Loading ...
Sorry, an error occurred while loading the content.
 

Postfix integration: Oracle or LDAP?

Expand Messages
  • Zhou, Yan
    Hi there, We want to implement SMTP authentication in Postfix and support multiple virtual domains. Rather than having user/domain/endpoint in different files,
    Message 1 of 8 , Aug 25, 2010
      Hi there,

      We want to implement SMTP authentication in Postfix and support multiple
      virtual domains. Rather than having user/domain/endpoint in different
      files, we prefer them either in database (Oracle) or LDAP. I am trying
      to weigh the pros and cons of both options. I have not seen examples
      about Oracle (most are with MySQL). We are building a new system, so we
      do not have any legacy data to migrate.

      Anyone have an opinion or can direct me to some documents that outline
      pros and cons of Oracle integration and LDAP integration with Postfix? I
      already got LDAP working and find it fairly easy, not sure if Oracle
      integration is just like that.

      One question I do have is, it seems that Postfix 2.4.x has bulit-in
      support for LDAP integration, what about with Oracle? If I have to
      recompile Postfix, that would be an disadvantage.

      (There used to be an article on this on the Web, but cannot find it
      anymore.)

      Thanks,
      Yan










      Confidentiality Notice: The information contained in this electronic transmission is confidential and may be legally privileged. It is intended only for the addressee(s) named above. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by telephone (513) 229-5500 or by email (postmaster@...). After replying, please erase it from your computer system.
    • Patrick Ben Koetter
      ... The con of Oracle is, Postfix does not support Oracle - at least not officially. I don t know if anyone has ever done the work necessary. p@rick -- All
      Message 2 of 8 , Aug 25, 2010
        * Zhou, Yan <yzhou@...>:
        > We want to implement SMTP authentication in Postfix and support multiple
        > virtual domains. Rather than having user/domain/endpoint in different
        > files, we prefer them either in database (Oracle) or LDAP. I am trying
        > to weigh the pros and cons of both options. I have not seen examples
        > about Oracle (most are with MySQL). We are building a new system, so we
        > do not have any legacy data to migrate.
        >
        > Anyone have an opinion or can direct me to some documents that outline
        > pros and cons of Oracle integration and LDAP integration with Postfix? I
        > already got LDAP working and find it fairly easy, not sure if Oracle
        > integration is just like that.

        The con of Oracle is, Postfix does not support Oracle - at least not
        officially. I don't know if anyone has ever done the work necessary.

        p@rick


        --
        All technical questions asked privately will be automatically answered on the
        list and archived for public access unless privacy is explicitely required and
        justified.

        saslfinger (debugging SMTP AUTH):
        <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
      • Wietse Venema
        ... There currently exists no Oracle client for Postfix. Maybe someone can donate an ODBC (or other cross-platform) client. It would be a little slower, but
        Message 3 of 8 , Aug 25, 2010
          Zhou, Yan:
          > Hi there,
          >
          > We want to implement SMTP authentication in Postfix and support multiple
          > virtual domains. Rather than having user/domain/endpoint in different
          > files, we prefer them either in database (Oracle) or LDAP. I am trying
          > to weigh the pros and cons of both options. I have not seen examples
          > about Oracle (most are with MySQL). We are building a new system, so we
          > do not have any legacy data to migrate.
          >
          > Anyone have an opinion or can direct me to some documents that outline
          > pros and cons of Oracle integration and LDAP integration with Postfix? I
          > already got LDAP working and find it fairly easy, not sure if Oracle
          > integration is just like that.
          >
          > One question I do have is, it seems that Postfix 2.4.x has bulit-in
          > support for LDAP integration, what about with Oracle? If I have to
          > recompile Postfix, that would be an disadvantage.

          There currently exists no Oracle client for Postfix. Maybe someone
          can donate an ODBC (or other cross-platform) client. It would be
          a little slower, but would allow Postfix to talk to lots of databases
          without needing a driver for everything and the kitchen sink.

          Wietse

          > (There used to be an article on this on the Web, but cannot find it
          > anymore.)
          >
          > Thanks,
          > Yan
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          > Confidentiality Notice: The information contained in this electronic transmission is confidential and may be legally privileged. It is intended only for the addressee(s) named above. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by telephone (513) 229-5500 or by email (postmaster@...). After replying, please erase it from your computer system.
          >
          >
          >
          >
          >
        • Patrick Ben Koetter
          ... An addendum, simply because I just happened to run into it: OpenDBX From the website: OpenDBX is an
          Message 4 of 8 , Aug 25, 2010
            * Wietse Venema <postfix-users@...>:
            > Zhou, Yan:
            > > Hi there,
            > >
            > > We want to implement SMTP authentication in Postfix and support multiple
            > > virtual domains. Rather than having user/domain/endpoint in different
            > > files, we prefer them either in database (Oracle) or LDAP. I am trying
            > > to weigh the pros and cons of both options. I have not seen examples
            > > about Oracle (most are with MySQL). We are building a new system, so we
            > > do not have any legacy data to migrate.
            > >
            > > Anyone have an opinion or can direct me to some documents that outline
            > > pros and cons of Oracle integration and LDAP integration with Postfix? I
            > > already got LDAP working and find it fairly easy, not sure if Oracle
            > > integration is just like that.
            > >
            > > One question I do have is, it seems that Postfix 2.4.x has bulit-in
            > > support for LDAP integration, what about with Oracle? If I have to
            > > recompile Postfix, that would be an disadvantage.
            >
            > There currently exists no Oracle client for Postfix. Maybe someone
            > can donate an ODBC (or other cross-platform) client. It would be
            > a little slower, but would allow Postfix to talk to lots of databases
            > without needing a driver for everything and the kitchen sink.

            An addendum, simply because I just happened to run into it:

            OpenDBX <http://www.linuxnetworks.de/doc/index.php/OpenDBX>

            From the website:

            OpenDBX is an extremely lightweight but extensible database access library
            written in C. It provides an abstraction layer to all supported databases with
            a single, clean and simple interface that leads to an elegant code design
            automatically. If you want your application to support different databases
            with little effort, this is definitively the right thing for you!

            Absolutely no idea how suitable this is for Postfix' code standards...

            p@rick

            --
            All technical questions asked privately will be automatically answered on the
            list and archived for public access unless privacy is explicitely required and
            justified.

            saslfinger (debugging SMTP AUTH):
            <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
          • Wietse Venema
            ... BTW the FreeBSD port of OpenDBX mentions support for MySQL, PostgreSQL, SQLite 2, SQLite 3, MSSQL, Sybase, but not Oracle. Wietse
            Message 5 of 8 , Aug 25, 2010
              Patrick Ben Koetter:
              > > There currently exists no Oracle client for Postfix. Maybe someone
              > > can donate an ODBC (or other cross-platform) client. It would be
              > > a little slower, but would allow Postfix to talk to lots of databases
              > > without needing a driver for everything and the kitchen sink.
              >
              > An addendum, simply because I just happened to run into it:
              >
              > OpenDBX <http://www.linuxnetworks.de/doc/index.php/OpenDBX>
              >
              > From the website:
              >
              > OpenDBX is an extremely lightweight but extensible database access library
              > written in C. It provides an abstraction layer to all supported databases with
              > a single, clean and simple interface that leads to an elegant code design
              > automatically. If you want your application to support different databases
              > with little effort, this is definitively the right thing for you!
              >
              > Absolutely no idea how suitable this is for Postfix' code standards...

              BTW the FreeBSD port of OpenDBX mentions support for MySQL,
              PostgreSQL, SQLite 2, SQLite 3, MSSQL, Sybase, but not Oracle.

              Wietse
            • Jeroen Geilman
              ... Adding to the earlier replies, it won t be that easy at all, because there is no postfix support for Oracle maps. Postfix, of course, doesn t do SMTP
              Message 6 of 8 , Sep 1, 2010
                On 08/25/2010 03:17 PM, Zhou, Yan wrote:
                > Hi there,
                >
                > We want to implement SMTP authentication in Postfix and support multiple
                > virtual domains. Rather than having user/domain/endpoint in different
                > files, we prefer them either in database (Oracle) or LDAP. I am trying
                > to weigh the pros and cons of both options. I have not seen examples
                > about Oracle (most are with MySQL). We are building a new system, so we
                > do not have any legacy data to migrate.
                >
                > Anyone have an opinion or can direct me to some documents that outline
                > pros and cons of Oracle integration and LDAP integration with Postfix? I
                > already got LDAP working and find it fairly easy, not sure if Oracle
                > integration is just like that.
                >

                Adding to the earlier replies, it won't be that easy at all, because
                there is no postfix support for Oracle maps.
                Postfix, of course, doesn't do SMTP authentication - it asks an SASL
                provider, which says "yes" or "no".
                In this sense, postfix support for $yourbackend is only part of the
                equation - your chosen SASL provider must support it too.

                Currently supported SASL providers are Cyrus and dovecot; one advantage
                of dovecot is that it supports just about absolutely any backend you can
                think of - except, obviously, Oracle - and I really like its easy
                configuration.

                An advantage of LDAP is that you can use any schema that suits you - so
                if you already HAVE a schema that is useful, you can hijack attributes
                that aren't used and re-purpose them for, say, mailbox location,
                aliases, access lists, passwords, whatever.
                Or you can extend the schema, if you have that option, and add any
                attributes you need.

                If you wanted to, you could con Windows AD into working seamlessly with
                postfix - all you need is the right LDAP query maps.

                J.
              • Adam Tauno Williams
                ... SASL with LDAP is pretty common. ... +1 Cyrus. Even easier configuration, robust, fast, and feature complete. ... LDAP is also the standard way to do
                Message 7 of 8 , Sep 1, 2010
                  On Wed, 2010-09-01 at 20:13 +0200, Jeroen Geilman wrote:
                  > On 08/25/2010 03:17 PM, Zhou, Yan wrote:
                  > > Hi there,
                  > > We want to implement SMTP authentication in Postfix and support multiple
                  > > virtual domains. Rather than having user/domain/endpoint in different
                  > > files, we prefer them either in database (Oracle) or LDAP. I am trying
                  > > to weigh the pros and cons of both options. I have not seen examples
                  > > about Oracle (most are with MySQL). We are building a new system, so we
                  > > do not have any legacy data to migrate.
                  > > Anyone have an opinion or can direct me to some documents that outline
                  > > pros and cons of Oracle integration and LDAP integration with Postfix? I
                  > > already got LDAP working and find it fairly easy, not sure if Oracle
                  > > integration is just like that.
                  > Adding to the earlier replies, it won't be that easy at all, because
                  > there is no postfix support for Oracle maps.
                  > Postfix, of course, doesn't do SMTP authentication - it asks an SASL
                  > provider, which says "yes" or "no".
                  > In this sense, postfix support for $yourbackend is only part of the
                  > equation - your chosen SASL provider must support it too.
                  > Currently supported SASL providers are Cyrus and dovecot;

                  SASL with LDAP is pretty common.

                  > one advantage
                  > of dovecot is that it supports just about absolutely any backend you can
                  > think of - except, obviously, Oracle - and I really like its easy
                  > configuration.

                  +1 Cyrus. Even easier configuration, robust, fast, and feature
                  complete.

                  > An advantage of LDAP is that you can use any schema that suits you - so
                  > if you already HAVE a schema that is useful, you can hijack attributes
                  > that aren't used and re-purpose them for, say, mailbox location,
                  > aliases, access lists, passwords, whatever.
                  > Or you can extend the schema, if you have that option, and add any
                  > attributes you need.

                  LDAP is also the 'standard' way to do such things. If you *really* want
                  to use Oracle you can use OpenLDAP's back-sql to provide an LDAP view of
                  your RDBMS data. But this account, configuration, etc... information,
                  IMNSHO, belongs in a DSA [directory server, aka LDAP] anyway and not in
                  a "database".

                  > If you wanted to, you could con Windows AD into working seamlessly with
                  > postfix - all you need is the right LDAP query maps.
                • Jeroen Geilman
                  ... I never said it wasn t common, I clarified that SASL backends have nothing to do with postfix. He seemed unsure, or mixing them up. ... Perhaps I will have
                  Message 8 of 8 , Sep 1, 2010
                    On 09/01/2010 08:21 PM, Adam Tauno Williams wrote:
                    > On Wed, 2010-09-01 at 20:13 +0200, Jeroen Geilman wrote:
                    >
                    >> On 08/25/2010 03:17 PM, Zhou, Yan wrote:
                    >>
                    >>> Hi there,
                    >>> We want to implement SMTP authentication in Postfix and support multiple
                    >>> virtual domains. Rather than having user/domain/endpoint in different
                    >>> files, we prefer them either in database (Oracle) or LDAP. I am trying
                    >>> to weigh the pros and cons of both options. I have not seen examples
                    >>> about Oracle (most are with MySQL). We are building a new system, so we
                    >>> do not have any legacy data to migrate.
                    >>> Anyone have an opinion or can direct me to some documents that outline
                    >>> pros and cons of Oracle integration and LDAP integration with Postfix? I
                    >>> already got LDAP working and find it fairly easy, not sure if Oracle
                    >>> integration is just like that.
                    >>>
                    >> Adding to the earlier replies, it won't be that easy at all, because
                    >> there is no postfix support for Oracle maps.
                    >> Postfix, of course, doesn't do SMTP authentication - it asks an SASL
                    >> provider, which says "yes" or "no".
                    >> In this sense, postfix support for $yourbackend is only part of the
                    >> equation - your chosen SASL provider must support it too.
                    >> Currently supported SASL providers are Cyrus and dovecot;
                    >>
                    > SASL with LDAP is pretty common.
                    >

                    I never said it wasn't common, I clarified that SASL backends have
                    nothing to do with postfix.
                    He seemed unsure, or mixing them up.

                    >> one advantage
                    >> of dovecot is that it supports just about absolutely any backend you can
                    >> think of - except, obviously, Oracle - and I really like its easy
                    >> configuration.
                    >>
                    > +1 Cyrus. Even easier configuration, robust, fast, and feature
                    > complete.
                    >
                    >
                    Perhaps I will have to re-visit Cyrus sometime :)
                  Your message has been successfully submitted and would be delivered to recipients shortly.