Qmail Support Forum

admin · Site Admin Joined: 21 Jun 2005 Posts: 209

Hi all,

I'm trying to set up a mailserver that can host multiple domains with
completely independent username spaces, with all user data sourced from
LDAP and only virtual user accounts (ie, no real UNIX users - all files
are stored under a single uid).

Mail will be stored as follows:

/var/spool/mail/domain1.com/user1/
/var/spool/mail/domain1.com/user2/

/var/spool/mail/domain2.com/user1/
/var/spool/mail/domain2.com/user2/
/var/spool/mail/domain2.com/user3/

...and so forth.

After banging my head against a wall for hours, I've come up with the
following for part of main.cf, which actually works:

virtual_maps = ldap:vmaps

vmaps_server_host = 10.0.0.1
vmaps_server_port = 389
vmaps_search_base = o=isp
vmaps_query_filter = mail=%s
vmaps_result_attribute = uid
vmaps_bind_dn = cn=Manager, o=isp

alias_maps = ldap:amaps, hash:/etc/postfix/aliases

amaps_server_host = 10.0.0.1
amaps_server_port = 389
amaps_search_base = o=isp
amaps_query_filter = uid=%s
amaps_result_attribute = homeDirectory
amaps_bind_dn = cn=Manager, o=isp

An example LDAP entry is:

dn: uid=p...@domain.com,ou=Users,o=domain.com,o=isp
objectClass: organization
objectClass: inetorgperson
objectClass: person
objectClass: posixAccount
objectClass: qmailUser
o: domain.com
cn: Paul Dwerryhouse
givenName: Paul
sn: Dwerryhouse
homeDirectory: /var/spool/mail/domain.com/paul/
mailQuota: 1000000
uid: paul#domain.com
mail: p...@domain.com

[I had to munge the uid with a # to stop postfix from considering it an
email address to be delivered to].

However, this requires two LDAP lookups - one lookup on the 'mail' ldap
attribute, to get a uid, and then a lookup on the 'uid' attribute, which
gives the homeDirectory of the user - where the mail is stored. Besides
that, it looks like a real kludge to me - and doing it this way prevents
me from being able to send the mail through deliverquota to implement
some sort of quota system (when postfix is given a directory to
deliver it to, it ignores the mailbox_command directive).

I'm at my wit's end with this one... it seems like a system that many
organisations would need to implement quite commonly, but I'm having
so much trouble doing it. Does anyone know of a better way of doing this?

Cheers,

Paul.

--
Paul Dwerryhouse

"Why not just have the arresting officer execute you on the spot? If you turn out to be innocent, they can cancel the invoice for the bullet." -- sharkey

admin · Site Admin Joined: 21 Jun 2005 Posts: 209

Paul,

Why not just do the lookup as follows?

vmaps_query_filter = mail=%s
vmaps_result_attribute = homeDirectory

Or am I missing something obvious? That's what I have here, and it
works as far as commandline lookups using postmap go. My only problem
is that Postfix itself does not do a proper LDAP search when I try and
send a mail over this system, and I have no idea why. Maybe you have
some ideas on that..? The weird thing is that although the commandline
version works, as said, i.e.

postmap -q u...@domain.com ldap:ldapsource

returns the proper maildir, using the very same in the main.cf:

virtual_maps = ldap:ldapsource
virtual_mailbox_base = /home/vmail/domains
ldapsource_server_host = 192.168.0.5
ldapsource_search_base = dc=domain,dc=com
ldapsource_result_attribute = maildrop
ldapsource_query_filter = mailacceptinggeneralid=%s

means that Postfix makes the following search (seen using 'slapd -d
256'):

filter="(mailacceptinggeneralid=domain.com)"
^

i.e. it has not translated '%s' at all, as far as I can see - it
should be where the '^' sign is, above (at least if you're reading
this with a fixed-width font Wink

). this i really don't understand...
one part of postfix is correct, the other isn't.

any ideas very welcome! either to the list or privately: i'd really
like to get this ldap search up and running properly ... i bet it's
something excruciatingly simple like a forgotten space or something...

ed bradburn