Loading ...
Sorry, an error occurred while loading the content.

292122Re: LDAP canonical_maps and domain rewriting

Expand Messages
  • Fernando Maior
    Mar 20, 2013
    • 0 Attachment
      Patrick,

      I do not use canonical maps at all when using LDAP. I do not need it, because I just use mailForwardingAddress (actually an alias) to map the incoming email to the real mailbox.

      What I do:
      1. Use the qmail.schema in OpenLDAP
      2. Add objectClass: qmailUser to each user account
      3. Edit mailForwardingAddress when appropriate
      4. Create a file on /etc/postfix/ldap/ named forwarding
      5. Change /etc/postfix/main.cf to map aliases to the forwarding file
      In order to make changes to LDAP, you may use something like ldapadmin (ldapadmin.org) and put the difficulties to manage LDAP entries behind you.

      You may create an account with mail attribute as biz@... and mailForwardingAddress attribute as myaccount@.... 

      That configuration is only enough for receiving e-mail, not to sending e-mail.

      May be this can help you.

      Best regards,
      ---
      Fernando Maciel Souto Maior

      On Tue, Mar 19, 2013 at 7:19 PM, Viktor Dukhovni <postfix-users@...> wrote:
      On Tue, Mar 19, 2013 at 08:00:51PM +0100, Patrick Lists wrote:

      > On 03/19/2013 04:22 PM, Viktor Dukhovni wrote:
      > >Nothing unusual at all about canonical mapping,  the only anomaly
      > >I'm making a fuss about is the underlying data model.  It is OK to
      > >turn secondary addresses into primary, it is generally risky to
      > >try to turn target (delivery) addresses back into original addresses,
      > >since the mapping is often not one-to-one (and the need to introduce
      > >many-to-one may arise later).
      >
      > Thanks, I'll think this over more as I try to wrap my head around
      > this. When I stray into this issue I'll make sure to reread your
      > much appreciated advice. And probably a few more RFCs.
      >
      > Initially I thought adding LDAP was a fun idea. Given the archaic
      > nature and complexity of this beast I'm not so sure anymore. I'm
      > beginning to understand why I've heard sysadmins say that Microsoft
      > has done a nice job with AD of hiding the complexity and making it
      > work. But this is getting OT so I'll leave it at that.

      Just in terms of data models and Microsoft, the corresponding pieces
      in that case are:

              mail: primary@...
              proxyAddresses: smtp:primary@...
              proxyAddresses: smtp:secondary@...
              proxyAddresses: ...
              <some-mailbox-attribute>: mailbox

      so it would be reasonable to use "proxyAddresses=smtp:%s" as the
      lookup key for a canonical mapping with "mail" as the result, but
      not reasonable to map the <some-mailbox-attribute> back to mail.

      Don't think LDAP, think data-model, and then map that onto LDAP,
      if you're not too discouraged.

      --
              Viktor.

    • Show all 18 messages in this topic