=authenticate,ou=System,dc=example,dc=com bind_pw = secret

=========================================================================

Regards, Nick