Search:  
Gentoo Wiki

HOWTO_Postfix-LDAP_virtual_users_with_qmail_schema

This article is part of the HOWTO series.
Installation Kernel & Hardware Networks Portage Software System X Server Gaming Non-x86 Emulators Misc


Please improve it in any way that you see fit, and remove this notice {{Cleanup}} from the article. For tips on cleaning and formatting see Cleanup process


This howto will show you how to setup postfix with ldap virtual users using qmail schema. it can be usefull to migrate from qmail-ldap to postfix-ldap with the same ldap database.

Contents


For more information on LDAP, also see:

Emerge and prerequires

net-nds/openldap-2.2.26-r2  +berkdb +crypt +debug +gdbm -ipv6 -kerberos -odbc +perl +readline -samba +sasl -slp +ssl +tcpd
dev-libs/cyrus-sasl-2.1.21-r1  -authdaemond +berkdb +crypt +debug +gdbm -java -kerberos +ldap +mysql* -ntlm_unsupported_patch +pam -postgres -sample -srp +ssl -static -urandom
mail-mta/postfix-2.2.2-r1  +debug -hardened -ipv6 +ldap -mailwrapper -mbox +mysql* -nis +pam -postgres +sasl (-selinux) +ssl -vda
net-mail/courier-imap-4.0.1-r2  +berkdb +debug* -fam +gdbm -ipv6 +nls (-selinux)
 groupadd -g 800 vmail
 useradd -d /home/vmail -g 800 -m -s /bin/false -u 800 vmail
 mkdir /home/vmail/domains
 chown vmail:vmail /home/vmail/domains
#
# LDAPv3
# base <dc=example,dc=co,dc=ke> with scope sub
# filter: objectClass=*
# requesting: ALL
#

# example.co.ke
dn: dc=example,dc=co,dc=ke
objectClass: dcObject
objectClass: organization
dc: example
o: example.co.ke

# Users, example.co.ke
dn: ou=Users,dc=example,dc=co,dc=ke
objectClass: organizationalUnit
ou: Users

# Groups, example.co.ke
dn: ou=Groups,dc=example,dc=co,dc=ke
objectClass: organizationalUnit
ou: Groups

# Computers, example.co.ke
dn: ou=Computers,dc=example,dc=co,dc=ke
objectClass: organizationalUnit
ou: Computers

# Idmap, example.co.ke
dn: ou=Idmap,dc=example,dc=co,dc=ke
objectClass: organizationalUnit
ou: Idmap

# Administrator, Users, example.co.ke
dn: uid=Administrator,ou=Users,dc=example,dc=co,dc=ke
cn: Administrator
sn: Administrator
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
objectClass: qmailUser
gidNumber: 0
uid: Administrator
uidNumber: 0
homeDirectory: /home/Administrator
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPrimaryGroupSID: S-1-5-21-952474763-2196935976-1665449694-512
sambaSID: S-1-5-21-952474763-2196935976-1665449694-500
loginShell: /bin/false
gecos: Netbios Domain Administrator
sambaLMPassword: **SET BY  smbldap-passwd Administrator **
sambaAcctFlags: [U]
sambaNTPassword: **SET BY  smbldap-passwd Administrator **
sambaPwdLastSet: 1155225397
sambaPwdMustChange: 1159113397
accountStatus: active
mail: administrator@example.co.ke
userPassword:: **SET BY  smbldap-passwd Administrator **
mailMessageStore: Administrator/
## Transport
domains_server_host = localhost
domains_search_base = dc=example,dc=co,dc=ke
domains_query_filter = (&(o=%s)(objectClass=organization))
domains_result_attribute = o
#domains_scope = one
domains_scope = sub
domains_cache = yes
domains_bind = yes
domains_bind_dn = cn=Manager,dc=example,dc=co,dc=ke
domains_bind_pw = P4ssw0rd
domains_version = 3

##Aliases
aliases_server_host = localhost
aliases_search_base = dc=example,dc=co,dc=ke
aliases_query_filter = (&(objectClass=qmailUser)(mail=%s)(accountStatus=active))
#aliases_result_attribute = mailForwardingAddress
aliases_result_attribute = cn
aliases_scope = sub
aliases_cache = yes
aliases_bind = yes
aliases_bind_dn = cn=Manager, dc=example,dc=co,dc=ke
aliases_bind_pw = P4ssw0rd
aliases_version = 3


## Email address to mailbox mapping
mailboxes_server_host = localhost
mailboxes_search_base = dc=example,dc=co,dc=ke
mailboxes_query_filter = (&(objectClass=qmailUser)(accountStatus=active)(|(mail=%s)(mailAlternateAddress=%s)))
mailboxes_result_attribute = mailMessageStore
mailboxes_scope = sub
mailboxes_bind = yes
mailboxes_bind_dn = cn=Manager, dc=example,dc=co,dc=ke
mailboxes_bind_pw = P4ssw0rd
mailboxes_version = 3

## Distribution

virtual_transport = virtual
virtual_uid_maps = static:800
virtual_gid_maps = static:800
virtual_mailbox_base = /usr/local/virtual/
virtual_mailbox_maps = ldap:mailboxes
virtual_mailbox_domains = ldap:domains
virtual_alias_maps = ldap:aliases
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes

Openldap configuration

File: /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
# entry mailHost in misc.schema conflicts
# with the similar one in qmail.schema!
#include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/krb5-kdc.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/qmail.schema

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

modulepath     /usr/lib/openldap/openldap
moduleload     back_ldap.la
moduleload     back_ldbm.la
moduleload     back_passwd.la
require none
database ldbm
checkpoint      32      30 

suffix "o=test, c=com"
rootdn "cn=Manager, o=test, c=com"
rootpw your_ldap_password

directory       /var/lib/openldap-data
index   objectClass     eq

Postfix Configuration

File: /etc/postfix/main.cf

#amavis antispam+antivirus gateway
content_filter=smtp-amavis:[127.0.0.1]:10024

queue_directory = /var/spool/postfix
unknown_local_recipient_reject_code = 550
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
myhostname = mailserver
mydomain = mydomain.com
mynetworks = 127.0.0.0/8 , 192.168.2.0/24,172.16.0.0/16
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
home_mailbox = Maildir/
debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
manpage_directory = /usr/share/man
sample_directory = /etc/postfix

readme_directory = /usr/share/doc/postfix-2.1.5-r2/readme
default_destination_concurrency_limit = 2
local_destination_concurrency_limit = 2
smtpd_client_restrictions =    permit_mynetworks hash:/etc/postfix/access,
smtpd_sender_restrictions =     permit_mynetworks
                                hash:/etc/postfix/access,
                                reject_unknown_sender_domain,


smtpd_helo_required = no
unverified_recipient_reject_code = 450




## Transport

domains_server_host = localhost
domains_search_base = o=test,c=com
domains_query_filter = (&(ou=%s)(objectClass=organizationalUnit))
domains_result_attribute = ou
domains_scope = one
domains_cache = yes
domains_bind = yes
domains_bind_dn = cn=Manager, o=test, c=com
domains_bind_pw = your_ldap_password
domains_version = 3

##Aliases
aliases_server_host = localhost
aliases_search_base = o=test,c=com
aliases_query_filter = (&(objectClass=qmailUser)(mail=%s)(accountStatus=active))
aliases_result_attribute = mailForwardingAddress
aliases_scope = sub
aliases_cache = yes
aliases_bind = yes
aliases_bind_dn = cn=Manager, o=test, c=com
aliases_bind_pw = your_ldap_password
aliases_version = 3


## Accounts with main email


accounts_server_host = localhost
accounts_search_base = o=test,c=com
accounts_query_filter = (&(objectClass=qmailUser)(mail=%s)(accountStatus=active))
accounts_result_attribute = mailMessageStore
accounts_result_format  =  %s/Maildir/
accounts_scope = sub
accounts_cache = yes
accounts_bind = yes
accounts_bind_dn = cn=Manager, o=test, c=com
accounts_bind_pw = your_ldap_password
accounts_version = 3


## Accounts with alternatemail emails

alternate_server_host = localhost
alternate_search_base = o=test,c=com
alternate_query_filter = (&(objectClass=qmailUser)(mailAlternateAddress=%s)(accountStatus=active))

alternate_result_attribute = mailMessageStore
alternate_result_format  =  %s/Maildir/
alternate_scope = sub
alternate_cache = yes
alternate_bind = yes
alternate_bind_dn = cn=Manager, o=test, c=com
alternate_bind_pw = your_ldap_password
alternate_version = 3



## Distribution

virtual_transport = virtual
virtual_uid_maps = static:800
virtual_gid_maps = static:800
virtual_mailbox_base = /home/vmail/domains
virtual_mailbox_maps = ldap:accounts,ldap:alternate
virtual_mailbox_domains = ldap:domains
virtual_alias_maps = ldap:aliases
mydestination = $myhostname
relay_domains = localhost




#SASL support
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated, check_relay_domains
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

Sasl2 Configuration

File: /etc/saslauthd.conf
ldap_servers: ldap://localhost
ldap_search_base: o=test,c=com
ldap_filter: (&(objectClass=qmailUser)(mail=%u@%d))
ldap_version: 3

Courier-imap Configuration

File: /etc/courier/authlib/authdaemonrc
authmodulelist="authldap"
authmodulelistorig="authldap"
daemons=5
authdaemonvar=/var/lib/courier/authdaemon
DEBUG_LOGIN=2
DEFAULTOPTIONS=""
File: /etc/courier/authlib/authldaprc
LDAP_SERVER             localhost
LDAP_PORT               389
LDAP_PROTOCOL_VERSION   3
LDAP_BASEDN             o=test, c=com
LDAP_BINDDN             cn=Manager, o=test, c=com
LDAP_BINDPW             your_ldap_password
LDAP_TIMEOUT            15
LDAP_AUTHBIND           1

LDAP_GLOB_UID           vmail
LDAP_GLOB_GID           vmail

LDAP_FILTER           (accountStatus=active)
LDAP_MAIL               mail                    
LDAP_HOMEDIR            mailMessageStore
LDAP_DEFAULTDELIVERY    mailMessageStore
LDAP_FULLNAME           cn
LDAP_CRYPTPW            userPassword
LDAP_MAILROOT           /home/vmail/domains

LDAP_DEREF              never
LDAP_TLS                0

Resources

Links

Have a look here for a detailed tutorial largely based on this article

Retrieved from "http://www.gentoo-wiki.info/HOWTO_Postfix-LDAP_virtual_users_with_qmail_schema"

Last modified: Sun, 25 May 2008 01:10:00 +0000 Hits: 40,087