Gabriele Chervatin
2005-Jul-01 07:05 UTC
[Fedora-directory-users] Integration with postfix
Hi everyone,
first i use Directory Server as a address book, and i tested it whit
Thunderbird. It''s fine I''m able to search the users an their
emails.
Now i try to configure postfix with virtual user but i a bit
complicated task for me.
What are the basic step for the success?
I need to add new schema?
Follow my Directory content:
version: 1
# entry-id: 1
dn: dc=example,dc=com
objectClass: top
objectClass: domain
dc: example
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20050629120831Z
modifyTimestamp: 20050629120832Z
nsUniqueId: 821fc9bf-1dd211b2-8050be72-f5080000
aci: (targetattr!="userPassword")(version 3.0; acl "Enable
anonymous access";
allow (read, search, compare)userdn="ldap:///anyone";)
aci: (targetattr="carLicense ||description ||displayName
||facsimileTelephoneN
umber ||homePhone ||homePostalAddress ||initials ||jpegPhoto ||labeledURL ||
mail ||mobile ||pager ||photo ||postOfficeBox ||postalAddress ||postalCode |
|preferredDeliveryMethod ||preferredLanguage ||registeredAddress ||roomNumbe
r ||secretary ||seeAlso ||st ||street ||telephoneNumber ||telexNumber ||titl
e ||userCertificate ||userPassword ||userSMIMECertificate ||x500UniqueIdenti
fier")(version 3.0; acl "Enable self write for common
attributes"; allow (wr
ite) userdn="ldap:///self";)
aci: (targetattr="*")(version 3.0; acl "Configuration
Administrator"; allow (a
ll) userdn="ldap:///uid=admin,ou=Administrators, ou=TopologyManagement,
o=Ne
tscapeRoot";)
aci: (targetattr ="*")(version 3.0;acl "Configuration
Administrators Group";al
low (all) (groupdn = "ldap:///cn=Configuration Administrators, ou=Groups,
ou
=TopologyManagement, o=NetscapeRoot");)
aci: (targetattr ="*")(version 3.0;acl "Directory Administrators
Group";allow
(all) (groupdn = "ldap:///ou=Directory Administrators, dc=example,dc=c
om");)
aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow
(all)groupdn = "ld
ap:///cn=slapd-centos41, cn=Fedora Directory Server, cn=Server Group, cn=cen
tos41.example.com, ou=example.com, o=NetscapeRoot";)
# entry-id: 2
dn: cn=Directory Administrators, dc=example,dc=com
objectClass: top
objectClass: groupofuniquenames
cn: Directory Administrators
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20050629120831Z
modifyTimestamp: 20050629120832Z
nsUniqueId: 821fc9c0-1dd211b2-8050be72-f5080000
# entry-id: 3
dn: ou=Groups, dc=example,dc=com
objectClass: top
objectClass: organizationalunit
ou: Groups
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20050629120832Z
modifyTimestamp: 20050629120832Z
nsUniqueId: 821fc9ef-1dd211b2-8050be72-f5080000
# entry-id: 4
dn: ou=People, dc=example,dc=com
objectClass: top
objectClass: organizationalunit
ou: People
aci: (targetattr ="userpassword || telephonenumber ||
facsimiletelephonenumber
")(version 3.0;acl "Allow self entry modification";allow
(write)(userdn = "l
dap:///self");)
aci: (targetattr !="cn || sn || uid")(targetfilter
="(ou=Accounting)")(version
3.0;acl "Accounting Managers Group Permissions";allow
(write)(groupdn = "ld
ap:///cn=Accounting Managers,ou=groups,dc=example,dc=com");)
aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Human
Resources)")(ve
rsion 3.0;acl "HR Group Permissions";allow (write)(groupdn =
"ldap:///cn=HR
Managers,ou=groups,dc=example,dc=com");)
aci: (targetattr !="cn ||sn || uid")(targetfilter ="(ou=Product
Testing)")(ver
sion 3.0;acl "QA Group Permissions";allow (write)(groupdn =
"ldap:///cn=QA M
anagers,ou=groups,dc=example,dc=com");)
aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Product
Development)"
)(version 3.0;acl "Engineering Group Permissions";allow
(write)(groupdn = "l
dap:///cn=PD Managers,ou=groups,dc=example,dc=com");)
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20050629120832Z
modifyTimestamp: 20050629120832Z
nsUniqueId: 821fc9f0-1dd211b2-8050be72-f5080000
# entry-id: 5
dn: ou=Special Users,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Special Users
description: Special Administrative Accounts
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20050629120832Z
modifyTimestamp: 20050629120832Z
nsUniqueId: 821fc9f1-1dd211b2-8050be72-f5080000
# entry-id: 6
dn: cn=Accounting Managers,ou=groups,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Accounting Managers
ou: groups
description: People who can manage accounting entries
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20050629120832Z
modifyTimestamp: 20050629120832Z
nsUniqueId: 821fc9f2-1dd211b2-8050be72-f5080000
# entry-id: 7
dn: cn=HR Managers,ou=groups,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: HR Managers
ou: groups
description: People who can manage HR entries
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20050629120832Z
modifyTimestamp: 20050629120832Z
nsUniqueId: 821fc9f3-1dd211b2-8050be72-f5080000
# entry-id: 8
dn: cn=QA Managers,ou=groups,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: QA Managers
ou: groups
description: People who can manage QA entries
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20050629120832Z
modifyTimestamp: 20050629120832Z
nsUniqueId: 821fc9f4-1dd211b2-8050be72-f5080000
# entry-id: 9
dn: cn=PD Managers,ou=groups,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: PD Managers
ou: groups
description: People who can manage engineer entries
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20050629120832Z
modifyTimestamp: 20050629120832Z
nsUniqueId: 821fc9f5-1dd211b2-8050be72-f5080000
# entry-id: 10
dn: uid=chervatin,dc=example,dc=com
preferredLanguage: it
givenName: Gabriele
ntUserCreateNewAccount: true
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: ntuser
objectClass: posixAccount
sn;lang-af: Chervatin
facsimileTelephoneNumber: 338 175 1966
uid: chervatin
mail: gabriele.chervatin@example.com
uidNumber: 2000
cn: Gabriele Chervatin
ntUserComment: Accoutn Test NT
loginShell: /bin/bash
telephoneNumber;lang-af: 338 175 1966
gidNumber: 2000
ntUserDomainId: gchervatin
cn;lang-af:: R2FicmllbGUgQ2hlcnZhdGluIA=gecos: Gabriele Chervatin
givenName;lang-af: Gabriele
homeDirectory: /home/ghcervatin
sn: Chervatin
userPassword: {SSHA}**
creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
t
createTimestamp: 20050629131933Z
modifyTimestamp: 20050629131933Z
nsUniqueId: 6d483381-1dd211b2-805abe72-f5080000
# entry-id: 15
dn: ou=domains,dc=example,dc=com
ou: domains
description: domini di posta
objectClass: top
objectClass: organizationalunit
creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
t
createTimestamp: 20050630140356Z
modifyTimestamp: 20050630140356Z
nsUniqueId: a9969501-1dd111b2-807fbe72-f5080000
# entry-id: 17
dn: ou=example.com,ou=domains,dc=example,dc=com
ou: example.com
objectClass: top
objectClass: organizationalunit
creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
t
createTimestamp: 20050630140640Z
modifyTimestamp: 20050630140640Z
nsUniqueId: 14e06701-1dd211b2-807fbe72-f5080000
# entry-id: 18
dn: uid=vtest1,ou=example.com,ou=domains,dc=example,dc=com
mail: vtest1@example.com
givenName: vtest1
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
sn: vtest1
cn: vtest1
userPassword: {SSHA}**
creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
t
createTimestamp: 20050630140725Z
modifyTimestamp: 20050630142229Z
nsUniqueId: 38a3ad01-1dd211b2-807fbe72-f5080000
uid: vtest1
passwordGraceUserTime: 0
# entry-id: 19
dn: uid=vtest2,ou=example.com,ou=domains,dc=example,dc=com
mail: vtest2@example.com
givenName: vtest2
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
sn: vtest2
cn: vtest2
userPassword: {SSHA}**
creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
modifiersName: cn=server,cn=plugins,cn=config
createTimestamp: 20050630140940Z
modifyTimestamp: 20050630142223Z
nsUniqueId: 802a3901-1dd211b2-807fbe72-f5080000
uid: vtest2
passwordGraceUserTime: 0
# entry-id: 20
dn: uid=vtest3,ou=example.com,ou=domains,dc=example,dc=com
mail: Vtest3@example.com
givenName: vtest3
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
sn: vtest3
cn: vtest3
userPassword: {SSHA}**
creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
modifiersName: cn=server,cn=plugins,cn=config
createTimestamp: 20050630141046Z
modifyTimestamp: 20050630142312Z
nsUniqueId: a3ed7f01-1dd111b2-8080be72-f5080000
uid: vtest3
passwordGraceUserTime: 0
--
Gabriele Chervatin
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gabriele,
i am using the courier LDAP schema for mail attributes. but i don''t
see
why you couldn''t use what you currently have in place. if your uid of
the user is where you would actually deliver the mail, you could
probably just use that. your postfix configuration for alias lookups
would look something like this:
~ search_base = dc=example,dc=com
~ scope = sub
~ query_filter = (mail=%s)
~ result_attribute = uid
~ special_result_filter = %s@%d
i would suggest investigating the default schemas offered, or finding
another mail schema to use. you will probably want the flexibility of
having an email address deliver outside of a user''s account (forwarding
to your home account, etc).
the postfix list will probably have a lot more to offer in the way of
configuring postfix to use LDAP. one thing i remember is that postfix
does two different LDAP lookups, one to verify there is a user by that
name (local_recipient_maps) on the system, and two, where to deliver the
email (virtual_alias_maps; my configuration above is for this second
part). here are my two lines out of the main.cf:
~ virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf
~ local_recipient_maps = $alias_maps, ldap:/etc/postfix/ldap-users.cf
good luck, i hope this helped.
nb
Gabriele Chervatin thus spake on 07/01/2005 03:05 AM:
| Hi everyone,
|
| first i use Directory Server as a address book, and i tested it whit
| Thunderbird. It''s fine I''m able to search the users an their
emails.
| Now i try to configure postfix with virtual user but i a bit
| complicated task for me.
|
| What are the basic step for the success?
| I need to add new schema?
|
| Follow my Directory content:
|
| version: 1
|
| # entry-id: 1
| dn: dc=example,dc=com
| objectClass: top
| objectClass: domain
| dc: example
| creatorsName: cn=directory manager
| modifiersName: cn=directory manager
| createTimestamp: 20050629120831Z
| modifyTimestamp: 20050629120832Z
| nsUniqueId: 821fc9bf-1dd211b2-8050be72-f5080000
| aci: (targetattr!="userPassword")(version 3.0; acl "Enable
anonymous
access";
| allow (read, search, compare)userdn="ldap:///anyone";)
| aci: (targetattr="carLicense ||description ||displayName
||facsimileTelephoneN
| umber ||homePhone ||homePostalAddress ||initials ||jpegPhoto
||labeledURL ||
| mail ||mobile ||pager ||photo ||postOfficeBox ||postalAddress
||postalCode |
| |preferredDeliveryMethod ||preferredLanguage ||registeredAddress
||roomNumbe
| r ||secretary ||seeAlso ||st ||street ||telephoneNumber
||telexNumber ||titl
| e ||userCertificate ||userPassword ||userSMIMECertificate
||x500UniqueIdenti
| fier")(version 3.0; acl "Enable self write for common
attributes";
allow (wr
| ite) userdn="ldap:///self";)
| aci: (targetattr="*")(version 3.0; acl "Configuration
Administrator";
allow (a
| ll) userdn="ldap:///uid=admin,ou=Administrators,
ou=TopologyManagement, o=Ne
| tscapeRoot";)
| aci: (targetattr ="*")(version 3.0;acl "Configuration
Administrators
Group";al
| low (all) (groupdn = "ldap:///cn=Configuration Administrators,
ou=Groups, ou
| =TopologyManagement, o=NetscapeRoot");)
| aci: (targetattr ="*")(version 3.0;acl "Directory
Administrators
Group";allow
| (all) (groupdn = "ldap:///ou=Directory Administrators, dc=example,dc=c
| om");)
| aci: (targetattr = "*")(version 3.0; acl "SIE Group";
allow
(all)groupdn = "ld
| ap:///cn=slapd-centos41, cn=Fedora Directory Server, cn=Server
Group, cn=cen
| tos41.example.com, ou=example.com, o=NetscapeRoot";)
|
| # entry-id: 2
| dn: cn=Directory Administrators, dc=example,dc=com
| objectClass: top
| objectClass: groupofuniquenames
| cn: Directory Administrators
| creatorsName: cn=directory manager
| modifiersName: cn=directory manager
| createTimestamp: 20050629120831Z
| modifyTimestamp: 20050629120832Z
| nsUniqueId: 821fc9c0-1dd211b2-8050be72-f5080000
|
| # entry-id: 3
| dn: ou=Groups, dc=example,dc=com
| objectClass: top
| objectClass: organizationalunit
| ou: Groups
| creatorsName: cn=directory manager
| modifiersName: cn=directory manager
| createTimestamp: 20050629120832Z
| modifyTimestamp: 20050629120832Z
| nsUniqueId: 821fc9ef-1dd211b2-8050be72-f5080000
|
| # entry-id: 4
| dn: ou=People, dc=example,dc=com
| objectClass: top
| objectClass: organizationalunit
| ou: People
| aci: (targetattr ="userpassword || telephonenumber ||
facsimiletelephonenumber
| ")(version 3.0;acl "Allow self entry modification";allow
(write)(userdn = "l
| dap:///self");)
| aci: (targetattr !="cn || sn || uid")(targetfilter
="(ou=Accounting)")(version
| 3.0;acl "Accounting Managers Group Permissions";allow
(write)(groupdn = "ld
| ap:///cn=Accounting Managers,ou=groups,dc=example,dc=com");)
| aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Human
Resources)")(ve
| rsion 3.0;acl "HR Group Permissions";allow (write)(groupdn
"ldap:///cn=HR
| Managers,ou=groups,dc=example,dc=com");)
| aci: (targetattr !="cn ||sn || uid")(targetfilter ="(ou=Product
Testing)")(ver
| sion 3.0;acl "QA Group Permissions";allow (write)(groupdn
"ldap:///cn=QA M
| anagers,ou=groups,dc=example,dc=com");)
| aci: (targetattr !="cn || sn || uid")(targetfilter
="(ou=Product
Development)"
| )(version 3.0;acl "Engineering Group Permissions";allow
(write)(groupdn = "l
| dap:///cn=PD Managers,ou=groups,dc=example,dc=com");)
| creatorsName: cn=directory manager
| modifiersName: cn=directory manager
| createTimestamp: 20050629120832Z
| modifyTimestamp: 20050629120832Z
| nsUniqueId: 821fc9f0-1dd211b2-8050be72-f5080000
|
| # entry-id: 5
| dn: ou=Special Users,dc=example,dc=com
| objectClass: top
| objectClass: organizationalUnit
| ou: Special Users
| description: Special Administrative Accounts
| creatorsName: cn=directory manager
| modifiersName: cn=directory manager
| createTimestamp: 20050629120832Z
| modifyTimestamp: 20050629120832Z
| nsUniqueId: 821fc9f1-1dd211b2-8050be72-f5080000
|
| # entry-id: 6
| dn: cn=Accounting Managers,ou=groups,dc=example,dc=com
| objectClass: top
| objectClass: groupOfUniqueNames
| cn: Accounting Managers
| ou: groups
| description: People who can manage accounting entries
| creatorsName: cn=directory manager
| modifiersName: cn=directory manager
| createTimestamp: 20050629120832Z
| modifyTimestamp: 20050629120832Z
| nsUniqueId: 821fc9f2-1dd211b2-8050be72-f5080000
|
| # entry-id: 7
| dn: cn=HR Managers,ou=groups,dc=example,dc=com
| objectClass: top
| objectClass: groupOfUniqueNames
| cn: HR Managers
| ou: groups
| description: People who can manage HR entries
| creatorsName: cn=directory manager
| modifiersName: cn=directory manager
| createTimestamp: 20050629120832Z
| modifyTimestamp: 20050629120832Z
| nsUniqueId: 821fc9f3-1dd211b2-8050be72-f5080000
|
| # entry-id: 8
| dn: cn=QA Managers,ou=groups,dc=example,dc=com
| objectClass: top
| objectClass: groupOfUniqueNames
| cn: QA Managers
| ou: groups
| description: People who can manage QA entries
| creatorsName: cn=directory manager
| modifiersName: cn=directory manager
| createTimestamp: 20050629120832Z
| modifyTimestamp: 20050629120832Z
| nsUniqueId: 821fc9f4-1dd211b2-8050be72-f5080000
|
| # entry-id: 9
| dn: cn=PD Managers,ou=groups,dc=example,dc=com
| objectClass: top
| objectClass: groupOfUniqueNames
| cn: PD Managers
| ou: groups
| description: People who can manage engineer entries
| creatorsName: cn=directory manager
| modifiersName: cn=directory manager
| createTimestamp: 20050629120832Z
| modifyTimestamp: 20050629120832Z
| nsUniqueId: 821fc9f5-1dd211b2-8050be72-f5080000
|
| # entry-id: 10
| dn: uid=chervatin,dc=example,dc=com
| preferredLanguage: it
| givenName: Gabriele
| ntUserCreateNewAccount: true
| objectClass: top
| objectClass: person
| objectClass: organizationalPerson
| objectClass: inetorgperson
| objectClass: ntuser
| objectClass: posixAccount
| sn;lang-af: Chervatin
| facsimileTelephoneNumber: 338 175 1966
| uid: chervatin
| mail: gabriele.chervatin@example.com
| uidNumber: 2000
| cn: Gabriele Chervatin
| ntUserComment: Accoutn Test NT
| loginShell: /bin/bash
| telephoneNumber;lang-af: 338 175 1966
| gidNumber: 2000
| ntUserDomainId: gchervatin
| cn;lang-af:: R2FicmllbGUgQ2hlcnZhdGluIA=| gecos: Gabriele Chervatin
| givenName;lang-af: Gabriele
| homeDirectory: /home/ghcervatin
| sn: Chervatin
| userPassword: {SSHA}**
| creatorsName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
| modifiersName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
| t
| createTimestamp: 20050629131933Z
| modifyTimestamp: 20050629131933Z
| nsUniqueId: 6d483381-1dd211b2-805abe72-f5080000
|
| # entry-id: 15
| dn: ou=domains,dc=example,dc=com
| ou: domains
| description: domini di posta
| objectClass: top
| objectClass: organizationalunit
| creatorsName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
| modifiersName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
| t
| createTimestamp: 20050630140356Z
| modifyTimestamp: 20050630140356Z
| nsUniqueId: a9969501-1dd111b2-807fbe72-f5080000
|
| # entry-id: 17
| dn: ou=example.com,ou=domains,dc=example,dc=com
| ou: example.com
| objectClass: top
| objectClass: organizationalunit
| creatorsName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
| modifiersName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
| t
| createTimestamp: 20050630140640Z
| modifyTimestamp: 20050630140640Z
| nsUniqueId: 14e06701-1dd211b2-807fbe72-f5080000
|
| # entry-id: 18
| dn: uid=vtest1,ou=example.com,ou=domains,dc=example,dc=com
| mail: vtest1@example.com
| givenName: vtest1
| objectClass: top
| objectClass: person
| objectClass: organizationalPerson
| objectClass: inetorgperson
| sn: vtest1
| cn: vtest1
| userPassword: {SSHA}**
| creatorsName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
| modifiersName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
| t
| createTimestamp: 20050630140725Z
| modifyTimestamp: 20050630142229Z
| nsUniqueId: 38a3ad01-1dd211b2-807fbe72-f5080000
| uid: vtest1
| passwordGraceUserTime: 0
|
| # entry-id: 19
| dn: uid=vtest2,ou=example.com,ou=domains,dc=example,dc=com
| mail: vtest2@example.com
| givenName: vtest2
| objectClass: top
| objectClass: person
| objectClass: organizationalPerson
| objectClass: inetorgperson
| sn: vtest2
| cn: vtest2
| userPassword: {SSHA}**
| creatorsName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
| modifiersName: cn=server,cn=plugins,cn=config
| createTimestamp: 20050630140940Z
| modifyTimestamp: 20050630142223Z
| nsUniqueId: 802a3901-1dd211b2-807fbe72-f5080000
| uid: vtest2
| passwordGraceUserTime: 0
|
| # entry-id: 20
| dn: uid=vtest3,ou=example.com,ou=domains,dc=example,dc=com
| mail: Vtest3@example.com
| givenName: vtest3
| objectClass: top
| objectClass: person
| objectClass: organizationalPerson
| objectClass: inetorgperson
| sn: vtest3
| cn: vtest3
| userPassword: {SSHA}**
| creatorsName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
| modifiersName: cn=server,cn=plugins,cn=config
| createTimestamp: 20050630141046Z
| modifyTimestamp: 20050630142312Z
| nsUniqueId: a3ed7f01-1dd111b2-8080be72-f5080000
| uid: vtest3
| passwordGraceUserTime: 0
|
- --
Nathan Benson
http://sourcefire.com/
1C1A F2C1 82AD F75F 9B6B E501 0D73 DC9B E96B DD96
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFCxVjKDXPcm+lr3ZYRAjapAKCVVQSVOm6xRevUg3cJPAYArkD25ACgmB36
rNhKIaws2GGamDWigqc36cc=Vb3H
-----END PGP SIGNATURE-----
Rich Megginson
2005-Jul-01 22:22 UTC
Re: [Fedora-directory-users] Integration with postfix
Thanks Nathan. I added this Howto - http://directory.fedora.redhat.com/wiki/Howto:Postfix Please let me know if it works. Nathan Benson wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Gabriele, > > i am using the courier LDAP schema for mail attributes. but i don''t see > why you couldn''t use what you currently have in place. if your uid of > the user is where you would actually deliver the mail, you could > probably just use that. your postfix configuration for alias lookups > would look something like this: > > ~ search_base = dc=example,dc=com > ~ scope = sub > ~ query_filter = (mail=%s) > ~ result_attribute = uid > ~ special_result_filter = %s@%d > > i would suggest investigating the default schemas offered, or finding > another mail schema to use. you will probably want the flexibility of > having an email address deliver outside of a user''s account (forwarding > to your home account, etc). > > the postfix list will probably have a lot more to offer in the way of > configuring postfix to use LDAP. one thing i remember is that postfix > does two different LDAP lookups, one to verify there is a user by that > name (local_recipient_maps) on the system, and two, where to deliver the > email (virtual_alias_maps; my configuration above is for this second > part). here are my two lines out of the main.cf: > > ~ virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf > ~ local_recipient_maps = $alias_maps, ldap:/etc/postfix/ldap-users.cf > > good luck, i hope this helped. > > nb > > Gabriele Chervatin thus spake on 07/01/2005 03:05 AM: > | Hi everyone, > | > | first i use Directory Server as a address book, and i tested it whit > | Thunderbird. It''s fine I''m able to search the users an their emails. > | Now i try to configure postfix with virtual user but i a bit > | complicated task for me. > | > | What are the basic step for the success? > | I need to add new schema? > | > | Follow my Directory content: > | > | version: 1 > | > | # entry-id: 1 > | dn: dc=example,dc=com > | objectClass: top > | objectClass: domain > | dc: example > | creatorsName: cn=directory manager > | modifiersName: cn=directory manager > | createTimestamp: 20050629120831Z > | modifyTimestamp: 20050629120832Z > | nsUniqueId: 821fc9bf-1dd211b2-8050be72-f5080000 > | aci: (targetattr!="userPassword")(version 3.0; acl "Enable anonymous > access"; > | allow (read, search, compare)userdn="ldap:///anyone";) > | aci: (targetattr="carLicense ||description ||displayName > ||facsimileTelephoneN > | umber ||homePhone ||homePostalAddress ||initials ||jpegPhoto > ||labeledURL || > | mail ||mobile ||pager ||photo ||postOfficeBox ||postalAddress > ||postalCode | > | |preferredDeliveryMethod ||preferredLanguage ||registeredAddress > ||roomNumbe > | r ||secretary ||seeAlso ||st ||street ||telephoneNumber > ||telexNumber ||titl > | e ||userCertificate ||userPassword ||userSMIMECertificate > ||x500UniqueIdenti > | fier")(version 3.0; acl "Enable self write for common attributes"; > allow (wr > | ite) userdn="ldap:///self";) > | aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; > allow (a > | ll) userdn="ldap:///uid=admin,ou=Administrators, > ou=TopologyManagement, o=Ne > | tscapeRoot";) > | aci: (targetattr ="*")(version 3.0;acl "Configuration Administrators > Group";al > | low (all) (groupdn = "ldap:///cn=Configuration Administrators, > ou=Groups, ou > | =TopologyManagement, o=NetscapeRoot");) > | aci: (targetattr ="*")(version 3.0;acl "Directory Administrators > Group";allow > | (all) (groupdn = "ldap:///ou=Directory Administrators, > dc=example,dc=c > | om");) > | aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow > (all)groupdn = "ld > | ap:///cn=slapd-centos41, cn=Fedora Directory Server, cn=Server > Group, cn=cen > | tos41.example.com, ou=example.com, o=NetscapeRoot";) > | > | # entry-id: 2 > | dn: cn=Directory Administrators, dc=example,dc=com > | objectClass: top > | objectClass: groupofuniquenames > | cn: Directory Administrators > | creatorsName: cn=directory manager > | modifiersName: cn=directory manager > | createTimestamp: 20050629120831Z > | modifyTimestamp: 20050629120832Z > | nsUniqueId: 821fc9c0-1dd211b2-8050be72-f5080000 > | > | # entry-id: 3 > | dn: ou=Groups, dc=example,dc=com > | objectClass: top > | objectClass: organizationalunit > | ou: Groups > | creatorsName: cn=directory manager > | modifiersName: cn=directory manager > | createTimestamp: 20050629120832Z > | modifyTimestamp: 20050629120832Z > | nsUniqueId: 821fc9ef-1dd211b2-8050be72-f5080000 > | > | # entry-id: 4 > | dn: ou=People, dc=example,dc=com > | objectClass: top > | objectClass: organizationalunit > | ou: People > | aci: (targetattr ="userpassword || telephonenumber || > facsimiletelephonenumber > | ")(version 3.0;acl "Allow self entry modification";allow > (write)(userdn = "l > | dap:///self");) > | aci: (targetattr !="cn || sn || uid")(targetfilter > ="(ou=Accounting)")(version > | 3.0;acl "Accounting Managers Group Permissions";allow > (write)(groupdn = "ld > | ap:///cn=Accounting Managers,ou=groups,dc=example,dc=com");) > | aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Human > Resources)")(ve > | rsion 3.0;acl "HR Group Permissions";allow (write)(groupdn > "ldap:///cn=HR > | Managers,ou=groups,dc=example,dc=com");) > | aci: (targetattr !="cn ||sn || uid")(targetfilter ="(ou=Product > Testing)")(ver > | sion 3.0;acl "QA Group Permissions";allow (write)(groupdn > "ldap:///cn=QA M > | anagers,ou=groups,dc=example,dc=com");) > | aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Product > Development)" > | )(version 3.0;acl "Engineering Group Permissions";allow > (write)(groupdn = "l > | dap:///cn=PD Managers,ou=groups,dc=example,dc=com");) > | creatorsName: cn=directory manager > | modifiersName: cn=directory manager > | createTimestamp: 20050629120832Z > | modifyTimestamp: 20050629120832Z > | nsUniqueId: 821fc9f0-1dd211b2-8050be72-f5080000 > | > | # entry-id: 5 > | dn: ou=Special Users,dc=example,dc=com > | objectClass: top > | objectClass: organizationalUnit > | ou: Special Users > | description: Special Administrative Accounts > | creatorsName: cn=directory manager > | modifiersName: cn=directory manager > | createTimestamp: 20050629120832Z > | modifyTimestamp: 20050629120832Z > | nsUniqueId: 821fc9f1-1dd211b2-8050be72-f5080000 > | > | # entry-id: 6 > | dn: cn=Accounting Managers,ou=groups,dc=example,dc=com > | objectClass: top > | objectClass: groupOfUniqueNames > | cn: Accounting Managers > | ou: groups > | description: People who can manage accounting entries > | creatorsName: cn=directory manager > | modifiersName: cn=directory manager > | createTimestamp: 20050629120832Z > | modifyTimestamp: 20050629120832Z > | nsUniqueId: 821fc9f2-1dd211b2-8050be72-f5080000 > | > | # entry-id: 7 > | dn: cn=HR Managers,ou=groups,dc=example,dc=com > | objectClass: top > | objectClass: groupOfUniqueNames > | cn: HR Managers > | ou: groups > | description: People who can manage HR entries > | creatorsName: cn=directory manager > | modifiersName: cn=directory manager > | createTimestamp: 20050629120832Z > | modifyTimestamp: 20050629120832Z > | nsUniqueId: 821fc9f3-1dd211b2-8050be72-f5080000 > | > | # entry-id: 8 > | dn: cn=QA Managers,ou=groups,dc=example,dc=com > | objectClass: top > | objectClass: groupOfUniqueNames > | cn: QA Managers > | ou: groups > | description: People who can manage QA entries > | creatorsName: cn=directory manager > | modifiersName: cn=directory manager > | createTimestamp: 20050629120832Z > | modifyTimestamp: 20050629120832Z > | nsUniqueId: 821fc9f4-1dd211b2-8050be72-f5080000 > | > | # entry-id: 9 > | dn: cn=PD Managers,ou=groups,dc=example,dc=com > | objectClass: top > | objectClass: groupOfUniqueNames > | cn: PD Managers > | ou: groups > | description: People who can manage engineer entries > | creatorsName: cn=directory manager > | modifiersName: cn=directory manager > | createTimestamp: 20050629120832Z > | modifyTimestamp: 20050629120832Z > | nsUniqueId: 821fc9f5-1dd211b2-8050be72-f5080000 > | > | # entry-id: 10 > | dn: uid=chervatin,dc=example,dc=com > | preferredLanguage: it > | givenName: Gabriele > | ntUserCreateNewAccount: true > | objectClass: top > | objectClass: person > | objectClass: organizationalPerson > | objectClass: inetorgperson > | objectClass: ntuser > | objectClass: posixAccount > | sn;lang-af: Chervatin > | facsimileTelephoneNumber: 338 175 1966 > | uid: chervatin > | mail: gabriele.chervatin@example.com > | uidNumber: 2000 > | cn: Gabriele Chervatin > | ntUserComment: Accoutn Test NT > | loginShell: /bin/bash > | telephoneNumber;lang-af: 338 175 1966 > | gidNumber: 2000 > | ntUserDomainId: gchervatin > | cn;lang-af:: R2FicmllbGUgQ2hlcnZhdGluIA=> | gecos: Gabriele Chervatin > | givenName;lang-af: Gabriele > | homeDirectory: /home/ghcervatin > | sn: Chervatin > | userPassword: {SSHA}** > | creatorsName: > uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot > | modifiersName: > uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo > | t > | createTimestamp: 20050629131933Z > | modifyTimestamp: 20050629131933Z > | nsUniqueId: 6d483381-1dd211b2-805abe72-f5080000 > | > | # entry-id: 15 > | dn: ou=domains,dc=example,dc=com > | ou: domains > | description: domini di posta > | objectClass: top > | objectClass: organizationalunit > | creatorsName: > uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot > | modifiersName: > uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo > | t > | createTimestamp: 20050630140356Z > | modifyTimestamp: 20050630140356Z > | nsUniqueId: a9969501-1dd111b2-807fbe72-f5080000 > | > | # entry-id: 17 > | dn: ou=example.com,ou=domains,dc=example,dc=com > | ou: example.com > | objectClass: top > | objectClass: organizationalunit > | creatorsName: > uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot > | modifiersName: > uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo > | t > | createTimestamp: 20050630140640Z > | modifyTimestamp: 20050630140640Z > | nsUniqueId: 14e06701-1dd211b2-807fbe72-f5080000 > | > | # entry-id: 18 > | dn: uid=vtest1,ou=example.com,ou=domains,dc=example,dc=com > | mail: vtest1@example.com > | givenName: vtest1 > | objectClass: top > | objectClass: person > | objectClass: organizationalPerson > | objectClass: inetorgperson > | sn: vtest1 > | cn: vtest1 > | userPassword: {SSHA}** > | creatorsName: > uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot > | modifiersName: > uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo > | t > | createTimestamp: 20050630140725Z > | modifyTimestamp: 20050630142229Z > | nsUniqueId: 38a3ad01-1dd211b2-807fbe72-f5080000 > | uid: vtest1 > | passwordGraceUserTime: 0 > | > | # entry-id: 19 > | dn: uid=vtest2,ou=example.com,ou=domains,dc=example,dc=com > | mail: vtest2@example.com > | givenName: vtest2 > | objectClass: top > | objectClass: person > | objectClass: organizationalPerson > | objectClass: inetorgperson > | sn: vtest2 > | cn: vtest2 > | userPassword: {SSHA}** > | creatorsName: > uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot > | modifiersName: cn=server,cn=plugins,cn=config > | createTimestamp: 20050630140940Z > | modifyTimestamp: 20050630142223Z > | nsUniqueId: 802a3901-1dd211b2-807fbe72-f5080000 > | uid: vtest2 > | passwordGraceUserTime: 0 > | > | # entry-id: 20 > | dn: uid=vtest3,ou=example.com,ou=domains,dc=example,dc=com > | mail: Vtest3@example.com > | givenName: vtest3 > | objectClass: top > | objectClass: person > | objectClass: organizationalPerson > | objectClass: inetorgperson > | sn: vtest3 > | cn: vtest3 > | userPassword: {SSHA}** > | creatorsName: > uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot > | modifiersName: cn=server,cn=plugins,cn=config > | createTimestamp: 20050630141046Z > | modifyTimestamp: 20050630142312Z > | nsUniqueId: a3ed7f01-1dd111b2-8080be72-f5080000 > | uid: vtest3 > | passwordGraceUserTime: 0 > | > > - -- > Nathan Benson > http://sourcefire.com/ > > 1C1A F2C1 82AD F75F 9B6B E501 0D73 DC9B E96B DD96 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQFCxVjKDXPcm+lr3ZYRAjapAKCVVQSVOm6xRevUg3cJPAYArkD25ACgmB36 > rNhKIaws2GGamDWigqc36cc> =Vb3H > -----END PGP SIGNATURE----- > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users