Loading ...
Sorry, an error occurred while loading the content.

Re: LDAP canonical_maps and domain rewriting

Expand Messages
  • Fernando Maior
    Patrick, I do not use canonical maps at all when using LDAP. I do not need it, because I just use mailForwardingAddress (actually an alias) to map the incoming
    Message 1 of 18 , Mar 20 9:40 AM
    • 0 Attachment
      Patrick,

      I do not use canonical maps at all when using LDAP. I do not need it, because I just use mailForwardingAddress (actually an alias) to map the incoming email to the real mailbox.

      What I do:
      1. Use the qmail.schema in OpenLDAP
      2. Add objectClass: qmailUser to each user account
      3. Edit mailForwardingAddress when appropriate
      4. Create a file on /etc/postfix/ldap/ named forwarding
      5. Change /etc/postfix/main.cf to map aliases to the forwarding file
      In order to make changes to LDAP, you may use something like ldapadmin (ldapadmin.org) and put the difficulties to manage LDAP entries behind you.

      You may create an account with mail attribute as biz@... and mailForwardingAddress attribute as myaccount@.... 

      That configuration is only enough for receiving e-mail, not to sending e-mail.

      May be this can help you.

      Best regards,
      ---
      Fernando Maciel Souto Maior

      On Tue, Mar 19, 2013 at 7:19 PM, Viktor Dukhovni <postfix-users@...> wrote:
      On Tue, Mar 19, 2013 at 08:00:51PM +0100, Patrick Lists wrote:

      > On 03/19/2013 04:22 PM, Viktor Dukhovni wrote:
      > >Nothing unusual at all about canonical mapping,  the only anomaly
      > >I'm making a fuss about is the underlying data model.  It is OK to
      > >turn secondary addresses into primary, it is generally risky to
      > >try to turn target (delivery) addresses back into original addresses,
      > >since the mapping is often not one-to-one (and the need to introduce
      > >many-to-one may arise later).
      >
      > Thanks, I'll think this over more as I try to wrap my head around
      > this. When I stray into this issue I'll make sure to reread your
      > much appreciated advice. And probably a few more RFCs.
      >
      > Initially I thought adding LDAP was a fun idea. Given the archaic
      > nature and complexity of this beast I'm not so sure anymore. I'm
      > beginning to understand why I've heard sysadmins say that Microsoft
      > has done a nice job with AD of hiding the complexity and making it
      > work. But this is getting OT so I'll leave it at that.

      Just in terms of data models and Microsoft, the corresponding pieces
      in that case are:

              mail: primary@...
              proxyAddresses: smtp:primary@...
              proxyAddresses: smtp:secondary@...
              proxyAddresses: ...
              <some-mailbox-attribute>: mailbox

      so it would be reasonable to use "proxyAddresses=smtp:%s" as the
      lookup key for a canonical mapping with "mail" as the result, but
      not reasonable to map the <some-mailbox-attribute> back to mail.

      Don't think LDAP, think data-model, and then map that onto LDAP,
      if you're not too discouraged.

      --
              Viktor.

    • Patrick Lists
      Hi Fernando, ... Thanks for the tip. I had seen the qmail.schema but had not really looked into it. Added to the TODO list. ... It s Windows only and I don t
      Message 2 of 18 , Mar 20 10:52 AM
      • 0 Attachment
        Hi Fernando,

        On 03/20/2013 05:40 PM, Fernando Maior wrote:
        > Patrick,
        >
        > I do not use canonical maps at all when using LDAP. I do not need it,
        > because I just use mailForwardingAddress (actually an alias) to map the
        > incoming email to the real mailbox.
        >
        > What I do:
        >
        > 1. Use the qmail.schema in OpenLDAP
        > 2. Add objectClass: qmailUser to each user account
        > 3. Edit mailForwardingAddress when appropriate
        > 4. Create a file on /etc/postfix/ldap/ named forwarding
        > 5. Change /etc/postfix/main.cf <http://main.cf> to map aliases to the
        > forwarding file

        Thanks for the tip. I had seen the qmail.schema but had not really
        looked into it. Added to the TODO list.

        > In order to make changes to LDAP, you may use something like ldapadmin
        > (ldapadmin.org <http://ldapadmin.org>) and put the difficulties to
        > manage LDAP entries behind you.

        It's Windows only and I don't have anything with Windows on it. Instead
        I use Apache Directory Studio. Works quite well on Linux.

        > You may create an account with mail attribute as biz@... and
        > mailForwardingAddress attribute as myaccount@....
        >
        > That configuration is only enough for receiving e-mail, not to sending
        > e-mail.
        >
        > May be this can help you.

        It did. Thank you for your feedback.

        Regards,
        Patrick
      • Fernando Maior
        Patrick, You may want to give a try to JXplorer. It is Java-based and runs nicely. Also, you can change the forms used by it, customizing to your needs. Best
        Message 3 of 18 , Mar 20 11:02 AM
        • 0 Attachment
          Patrick,

          You may want to give a try to JXplorer. It is Java-based and runs nicely. Also, you can change the forms used by it, customizing to your needs.

          Best regards.
          ---
          Fernando Maciel Souto Maior

          On Wed, Mar 20, 2013 at 2:52 PM, Patrick Lists <postfix-list@...> wrote:
          Hi Fernando,


          On 03/20/2013 05:40 PM, Fernando Maior wrote:
          Patrick,

          I do not use canonical maps at all when using LDAP. I do not need it,
          because I just use mailForwardingAddress (actually an alias) to map the
          incoming email to the real mailbox.

          What I do:

           1. Use the qmail.schema in OpenLDAP
           2. Add objectClass: qmailUser to each user account
           3. Edit mailForwardingAddress when appropriate
           4. Create a file on /etc/postfix/ldap/ named forwarding
           5. Change /etc/postfix/main.cf <http://main.cf> to map aliases to the
              forwarding file

          Thanks for the tip. I had seen the qmail.schema but had not really looked into it. Added to the TODO list.

          In order to make changes to LDAP, you may use something like ldapadmin
          (ldapadmin.org <http://ldapadmin.org>) and put the difficulties to

          manage LDAP entries behind you.

          It's Windows only and I don't have anything with Windows on it. Instead I use Apache Directory Studio. Works quite well on Linux.


          You may create an account with mail attribute as biz@... and
          mailForwardingAddress attribute as myaccount@....

          That configuration is only enough for receiving e-mail, not to sending
          e-mail.

          May be this can help you.

          It did. Thank you for your feedback.

          Regards,
          Patrick


        Your message has been successfully submitted and would be delivered to recipients shortly.