Post

Postfix, LDAP and Fusion Directory

Recently, I’ve been going all out on deploying LDAP and realising how much easier it would have made my life over the years. Fusion Directory has proven to be a good management interface for keeping things in check.

That’s the easy part though - now how do you go about making all your software to implement the features of LDAP and FusionDirectory? Sometimes with difficulty!

After a lot of mucking around, I’ve managed to get postfix working properly with LDAP as a source of email accounts, alias, forwards etc. We want to use the standard gosaMailDelivery flags to make life easy - and these are well documented for Fusion Directory.

Firstly, I’m going to assume that you already have openLDAP and Fusion Directory running. The documentation here is more than adequate to follow.

So now we’re down to postfix.

Firstly, we want to handle accounts that postfix needs to deliver mail to. Create a new file /etc/postfix/ldap-accounts.cf and use the following:

1
2
3
4
5
6
7
8
server_host             = ldap.example.com
search_base             = ou=people,dc=example,dc=com
scope                   = sub
bind                    = no
version                 = 3
 
query_filter            = (&(mail=%s)(objectClass=gosaMailAccount)(!(gosaMailDeliveryMode=[*I*])))
result_attribute        = mail

Now we want to handle aliases - so create /etc/postfix/ldap-aliases.cf:

1
2
3
4
5
6
7
8
server_host             = ldap.example.com
search_base             = ou=people,dc=example,dc=com
scope                   = sub
bind                    = no
version                 = 3
 
query_filter            = (&(gosaMailAlternateAddress=%s)(objectClass=gosaMailAccount)(!(gosaMailDeliveryMode=[*I*])))
result_attribute        = mail

Next step is forwards with delivery to the local account as well - create /etc/postfix/ldap-forward.cf:

1
2
3
4
5
6
7
8
server_host             = ldap.example.com
search_base             = ou=people,dc=example,dc=com
scope                   = sub
bind                    = no
version                 = 3
 
query_filter            = (&(|(gosaMailAlternateAddress=%s)(mail=%s))(objectClass=gosaMailAccount)(!(gosaMailDeliveryMode=[*I*])))
result_attribute        = mail,gosaMailForwardingAddress

And lucky last, we have forwards only - without a local delivery in /etc/postfix/ldap-forward-only.cf:

1
2
3
4
5
6
7
8
server_host             = ldap.example.com
search_base             = ou=people,dc=example,dc=com
scope                   = sub
bind                    = no
version                 = 3
 
query_filter            = (&(|(gosaMailAlternateAddress=%s)(mail=%s))(gosaMailDeliveryMode=[*I*])(objectClass=gosaMailAccount))
result_attribute        = gosaMailForwardingAddress

Once these files have been created, we can configure postfix. I use a full virtual delivery - so no user accounts exist on the mail server. Add the following to /etc/postfix/main.cf:

1
2
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap-aliases.cf proxy:ldap:/etc/postfix/ldap-forward.cf proxy:ldap:/etc/postfix/ldap-forward-only.cf
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap-accounts.cf

That is the bulk of the setup done.

This post is licensed under CC BY 4.0 by the author.