HOWTO Postfix-LDAP virtual users with qmail schema
From Gentoo Linux Wiki
| Installation • Kernel & Hardware • Networks • Portage • Software • System • X Server • Gaming • Non-x86 • Emulators • Misc |
This howto will show you how to setup postfix with ldap virtual users using qmail schema. it can be usefull to migrate from qmail-ldap to postfix-ldap with the same ldap database.
Contents |
For more information on LDAP, also see:
- http://linuxwiki.riverworth.com/index.php/LDAP_Authentication -- General Linux and Windows (via Samba) authentication using LDAP
[edit] Emerge and prerequires
net-nds/openldap-2.2.26-r2 +berkdb +crypt +debug +gdbm -ipv6 -kerberos -odbc +perl +readline -samba +sasl -slp +ssl +tcpd dev-libs/cyrus-sasl-2.1.21-r1 -authdaemond +berkdb +crypt +debug +gdbm -java -kerberos +ldap +mysql* -ntlm_unsupported_patch +pam -postgres -sample -srp +ssl -static -urandom mail-mta/postfix-2.2.2-r1 +debug -hardened -ipv6 +ldap -mailwrapper -mbox +mysql* -nis +pam -postgres +sasl (-selinux) +ssl -vda net-mail/courier-imap-4.0.1-r2 +berkdb +debug* -fam +gdbm -ipv6 +nls (-selinux)
groupadd -g 800 vmail useradd -d /home/vmail -g 800 -m -s /bin/false -u 800 vmail mkdir /home/vmail/domains chown vmail:vmail /home/vmail/domains
- LDIF Post. Please note that there's samba stuff in the following LDIF
# # LDAPv3 # base <dc=example,dc=co,dc=ke> with scope sub # filter: objectClass=* # requesting: ALL # # example.co.ke dn: dc=example,dc=co,dc=ke objectClass: dcObject objectClass: organization dc: example o: example.co.ke # Users, example.co.ke dn: ou=Users,dc=example,dc=co,dc=ke objectClass: organizationalUnit ou: Users # Groups, example.co.ke dn: ou=Groups,dc=example,dc=co,dc=ke objectClass: organizationalUnit ou: Groups # Computers, example.co.ke dn: ou=Computers,dc=example,dc=co,dc=ke objectClass: organizationalUnit ou: Computers # Idmap, example.co.ke dn: ou=Idmap,dc=example,dc=co,dc=ke objectClass: organizationalUnit ou: Idmap # Administrator, Users, example.co.ke dn: uid=Administrator,ou=Users,dc=example,dc=co,dc=ke cn: Administrator sn: Administrator objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: posixAccount objectClass: shadowAccount objectClass: qmailUser gidNumber: 0 uid: Administrator uidNumber: 0 homeDirectory: /home/Administrator sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPrimaryGroupSID: S-1-5-21-952474763-2196935976-1665449694-512 sambaSID: S-1-5-21-952474763-2196935976-1665449694-500 loginShell: /bin/false gecos: Netbios Domain Administrator sambaLMPassword: **SET BY smbldap-passwd Administrator ** sambaAcctFlags: [U] sambaNTPassword: **SET BY smbldap-passwd Administrator ** sambaPwdLastSet: 1155225397 sambaPwdMustChange: 1159113397 accountStatus: active mail: administrator@example.co.ke userPassword:: **SET BY smbldap-passwd Administrator ** mailMessageStore: Administrator/
- For this to work, my postfix config changed to this one
## Transport domains_server_host = localhost domains_search_base = dc=example,dc=co,dc=ke domains_query_filter = (&(o=%s)(objectClass=organization)) domains_result_attribute = o #domains_scope = one domains_scope = sub domains_cache = yes domains_bind = yes domains_bind_dn = cn=Manager,dc=example,dc=co,dc=ke domains_bind_pw = P4ssw0rd domains_version = 3 ##Aliases aliases_server_host = localhost aliases_search_base = dc=example,dc=co,dc=ke aliases_query_filter = (&(objectClass=qmailUser)(mail=%s)(accountStatus=active)) #aliases_result_attribute = mailForwardingAddress aliases_result_attribute = cn aliases_scope = sub aliases_cache = yes aliases_bind = yes aliases_bind_dn = cn=Manager, dc=example,dc=co,dc=ke aliases_bind_pw = P4ssw0rd aliases_version = 3 ## Email address to mailbox mapping mailboxes_server_host = localhost mailboxes_search_base = dc=example,dc=co,dc=ke mailboxes_query_filter = (&(objectClass=qmailUser)(accountStatus=active)(|(mail=%s)(mailAlternateAddress=%s))) mailboxes_result_attribute = mailMessageStore mailboxes_scope = sub mailboxes_bind = yes mailboxes_bind_dn = cn=Manager, dc=example,dc=co,dc=ke mailboxes_bind_pw = P4ssw0rd mailboxes_version = 3 ## Distribution virtual_transport = virtual virtual_uid_maps = static:800 virtual_gid_maps = static:800 virtual_mailbox_base = /usr/local/virtual/ virtual_mailbox_maps = ldap:mailboxes virtual_mailbox_domains = ldap:domains virtual_alias_maps = ldap:aliases virtual_create_maildirsize = yes virtual_mailbox_extended = yes
[edit] Openldap configuration
| File: /etc/openldap/slapd.conf |
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema # entry mailHost in misc.schema conflicts # with the similar one in qmail.schema! #include /etc/openldap/schema/misc.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/java.schema include /etc/openldap/schema/krb5-kdc.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/qmail.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args modulepath /usr/lib/openldap/openldap moduleload back_ldap.la moduleload back_ldbm.la moduleload back_passwd.la require none database ldbm checkpoint 32 30 suffix "o=test, c=com" rootdn "cn=Manager, o=test, c=com" rootpw your_ldap_password directory /var/lib/openldap-data index objectClass eq |
[edit] Postfix Configuration
| File: /etc/postfix/main.cf |
#amavis antispam+antivirus gateway
content_filter=smtp-amavis:[127.0.0.1]:10024
queue_directory = /var/spool/postfix
unknown_local_recipient_reject_code = 550
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
myhostname = mailserver
mydomain = mydomain.com
mynetworks = 127.0.0.0/8 , 192.168.2.0/24,172.16.0.0/16
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
home_mailbox = Maildir/
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
readme_directory = /usr/share/doc/postfix-2.1.5-r2/readme
default_destination_concurrency_limit = 2
local_destination_concurrency_limit = 2
smtpd_client_restrictions = permit_mynetworks hash:/etc/postfix/access,
smtpd_sender_restrictions = permit_mynetworks
hash:/etc/postfix/access,
reject_unknown_sender_domain,
smtpd_helo_required = no
unverified_recipient_reject_code = 450
## Transport
domains_server_host = localhost
domains_search_base = o=test,c=com
domains_query_filter = (&(ou=%s)(objectClass=organizationalUnit))
domains_result_attribute = ou
domains_scope = one
domains_cache = yes
domains_bind = yes
domains_bind_dn = cn=Manager, o=test, c=com
domains_bind_pw = your_ldap_password
domains_version = 3
##Aliases
aliases_server_host = localhost
aliases_search_base = o=test,c=com
aliases_query_filter = (&(objectClass=qmailUser)(mail=%s)(accountStatus=active))
aliases_result_attribute = mailForwardingAddress
aliases_scope = sub
aliases_cache = yes
aliases_bind = yes
aliases_bind_dn = cn=Manager, o=test, c=com
aliases_bind_pw = your_ldap_password
aliases_version = 3
## Accounts with main email
accounts_server_host = localhost
accounts_search_base = o=test,c=com
accounts_query_filter = (&(objectClass=qmailUser)(mail=%s)(accountStatus=active))
accounts_result_attribute = mailMessageStore
accounts_result_format = %s/Maildir/
accounts_scope = sub
accounts_cache = yes
accounts_bind = yes
accounts_bind_dn = cn=Manager, o=test, c=com
accounts_bind_pw = your_ldap_password
accounts_version = 3
## Accounts with alternatemail emails
alternate_server_host = localhost
alternate_search_base = o=test,c=com
alternate_query_filter = (&(objectClass=qmailUser)(mailAlternateAddress=%s)(accountStatus=active))
alternate_result_attribute = mailMessageStore
alternate_result_format = %s/Maildir/
alternate_scope = sub
alternate_cache = yes
alternate_bind = yes
alternate_bind_dn = cn=Manager, o=test, c=com
alternate_bind_pw = your_ldap_password
alternate_version = 3
## Distribution
virtual_transport = virtual
virtual_uid_maps = static:800
virtual_gid_maps = static:800
virtual_mailbox_base = /home/vmail/domains
virtual_mailbox_maps = ldap:accounts,ldap:alternate
virtual_mailbox_domains = ldap:domains
virtual_alias_maps = ldap:aliases
mydestination = $myhostname
relay_domains = localhost
#SASL support
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated, check_relay_domains
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
|
[edit] Sasl2 Configuration
| File: /etc/saslauthd.conf |
ldap_servers: ldap://localhost ldap_search_base: o=test,c=com ldap_filter: (&(objectClass=qmailUser)(mail=%u@%d)) ldap_version: 3 |
[edit] Courier-imap Configuration
| File: /etc/courier/authlib/authdaemonrc |
authmodulelist="authldap" authmodulelistorig="authldap" daemons=5 authdaemonvar=/var/lib/courier/authdaemon DEBUG_LOGIN=2 DEFAULTOPTIONS="" |
| File: /etc/courier/authlib/authldaprc |
LDAP_SERVER localhost LDAP_PORT 389 LDAP_PROTOCOL_VERSION 3 LDAP_BASEDN o=test, c=com LDAP_BINDDN cn=Manager, o=test, c=com LDAP_BINDPW your_ldap_password LDAP_TIMEOUT 15 LDAP_AUTHBIND 1 LDAP_GLOB_UID vmail LDAP_GLOB_GID vmail LDAP_FILTER (accountStatus=active) LDAP_MAIL mail LDAP_HOMEDIR mailMessageStore LDAP_DEFAULTDELIVERY mailMessageStore LDAP_FULLNAME cn LDAP_CRYPTPW userPassword LDAP_MAILROOT /home/vmail/domains LDAP_DEREF never LDAP_TLS 0 |
[edit] Resources
[edit] Links
Have a look here for a detailed tutorial largely based on this article
