Loading ...
Sorry, an error occurred while loading the content.

Postfix, LDAP, Active Directory, NOT exchange

Expand Messages
  • james@shelleycollege.org
    We are trying to configure Postfix create mailboxes for each user that are users on our Windows Active Directory. So that when an email enters, if a user does
    Message 1 of 4 , Feb 1, 2006
    • 0 Attachment
      We are trying to configure Postfix create mailboxes for each user that are users on our Windows Active Directory.

      So that when an email enters, if a user does not already have a mailbox, postfix (through LDAP) queries Active Directory to check if a user exists (using either "mail" attribute, or the sAMAccountName, or whatever you suggest) and then if user exists on AD, creates a mailbox on postfix.

      All mail would reside on the Postfix server, and would NOT be relayed to an exchange server.

      Adding another problem, our domain name: example.org does not match our active directory domain: schooldomain.local

      Which is why we were looking at perhaps stripping the first part of the user account i.e. email to: foo@... would be queried against the sAMAccountName: foo@... or the mail attribute foo@...

      We can successfully perform an LDAP bind against AD, but postfix reports "User unknown in local recipient table" (local_recipent_maps=aliases ldap/etc/ldap/ldapmaps.cf)

      ldapmaps.cf attached
      --------------------------------------
      server_host = server1.schooldomain.local
      server2.schooldomain.local
      server3.schooldomain.local
      server_port = 389
      search_base = OU=StaffUsers,,dc=schooldomain,dc=LOCAL
      query_filter = (mail=%s)
      bind_dn = CN=PostfixBind,OU=Users,DC=schooldomain,DC=LOCAL
      bind_pw = postfixpassword
      version = 3
      result_attribute = (mail)
      --------------------------------------

      Any help appreciated

      James
    • Gellér Sándor
      ... I suggest to reading VIRTUAL_README, maybe virtual_mailbox_domains is what you are looking for. I suggest to create a local database instead of querying
      Message 2 of 4 , Feb 1, 2006
      • 0 Attachment
        james@... wrote:
        > We are trying to configure Postfix create mailboxes for each user that are users on our Windows Active Directory.
        >
        > So that when an email enters, if a user does not already have a mailbox, postfix (through LDAP) queries Active Directory to check if a user exists (using either "mail" attribute, or the sAMAccountName, or whatever you suggest) and then if user exists on AD, creates a mailbox on postfix.
        >
        > All mail would reside on the Postfix server, and would NOT be relayed to an exchange server.
        >
        > Adding another problem, our domain name: example.org does not match our active directory domain: schooldomain.local
        >
        > Which is why we were looking at perhaps stripping the first part of the user account i.e. email to: foo@... would be queried against the sAMAccountName: foo@... or the mail attribute foo@...
        >
        > We can successfully perform an LDAP bind against AD, but postfix reports "User unknown in local recipient table" (local_recipent_maps=aliases ldap/etc/ldap/ldapmaps.cf)
        >
        > ldapmaps.cf attached
        > --------------------------------------
        > server_host = server1.schooldomain.local
        > server2.schooldomain.local
        > server3.schooldomain.local
        > server_port = 389
        > search_base = OU=StaffUsers,,dc=schooldomain,dc=LOCAL
        > query_filter = (mail=%s)
        > bind_dn = CN=PostfixBind,OU=Users,DC=schooldomain,DC=LOCAL
        > bind_pw = postfixpassword
        > version = 3
        > result_attribute = (mail)
        > --------------------------------------
        >
        > Any help appreciated
        >
        > James

        I suggest to reading VIRTUAL_README, maybe virtual_mailbox_domains is
        what you are looking for. I suggest to create a local database instead
        of querying the AD server directly. Use ldapsearch to query the AD,
        create a suitable virtual_mailbox_map from the output, and use a modern
        POP3/IMAP server which can handle virtual users and can authenticate
        from the AD server.

        --
        Sandor Geller
        wildy@...
      • Tim Weippert
        Hi, ... If you want to search for user@schooldomain.local you can t user mail=%s as query filter. For this you should user something like
        Message 3 of 4 , Feb 1, 2006
        • 0 Attachment
          Hi,

          On Wed, Feb 01, 2006 at 10:01:39AM +0000, james@... wrote:
          > We are trying to configure Postfix create mailboxes for each user that are users on our Windows Active Directory.
          >
          > So that when an email enters, if a user does not already have a mailbox, postfix (through LDAP) queries Active Directory to check if a user exists (using either "mail" attribute, or the sAMAccountName, or whatever you suggest) and then if user exists on AD, creates a mailbox on postfix.
          >
          > All mail would reside on the Postfix server, and would NOT be relayed to an exchange server.
          >
          > Adding another problem, our domain name: example.org does not match our active directory domain: schooldomain.local
          >
          > Which is why we were looking at perhaps stripping the first part of the user account i.e. email to: foo@... would be queried against the sAMAccountName: foo@... or the mail attribute foo@...
          >
          > We can successfully perform an LDAP bind against AD, but postfix reports "User unknown in local recipient table" (local_recipent_maps=aliases ldap/etc/ldap/ldapmaps.cf)
          >
          > ldapmaps.cf attached
          > --------------------------------------
          > server_host = server1.schooldomain.local
          > server2.schooldomain.local
          > server3.schooldomain.local
          > server_port = 389
          > search_base = OU=StaffUsers,,dc=schooldomain,dc=LOCAL
          > query_filter = (mail=%s)
          > bind_dn = CN=PostfixBind,OU=Users,DC=schooldomain,DC=LOCAL
          > bind_pw = postfixpassword
          > version = 3
          > result_attribute = (mail)
          > --------------------------------------

          If you want to search for user@... you can't user mail=%s
          as query filter. For this you should user something like
          (mail=%u@...).

          For the rest try to look into the VIRTUAL_README.

          HTH,

          tim

          --
          The whole world is a scab. The point is to pick it constructively.
          -- Peter Beard

          Tim Weippert <weiti@...>
          http://www.topf-sicret.org/
        • Victor Duchovni
          ... Define mailbox ? Postfix is not an IMAP or POP server. How are the users going to access their mail? * Login to Unix and use mutt , elm , pine , ... ?
          Message 4 of 4 , Feb 1, 2006
          • 0 Attachment
            On Wed, Feb 01, 2006 at 10:01:39AM +0000, james@... wrote:

            > So that when an email enters, if a user does not already have a mailbox,
            > postfix (through LDAP) queries Active Directory to check if a user exists
            > (using either "mail" attribute, or the sAMAccountName, or whatever you
            > suggest) and then if user exists on AD, creates a mailbox on postfix.

            Define "mailbox"? Postfix is not an IMAP or POP server. How are the users
            going to access their mail?

            * Login to Unix and use "mutt", "elm", "pine", ... ?
            * Via qpopper or similar that access /var/spool/mail/$user mboxes?
            * Via WU-IMAP (which also supports mbox)?
            * Via Courier IMAP?
            * Via Dovecot?
            * Via Cyrus IMAP?

            Understanding this first is critical.

            > --------------------------------------
            > server_host = server1.schooldomain.local
            > server2.schooldomain.local
            > server3.schooldomain.local
            > server_port = 389
            > search_base = OU=StaffUsers,,dc=schooldomain,dc=LOCAL
            > query_filter = (mail=%s)
            > bind_dn = CN=PostfixBind,OU=Users,DC=schooldomain,DC=LOCAL
            > bind_pw = postfixpassword
            > version = 3
            > result_attribute = (mail)

            The result_attribute value is wrong, have you tested this table with
            "postmap -q" as advised in DATABASE_README or LDAP_README? Did you or
            will you first test your system with indexed files (dbm, hash, btree or
            cdb) and only then try LDAP?

            --
            Viktor.

            Disclaimer: off-list followups get on-list replies or get ignored.
            Please do not ignore the "Reply-To" header.

            To unsubscribe from the postfix-users list, visit
            http://www.postfix.org/lists.html or click the link below:
            <mailto:majordomo@...?body=unsubscribe%20postfix-users>

            If my response solves your problem, the best way to thank me is to not
            send an "it worked, thanks" follow-up. If you must respond, please put
            "It worked, thanks" in the "Subject" so I can delete these quickly.
          Your message has been successfully submitted and would be delivered to recipients shortly.