[Fedora-directory-users] Integration with postfix

Rich Megginson rmeggins at redhat.com
Fri Jul 1 22:22:18 UTC 2005 

Thanks Nathan.  I added this Howto - 
http://directory.fedora.redhat.com/wiki/Howto:Postfix

Please let me know if it works.

Nathan Benson wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Gabriele,
>
> i am using the courier LDAP schema for mail attributes.  but i don't see
> why you couldn't use what you currently have in place.  if your uid of
> the user is where you would actually deliver the mail, you could
> probably just use that.  your postfix configuration for alias lookups
> would look something like this:
>
> ~  search_base = dc=example,dc=com
> ~  scope = sub
> ~  query_filter = (mail=%s)
> ~  result_attribute = uid
> ~  special_result_filter = %s@%d
>
> i would suggest investigating the default schemas offered, or finding
> another mail schema to use.  you will probably want the flexibility of
> having an email address deliver outside of a user's account (forwarding
> to your home account, etc).
>
> the postfix list will probably have a lot more to offer in the way of
> configuring postfix to use LDAP.  one thing i remember is that postfix
> does two different LDAP lookups, one to verify there is a user by that
> name (local_recipient_maps) on the system, and two, where to deliver the
> email (virtual_alias_maps; my configuration above is for this second
> part).  here are my two lines out of the main.cf:
>
> ~  virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf
> ~  local_recipient_maps = $alias_maps, ldap:/etc/postfix/ldap-users.cf
>
> good luck, i hope this helped.
>
> nb
>
> Gabriele Chervatin thus spake on 07/01/2005 03:05 AM:
> | Hi everyone,
> |
> | first i use Directory Server as a address book, and i tested it whit
> | Thunderbird. It's fine I'm able to search the users an their emails.
> | Now i try to configure postfix with virtual user but i a bit
> | complicated task for me.
> |
> | What are the basic step for the success?
> | I need to add new schema?
> |
> | Follow my Directory content:
> |
> | version: 1
> |
> | # entry-id: 1
> | dn: dc=example,dc=com
> | objectClass: top
> | objectClass: domain
> | dc: example
> | creatorsName: cn=directory manager
> | modifiersName: cn=directory manager
> | createTimestamp: 20050629120831Z
> | modifyTimestamp: 20050629120832Z
> | nsUniqueId: 821fc9bf-1dd211b2-8050be72-f5080000
> | aci: (targetattr!="userPassword")(version 3.0; acl "Enable anonymous
> access";
> |   allow (read, search, compare)userdn="ldap:///anyone";)
> | aci: (targetattr="carLicense ||description ||displayName
> ||facsimileTelephoneN
> |   umber ||homePhone ||homePostalAddress ||initials ||jpegPhoto
> ||labeledURL ||
> |   mail ||mobile ||pager ||photo ||postOfficeBox ||postalAddress
> ||postalCode |
> |   |preferredDeliveryMethod ||preferredLanguage ||registeredAddress
> ||roomNumbe
> |   r ||secretary ||seeAlso ||st ||street ||telephoneNumber
> ||telexNumber ||titl
> |   e ||userCertificate ||userPassword ||userSMIMECertificate
> ||x500UniqueIdenti
> |   fier")(version 3.0; acl "Enable self write for common attributes";
> allow (wr
> |   ite) userdn="ldap:///self";)
> | aci: (targetattr="*")(version 3.0; acl "Configuration Administrator";
> allow (a
> |   ll) userdn="ldap:///uid=admin,ou=Administrators,
> ou=TopologyManagement, o=Ne
> |   tscapeRoot";)
> | aci: (targetattr ="*")(version 3.0;acl "Configuration Administrators
> Group";al
> |   low (all) (groupdn = "ldap:///cn=Configuration Administrators,
> ou=Groups, ou
> |   =TopologyManagement, o=NetscapeRoot");)
> | aci: (targetattr ="*")(version 3.0;acl "Directory Administrators
> Group";allow
> |   (all) (groupdn = "ldap:///ou=Directory Administrators, 
> dc=example,dc=c
> |  om");)
> | aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow
> (all)groupdn = "ld
> |   ap:///cn=slapd-centos41, cn=Fedora Directory Server, cn=Server
> Group, cn=cen
> |   tos41.example.com, ou=example.com, o=NetscapeRoot";)
> |
> | # entry-id: 2
> | dn: cn=Directory Administrators, dc=example,dc=com
> | objectClass: top
> | objectClass: groupofuniquenames
> | cn: Directory Administrators
> | creatorsName: cn=directory manager
> | modifiersName: cn=directory manager
> | createTimestamp: 20050629120831Z
> | modifyTimestamp: 20050629120832Z
> | nsUniqueId: 821fc9c0-1dd211b2-8050be72-f5080000
> |
> | # entry-id: 3
> | dn: ou=Groups, dc=example,dc=com
> | objectClass: top
> | objectClass: organizationalunit
> | ou: Groups
> | creatorsName: cn=directory manager
> | modifiersName: cn=directory manager
> | createTimestamp: 20050629120832Z
> | modifyTimestamp: 20050629120832Z
> | nsUniqueId: 821fc9ef-1dd211b2-8050be72-f5080000
> |
> | # entry-id: 4
> | dn: ou=People, dc=example,dc=com
> | objectClass: top
> | objectClass: organizationalunit
> | ou: People
> | aci: (targetattr ="userpassword || telephonenumber ||
> facsimiletelephonenumber
> |   ")(version 3.0;acl "Allow self entry modification";allow
> (write)(userdn = "l
> |  dap:///self");)
> | aci: (targetattr !="cn || sn || uid")(targetfilter
> ="(ou=Accounting)")(version
> |   3.0;acl "Accounting Managers Group Permissions";allow
> (write)(groupdn = "ld
> |   ap:///cn=Accounting Managers,ou=groups,dc=example,dc=com");)
> | aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Human
> Resources)")(ve
> |   rsion 3.0;acl "HR Group Permissions";allow (write)(groupdn =
> "ldap:///cn=HR
> |   Managers,ou=groups,dc=example,dc=com");)
> | aci: (targetattr !="cn ||sn || uid")(targetfilter ="(ou=Product
> Testing)")(ver
> |   sion 3.0;acl "QA Group Permissions";allow (write)(groupdn =
> "ldap:///cn=QA M
> |   anagers,ou=groups,dc=example,dc=com");)
> | aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Product
> Development)"
> |   )(version 3.0;acl "Engineering Group Permissions";allow
> (write)(groupdn = "l
> |   dap:///cn=PD Managers,ou=groups,dc=example,dc=com");)
> | creatorsName: cn=directory manager
> | modifiersName: cn=directory manager
> | createTimestamp: 20050629120832Z
> | modifyTimestamp: 20050629120832Z
> | nsUniqueId: 821fc9f0-1dd211b2-8050be72-f5080000
> |
> | # entry-id: 5
> | dn: ou=Special Users,dc=example,dc=com
> | objectClass: top
> | objectClass: organizationalUnit
> | ou: Special Users
> | description: Special Administrative Accounts
> | creatorsName: cn=directory manager
> | modifiersName: cn=directory manager
> | createTimestamp: 20050629120832Z
> | modifyTimestamp: 20050629120832Z
> | nsUniqueId: 821fc9f1-1dd211b2-8050be72-f5080000
> |
> | # entry-id: 6
> | dn: cn=Accounting Managers,ou=groups,dc=example,dc=com
> | objectClass: top
> | objectClass: groupOfUniqueNames
> | cn: Accounting Managers
> | ou: groups
> | description: People who can manage accounting entries
> | creatorsName: cn=directory manager
> | modifiersName: cn=directory manager
> | createTimestamp: 20050629120832Z
> | modifyTimestamp: 20050629120832Z
> | nsUniqueId: 821fc9f2-1dd211b2-8050be72-f5080000
> |
> | # entry-id: 7
> | dn: cn=HR Managers,ou=groups,dc=example,dc=com
> | objectClass: top
> | objectClass: groupOfUniqueNames
> | cn: HR Managers
> | ou: groups
> | description: People who can manage HR entries
> | creatorsName: cn=directory manager
> | modifiersName: cn=directory manager
> | createTimestamp: 20050629120832Z
> | modifyTimestamp: 20050629120832Z
> | nsUniqueId: 821fc9f3-1dd211b2-8050be72-f5080000
> |
> | # entry-id: 8
> | dn: cn=QA Managers,ou=groups,dc=example,dc=com
> | objectClass: top
> | objectClass: groupOfUniqueNames
> | cn: QA Managers
> | ou: groups
> | description: People who can manage QA entries
> | creatorsName: cn=directory manager
> | modifiersName: cn=directory manager
> | createTimestamp: 20050629120832Z
> | modifyTimestamp: 20050629120832Z
> | nsUniqueId: 821fc9f4-1dd211b2-8050be72-f5080000
> |
> | # entry-id: 9
> | dn: cn=PD Managers,ou=groups,dc=example,dc=com
> | objectClass: top
> | objectClass: groupOfUniqueNames
> | cn: PD Managers
> | ou: groups
> | description: People who can manage engineer entries
> | creatorsName: cn=directory manager
> | modifiersName: cn=directory manager
> | createTimestamp: 20050629120832Z
> | modifyTimestamp: 20050629120832Z
> | nsUniqueId: 821fc9f5-1dd211b2-8050be72-f5080000
> |
> | # entry-id: 10
> | dn: uid=chervatin,dc=example,dc=com
> | preferredLanguage: it
> | givenName: Gabriele
> | ntUserCreateNewAccount: true
> | objectClass: top
> | objectClass: person
> | objectClass: organizationalPerson
> | objectClass: inetorgperson
> | objectClass: ntuser
> | objectClass: posixAccount
> | sn;lang-af: Chervatin
> | facsimileTelephoneNumber: 338 175 1966
> | uid: chervatin
> | mail: gabriele.chervatin at example.com
> | uidNumber: 2000
> | cn: Gabriele Chervatin
> | ntUserComment: Accoutn Test NT
> | loginShell: /bin/bash
> | telephoneNumber;lang-af: 338 175 1966
> | gidNumber: 2000
> | ntUserDomainId: gchervatin
> | cn;lang-af:: R2FicmllbGUgQ2hlcnZhdGluIA==
> | gecos: Gabriele Chervatin
> | givenName;lang-af: Gabriele
> | homeDirectory: /home/ghcervatin
> | sn: Chervatin
> | userPassword: {SSHA}**
> | creatorsName:
> uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
> | modifiersName:
> uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
> |  t
> | createTimestamp: 20050629131933Z
> | modifyTimestamp: 20050629131933Z
> | nsUniqueId: 6d483381-1dd211b2-805abe72-f5080000
> |
> | # entry-id: 15
> | dn: ou=domains,dc=example,dc=com
> | ou: domains
> | description: domini di posta
> | objectClass: top
> | objectClass: organizationalunit
> | creatorsName:
> uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
> | modifiersName:
> uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
> |  t
> | createTimestamp: 20050630140356Z
> | modifyTimestamp: 20050630140356Z
> | nsUniqueId: a9969501-1dd111b2-807fbe72-f5080000
> |
> | # entry-id: 17
> | dn: ou=example.com,ou=domains,dc=example,dc=com
> | ou: example.com
> | objectClass: top
> | objectClass: organizationalunit
> | creatorsName:
> uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
> | modifiersName:
> uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
> |  t
> | createTimestamp: 20050630140640Z
> | modifyTimestamp: 20050630140640Z
> | nsUniqueId: 14e06701-1dd211b2-807fbe72-f5080000
> |
> | # entry-id: 18
> | dn: uid=vtest1,ou=example.com,ou=domains,dc=example,dc=com
> | mail: vtest1 at example.com
> | givenName: vtest1
> | objectClass: top
> | objectClass: person
> | objectClass: organizationalPerson
> | objectClass: inetorgperson
> | sn: vtest1
> | cn: vtest1
> | userPassword: {SSHA}**
> | creatorsName:
> uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
> | modifiersName:
> uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
> |  t
> | createTimestamp: 20050630140725Z
> | modifyTimestamp: 20050630142229Z
> | nsUniqueId: 38a3ad01-1dd211b2-807fbe72-f5080000
> | uid: vtest1
> | passwordGraceUserTime: 0
> |
> | # entry-id: 19
> | dn: uid=vtest2,ou=example.com,ou=domains,dc=example,dc=com
> | mail: vtest2 at example.com
> | givenName: vtest2
> | objectClass: top
> | objectClass: person
> | objectClass: organizationalPerson
> | objectClass: inetorgperson
> | sn: vtest2
> | cn: vtest2
> | userPassword: {SSHA}**
> | creatorsName:
> uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
> | modifiersName: cn=server,cn=plugins,cn=config
> | createTimestamp: 20050630140940Z
> | modifyTimestamp: 20050630142223Z
> | nsUniqueId: 802a3901-1dd211b2-807fbe72-f5080000
> | uid: vtest2
> | passwordGraceUserTime: 0
> |
> | # entry-id: 20
> | dn: uid=vtest3,ou=example.com,ou=domains,dc=example,dc=com
> | mail: Vtest3 at example.com
> | givenName: vtest3
> | objectClass: top
> | objectClass: person
> | objectClass: organizationalPerson
> | objectClass: inetorgperson
> | sn: vtest3
> | cn: vtest3
> | userPassword: {SSHA}**
> | creatorsName:
> uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
> | modifiersName: cn=server,cn=plugins,cn=config
> | createTimestamp: 20050630141046Z
> | modifyTimestamp: 20050630142312Z
> | nsUniqueId: a3ed7f01-1dd111b2-8080be72-f5080000
> | uid: vtest3
> | passwordGraceUserTime: 0
> |
>
> - --
> Nathan Benson
> http://sourcefire.com/
>
> 1C1A F2C1 82AD F75F 9B6B  E501 0D73 DC9B E96B DD96
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQFCxVjKDXPcm+lr3ZYRAjapAKCVVQSVOm6xRevUg3cJPAYArkD25ACgmB36
> rNhKIaws2GGamDWigqc36cc=
> =Vb3H
> -----END PGP SIGNATURE-----
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20050701/f6b18cfa/attachment.bin>

More information about the 389-users mailing list