[Fedora-directory-users] Integration with postfix
Nathan Benson
nathan.benson at sourcefire.com
Fri Jul 1 14:52:58 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gabriele,
i am using the courier LDAP schema for mail attributes. but i don't see
why you couldn't use what you currently have in place. if your uid of
the user is where you would actually deliver the mail, you could
probably just use that. your postfix configuration for alias lookups
would look something like this:
~ search_base = dc=example,dc=com
~ scope = sub
~ query_filter = (mail=%s)
~ result_attribute = uid
~ special_result_filter = %s@%d
i would suggest investigating the default schemas offered, or finding
another mail schema to use. you will probably want the flexibility of
having an email address deliver outside of a user's account (forwarding
to your home account, etc).
the postfix list will probably have a lot more to offer in the way of
configuring postfix to use LDAP. one thing i remember is that postfix
does two different LDAP lookups, one to verify there is a user by that
name (local_recipient_maps) on the system, and two, where to deliver the
email (virtual_alias_maps; my configuration above is for this second
part). here are my two lines out of the main.cf:
~ virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf
~ local_recipient_maps = $alias_maps, ldap:/etc/postfix/ldap-users.cf
good luck, i hope this helped.
nb
Gabriele Chervatin thus spake on 07/01/2005 03:05 AM:
| Hi everyone,
|
| first i use Directory Server as a address book, and i tested it whit
| Thunderbird. It's fine I'm able to search the users an their emails.
| Now i try to configure postfix with virtual user but i a bit
| complicated task for me.
|
| What are the basic step for the success?
| I need to add new schema?
|
| Follow my Directory content:
|
| version: 1
|
| # entry-id: 1
| dn: dc=example,dc=com
| objectClass: top
| objectClass: domain
| dc: example
| creatorsName: cn=directory manager
| modifiersName: cn=directory manager
| createTimestamp: 20050629120831Z
| modifyTimestamp: 20050629120832Z
| nsUniqueId: 821fc9bf-1dd211b2-8050be72-f5080000
| aci: (targetattr!="userPassword")(version 3.0; acl "Enable anonymous
access";
| allow (read, search, compare)userdn="ldap:///anyone";)
| aci: (targetattr="carLicense ||description ||displayName
||facsimileTelephoneN
| umber ||homePhone ||homePostalAddress ||initials ||jpegPhoto
||labeledURL ||
| mail ||mobile ||pager ||photo ||postOfficeBox ||postalAddress
||postalCode |
| |preferredDeliveryMethod ||preferredLanguage ||registeredAddress
||roomNumbe
| r ||secretary ||seeAlso ||st ||street ||telephoneNumber
||telexNumber ||titl
| e ||userCertificate ||userPassword ||userSMIMECertificate
||x500UniqueIdenti
| fier")(version 3.0; acl "Enable self write for common attributes";
allow (wr
| ite) userdn="ldap:///self";)
| aci: (targetattr="*")(version 3.0; acl "Configuration Administrator";
allow (a
| ll) userdn="ldap:///uid=admin,ou=Administrators,
ou=TopologyManagement, o=Ne
| tscapeRoot";)
| aci: (targetattr ="*")(version 3.0;acl "Configuration Administrators
Group";al
| low (all) (groupdn = "ldap:///cn=Configuration Administrators,
ou=Groups, ou
| =TopologyManagement, o=NetscapeRoot");)
| aci: (targetattr ="*")(version 3.0;acl "Directory Administrators
Group";allow
| (all) (groupdn = "ldap:///ou=Directory Administrators, dc=example,dc=c
| om");)
| aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow
(all)groupdn = "ld
| ap:///cn=slapd-centos41, cn=Fedora Directory Server, cn=Server
Group, cn=cen
| tos41.example.com, ou=example.com, o=NetscapeRoot";)
|
| # entry-id: 2
| dn: cn=Directory Administrators, dc=example,dc=com
| objectClass: top
| objectClass: groupofuniquenames
| cn: Directory Administrators
| creatorsName: cn=directory manager
| modifiersName: cn=directory manager
| createTimestamp: 20050629120831Z
| modifyTimestamp: 20050629120832Z
| nsUniqueId: 821fc9c0-1dd211b2-8050be72-f5080000
|
| # entry-id: 3
| dn: ou=Groups, dc=example,dc=com
| objectClass: top
| objectClass: organizationalunit
| ou: Groups
| creatorsName: cn=directory manager
| modifiersName: cn=directory manager
| createTimestamp: 20050629120832Z
| modifyTimestamp: 20050629120832Z
| nsUniqueId: 821fc9ef-1dd211b2-8050be72-f5080000
|
| # entry-id: 4
| dn: ou=People, dc=example,dc=com
| objectClass: top
| objectClass: organizationalunit
| ou: People
| aci: (targetattr ="userpassword || telephonenumber ||
facsimiletelephonenumber
| ")(version 3.0;acl "Allow self entry modification";allow
(write)(userdn = "l
| dap:///self");)
| aci: (targetattr !="cn || sn || uid")(targetfilter
="(ou=Accounting)")(version
| 3.0;acl "Accounting Managers Group Permissions";allow
(write)(groupdn = "ld
| ap:///cn=Accounting Managers,ou=groups,dc=example,dc=com");)
| aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Human
Resources)")(ve
| rsion 3.0;acl "HR Group Permissions";allow (write)(groupdn =
"ldap:///cn=HR
| Managers,ou=groups,dc=example,dc=com");)
| aci: (targetattr !="cn ||sn || uid")(targetfilter ="(ou=Product
Testing)")(ver
| sion 3.0;acl "QA Group Permissions";allow (write)(groupdn =
"ldap:///cn=QA M
| anagers,ou=groups,dc=example,dc=com");)
| aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Product
Development)"
| )(version 3.0;acl "Engineering Group Permissions";allow
(write)(groupdn = "l
| dap:///cn=PD Managers,ou=groups,dc=example,dc=com");)
| creatorsName: cn=directory manager
| modifiersName: cn=directory manager
| createTimestamp: 20050629120832Z
| modifyTimestamp: 20050629120832Z
| nsUniqueId: 821fc9f0-1dd211b2-8050be72-f5080000
|
| # entry-id: 5
| dn: ou=Special Users,dc=example,dc=com
| objectClass: top
| objectClass: organizationalUnit
| ou: Special Users
| description: Special Administrative Accounts
| creatorsName: cn=directory manager
| modifiersName: cn=directory manager
| createTimestamp: 20050629120832Z
| modifyTimestamp: 20050629120832Z
| nsUniqueId: 821fc9f1-1dd211b2-8050be72-f5080000
|
| # entry-id: 6
| dn: cn=Accounting Managers,ou=groups,dc=example,dc=com
| objectClass: top
| objectClass: groupOfUniqueNames
| cn: Accounting Managers
| ou: groups
| description: People who can manage accounting entries
| creatorsName: cn=directory manager
| modifiersName: cn=directory manager
| createTimestamp: 20050629120832Z
| modifyTimestamp: 20050629120832Z
| nsUniqueId: 821fc9f2-1dd211b2-8050be72-f5080000
|
| # entry-id: 7
| dn: cn=HR Managers,ou=groups,dc=example,dc=com
| objectClass: top
| objectClass: groupOfUniqueNames
| cn: HR Managers
| ou: groups
| description: People who can manage HR entries
| creatorsName: cn=directory manager
| modifiersName: cn=directory manager
| createTimestamp: 20050629120832Z
| modifyTimestamp: 20050629120832Z
| nsUniqueId: 821fc9f3-1dd211b2-8050be72-f5080000
|
| # entry-id: 8
| dn: cn=QA Managers,ou=groups,dc=example,dc=com
| objectClass: top
| objectClass: groupOfUniqueNames
| cn: QA Managers
| ou: groups
| description: People who can manage QA entries
| creatorsName: cn=directory manager
| modifiersName: cn=directory manager
| createTimestamp: 20050629120832Z
| modifyTimestamp: 20050629120832Z
| nsUniqueId: 821fc9f4-1dd211b2-8050be72-f5080000
|
| # entry-id: 9
| dn: cn=PD Managers,ou=groups,dc=example,dc=com
| objectClass: top
| objectClass: groupOfUniqueNames
| cn: PD Managers
| ou: groups
| description: People who can manage engineer entries
| creatorsName: cn=directory manager
| modifiersName: cn=directory manager
| createTimestamp: 20050629120832Z
| modifyTimestamp: 20050629120832Z
| nsUniqueId: 821fc9f5-1dd211b2-8050be72-f5080000
|
| # entry-id: 10
| dn: uid=chervatin,dc=example,dc=com
| preferredLanguage: it
| givenName: Gabriele
| ntUserCreateNewAccount: true
| objectClass: top
| objectClass: person
| objectClass: organizationalPerson
| objectClass: inetorgperson
| objectClass: ntuser
| objectClass: posixAccount
| sn;lang-af: Chervatin
| facsimileTelephoneNumber: 338 175 1966
| uid: chervatin
| mail: gabriele.chervatin at example.com
| uidNumber: 2000
| cn: Gabriele Chervatin
| ntUserComment: Accoutn Test NT
| loginShell: /bin/bash
| telephoneNumber;lang-af: 338 175 1966
| gidNumber: 2000
| ntUserDomainId: gchervatin
| cn;lang-af:: R2FicmllbGUgQ2hlcnZhdGluIA==
| gecos: Gabriele Chervatin
| givenName;lang-af: Gabriele
| homeDirectory: /home/ghcervatin
| sn: Chervatin
| userPassword: {SSHA}**
| creatorsName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
| modifiersName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
| t
| createTimestamp: 20050629131933Z
| modifyTimestamp: 20050629131933Z
| nsUniqueId: 6d483381-1dd211b2-805abe72-f5080000
|
| # entry-id: 15
| dn: ou=domains,dc=example,dc=com
| ou: domains
| description: domini di posta
| objectClass: top
| objectClass: organizationalunit
| creatorsName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
| modifiersName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
| t
| createTimestamp: 20050630140356Z
| modifyTimestamp: 20050630140356Z
| nsUniqueId: a9969501-1dd111b2-807fbe72-f5080000
|
| # entry-id: 17
| dn: ou=example.com,ou=domains,dc=example,dc=com
| ou: example.com
| objectClass: top
| objectClass: organizationalunit
| creatorsName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
| modifiersName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
| t
| createTimestamp: 20050630140640Z
| modifyTimestamp: 20050630140640Z
| nsUniqueId: 14e06701-1dd211b2-807fbe72-f5080000
|
| # entry-id: 18
| dn: uid=vtest1,ou=example.com,ou=domains,dc=example,dc=com
| mail: vtest1 at example.com
| givenName: vtest1
| objectClass: top
| objectClass: person
| objectClass: organizationalPerson
| objectClass: inetorgperson
| sn: vtest1
| cn: vtest1
| userPassword: {SSHA}**
| creatorsName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
| modifiersName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
| t
| createTimestamp: 20050630140725Z
| modifyTimestamp: 20050630142229Z
| nsUniqueId: 38a3ad01-1dd211b2-807fbe72-f5080000
| uid: vtest1
| passwordGraceUserTime: 0
|
| # entry-id: 19
| dn: uid=vtest2,ou=example.com,ou=domains,dc=example,dc=com
| mail: vtest2 at example.com
| givenName: vtest2
| objectClass: top
| objectClass: person
| objectClass: organizationalPerson
| objectClass: inetorgperson
| sn: vtest2
| cn: vtest2
| userPassword: {SSHA}**
| creatorsName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
| modifiersName: cn=server,cn=plugins,cn=config
| createTimestamp: 20050630140940Z
| modifyTimestamp: 20050630142223Z
| nsUniqueId: 802a3901-1dd211b2-807fbe72-f5080000
| uid: vtest2
| passwordGraceUserTime: 0
|
| # entry-id: 20
| dn: uid=vtest3,ou=example.com,ou=domains,dc=example,dc=com
| mail: Vtest3 at example.com
| givenName: vtest3
| objectClass: top
| objectClass: person
| objectClass: organizationalPerson
| objectClass: inetorgperson
| sn: vtest3
| cn: vtest3
| userPassword: {SSHA}**
| creatorsName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
| modifiersName: cn=server,cn=plugins,cn=config
| createTimestamp: 20050630141046Z
| modifyTimestamp: 20050630142312Z
| nsUniqueId: a3ed7f01-1dd111b2-8080be72-f5080000
| uid: vtest3
| passwordGraceUserTime: 0
|
- --
Nathan Benson
http://sourcefire.com/
1C1A F2C1 82AD F75F 9B6B E501 0D73 DC9B E96B DD96
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFCxVjKDXPcm+lr3ZYRAjapAKCVVQSVOm6xRevUg3cJPAYArkD25ACgmB36
rNhKIaws2GGamDWigqc36cc=
=Vb3H
-----END PGP SIGNATURE-----
More information about the Fedora-directory-users
mailing list