- Previous message: Mark Clarke: "Has anyone got experience in using ldap with postfix?"
- In reply to: Mark Clarke: "alias_database using ldap with kerberos authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: postfix (no email)
Date: Sun Jan 02 2005 - 02:20:40 EST
Hi Mark
if postfix handles kerberos all right, then it should work.
i have done a postfix setup which takes all delivery parameters from
ldap, (except for myhost, mydomain, ...)
to do that i have created three ldap setups for postfix
/etc/postfix/ldap-alias.cf
/etc/postfix/ldap-domain.cf
/etc/postfix/ldap-mailbox.cf
i am using the qmailUser (for aliases and mailboxes) and qmailControl
(for domains) objectClasses. i told postfix to use virtual transport
for local delivery. for aliasing i use the mailAlternateAddress
attribute, for domains the virtualDomains attribute, and for mailbox
delivery the mailMessageStore attribute as result attributes.
the advantage of all this is, that i can handle all domain and mailbox
configs via the ldap client (http://ldap.ayni.com). the disadvantage is,
that i get dependent from ldap and that postfix uses more resources.
suomi
Mark Clarke wrote:
>Hi there,
>
>I have the following setup.
>
>Openldap setup to authenticate users via kerberos. I am using heimdal
>kerberos implementation which allows for the principles to be stored in
>the ldap server
>
>I have postfix which is setup to use ldap for alias lookups. I am not
>sure though if postfix can support kerberos authentication for the alias
>database. Here is the relevant section from main.cf. I have created a
>principle postfixuser with the password secret.
>
>
>alias_maps =ldap:ldapsource
>ldapsource_server_host = slain.abc.co.za
>ldapsource_search_base = dc=abc,dc=co,dc=za
>ldapsource_query_filter = (mail=%$)
>ldapsource_bind_dn = cn=postfixuser,dc=kerbeos,dc=abc,dc=co,dc=za
>ldapsource_bind_pw = secret
>ldapsource_start_tls = yes
>ldapsource_tls_ca_cert_file = /etc/ssl/ldap.pem
>ldapsource_result_attribute = mail
>lmtp_cache_connection =NO
>
>
>
>Should this work?
>
>thanks
>Mark
>
>
>
>
|
|
|