Loading ...
Sorry, an error occurred while loading the content.

Re: LDAP canonical_maps and domain rewriting

Expand Messages
  • Viktor Dukhovni
    ... Just in terms of data models and Microsoft, the corresponding pieces in that case are: mail: primary@example.com proxyAddresses: smtp:primary@example.com
    Message 1 of 18 , Mar 19, 2013
    • 0 Attachment
      On Tue, Mar 19, 2013 at 08:00:51PM +0100, Patrick Lists wrote:

      > On 03/19/2013 04:22 PM, Viktor Dukhovni wrote:
      > >Nothing unusual at all about canonical mapping, the only anomaly
      > >I'm making a fuss about is the underlying data model. It is OK to
      > >turn secondary addresses into primary, it is generally risky to
      > >try to turn target (delivery) addresses back into original addresses,
      > >since the mapping is often not one-to-one (and the need to introduce
      > >many-to-one may arise later).
      >
      > Thanks, I'll think this over more as I try to wrap my head around
      > this. When I stray into this issue I'll make sure to reread your
      > much appreciated advice. And probably a few more RFCs.
      >
      > Initially I thought adding LDAP was a fun idea. Given the archaic
      > nature and complexity of this beast I'm not so sure anymore. I'm
      > beginning to understand why I've heard sysadmins say that Microsoft
      > has done a nice job with AD of hiding the complexity and making it
      > work. But this is getting OT so I'll leave it at that.

      Just in terms of data models and Microsoft, the corresponding pieces
      in that case are:

      mail: primary@...
      proxyAddresses: smtp:primary@...
      proxyAddresses: smtp:secondary@...
      proxyAddresses: ...
      <some-mailbox-attribute>: mailbox

      so it would be reasonable to use "proxyAddresses=smtp:%s" as the
      lookup key for a canonical mapping with "mail" as the result, but
      not reasonable to map the <some-mailbox-attribute> back to mail.

      Don't think LDAP, think data-model, and then map that onto LDAP,
      if you're not too discouraged.

      --
      Viktor.
    • Fernando Maior
      Patrick, I do not use canonical maps at all when using LDAP. I do not need it, because I just use mailForwardingAddress (actually an alias) to map the incoming
      Message 2 of 18 , Mar 20, 2013
      • 0 Attachment
        Patrick,

        I do not use canonical maps at all when using LDAP. I do not need it, because I just use mailForwardingAddress (actually an alias) to map the incoming email to the real mailbox.

        What I do:
        1. Use the qmail.schema in OpenLDAP
        2. Add objectClass: qmailUser to each user account
        3. Edit mailForwardingAddress when appropriate
        4. Create a file on /etc/postfix/ldap/ named forwarding
        5. Change /etc/postfix/main.cf to map aliases to the forwarding file
        In order to make changes to LDAP, you may use something like ldapadmin (ldapadmin.org) and put the difficulties to manage LDAP entries behind you.

        You may create an account with mail attribute as biz@... and mailForwardingAddress attribute as myaccount@.... 

        That configuration is only enough for receiving e-mail, not to sending e-mail.

        May be this can help you.

        Best regards,
        ---
        Fernando Maciel Souto Maior

        On Tue, Mar 19, 2013 at 7:19 PM, Viktor Dukhovni <postfix-users@...> wrote:
        On Tue, Mar 19, 2013 at 08:00:51PM +0100, Patrick Lists wrote:

        > On 03/19/2013 04:22 PM, Viktor Dukhovni wrote:
        > >Nothing unusual at all about canonical mapping,  the only anomaly
        > >I'm making a fuss about is the underlying data model.  It is OK to
        > >turn secondary addresses into primary, it is generally risky to
        > >try to turn target (delivery) addresses back into original addresses,
        > >since the mapping is often not one-to-one (and the need to introduce
        > >many-to-one may arise later).
        >
        > Thanks, I'll think this over more as I try to wrap my head around
        > this. When I stray into this issue I'll make sure to reread your
        > much appreciated advice. And probably a few more RFCs.
        >
        > Initially I thought adding LDAP was a fun idea. Given the archaic
        > nature and complexity of this beast I'm not so sure anymore. I'm
        > beginning to understand why I've heard sysadmins say that Microsoft
        > has done a nice job with AD of hiding the complexity and making it
        > work. But this is getting OT so I'll leave it at that.

        Just in terms of data models and Microsoft, the corresponding pieces
        in that case are:

                mail: primary@...
                proxyAddresses: smtp:primary@...
                proxyAddresses: smtp:secondary@...
                proxyAddresses: ...
                <some-mailbox-attribute>: mailbox

        so it would be reasonable to use "proxyAddresses=smtp:%s" as the
        lookup key for a canonical mapping with "mail" as the result, but
        not reasonable to map the <some-mailbox-attribute> back to mail.

        Don't think LDAP, think data-model, and then map that onto LDAP,
        if you're not too discouraged.

        --
                Viktor.

      • Patrick Lists
        Hi Fernando, ... Thanks for the tip. I had seen the qmail.schema but had not really looked into it. Added to the TODO list. ... It s Windows only and I don t
        Message 3 of 18 , Mar 20, 2013
        • 0 Attachment
          Hi Fernando,

          On 03/20/2013 05:40 PM, Fernando Maior wrote:
          > Patrick,
          >
          > I do not use canonical maps at all when using LDAP. I do not need it,
          > because I just use mailForwardingAddress (actually an alias) to map the
          > incoming email to the real mailbox.
          >
          > What I do:
          >
          > 1. Use the qmail.schema in OpenLDAP
          > 2. Add objectClass: qmailUser to each user account
          > 3. Edit mailForwardingAddress when appropriate
          > 4. Create a file on /etc/postfix/ldap/ named forwarding
          > 5. Change /etc/postfix/main.cf <http://main.cf> to map aliases to the
          > forwarding file

          Thanks for the tip. I had seen the qmail.schema but had not really
          looked into it. Added to the TODO list.

          > In order to make changes to LDAP, you may use something like ldapadmin
          > (ldapadmin.org <http://ldapadmin.org>) and put the difficulties to
          > manage LDAP entries behind you.

          It's Windows only and I don't have anything with Windows on it. Instead
          I use Apache Directory Studio. Works quite well on Linux.

          > You may create an account with mail attribute as biz@... and
          > mailForwardingAddress attribute as myaccount@....
          >
          > That configuration is only enough for receiving e-mail, not to sending
          > e-mail.
          >
          > May be this can help you.

          It did. Thank you for your feedback.

          Regards,
          Patrick
        • Fernando Maior
          Patrick, You may want to give a try to JXplorer. It is Java-based and runs nicely. Also, you can change the forms used by it, customizing to your needs. Best
          Message 4 of 18 , Mar 20, 2013
          • 0 Attachment
            Patrick,

            You may want to give a try to JXplorer. It is Java-based and runs nicely. Also, you can change the forms used by it, customizing to your needs.

            Best regards.
            ---
            Fernando Maciel Souto Maior

            On Wed, Mar 20, 2013 at 2:52 PM, Patrick Lists <postfix-list@...> wrote:
            Hi Fernando,


            On 03/20/2013 05:40 PM, Fernando Maior wrote:
            Patrick,

            I do not use canonical maps at all when using LDAP. I do not need it,
            because I just use mailForwardingAddress (actually an alias) to map the
            incoming email to the real mailbox.

            What I do:

             1. Use the qmail.schema in OpenLDAP
             2. Add objectClass: qmailUser to each user account
             3. Edit mailForwardingAddress when appropriate
             4. Create a file on /etc/postfix/ldap/ named forwarding
             5. Change /etc/postfix/main.cf <http://main.cf> to map aliases to the
                forwarding file

            Thanks for the tip. I had seen the qmail.schema but had not really looked into it. Added to the TODO list.

            In order to make changes to LDAP, you may use something like ldapadmin
            (ldapadmin.org <http://ldapadmin.org>) and put the difficulties to

            manage LDAP entries behind you.

            It's Windows only and I don't have anything with Windows on it. Instead I use Apache Directory Studio. Works quite well on Linux.


            You may create an account with mail attribute as biz@... and
            mailForwardingAddress attribute as myaccount@....

            That configuration is only enough for receiving e-mail, not to sending
            e-mail.

            May be this can help you.

            It did. Thank you for your feedback.

            Regards,
            Patrick


          Your message has been successfully submitted and would be delivered to recipients shortly.