PDA

View Full Version : integrating postfix with ldap

haariseshu
3rd July 2008, 09:39
Hi all,
i'm running postfix 2.2.10 and openldap 2.2.13 on the same system. Everything is working fine. now the issue is in integrating the postfix and ldap. I have added the parameter in main.cf in order to make postfix to look ldap entries. But it's not seems to taking the user information from ldap on local delivery. when i'm using postmap -q for searching it is fetching from ldap with out any prob.
I have given all the parameters below. and logs of ldap and postfix too.
Any suggesions are most welcome.
-Hari.
================================================== ========
main.cf:
alias_maps = ldap:ldapalias
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
local_recipient_maps = ldap:ldapaliases
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = panafnet.com
myhostname = experts.panafnet.com
mynetworks = 192.168.117.0/24, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
relay_domains = $mydestination
relayhost = $mydomain
sample_directory = /usr/share/doc/postfix-2.2.10/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
unknown_local_recipient_reject_code = 550
ldapalias_server_host = experts.panafnet.com
ldapalias_search_base = dc=panafnet, dc=com
ldapalias_scope = sub
ldapalias_bind = no
ldapalias_query_filter = (|(mail=%s)(uid=%s))
ldapalias_result_attribute = mail

================================================== ======
Here is the postmap command

[root@experts ~]# postmap -q shari ldap:ldapalias
shari@panafnet.com

================================================== ========
ldaplog while local mail delivery happens
tailf /var/log/slapd.log
Jul 3 12:07:54 experts slapd[27641]: conn=2 fd=10 ACCEPT from IP=192.168.117.6:32793 (IP=0.0.0.0:389)
Jul 3 12:07:54 experts slapd[27641]: conn=2 op=0 SRCH base="dc=panafnet,dc=com" scope=2 deref=0 filter="(|(mail=shari)(uid=shari))"
Jul 3 12:07:54 experts slapd[27641]: conn=2 op=0 SRCH attr=mail
Jul 3 12:07:54 experts slapd[27641]: conn=2 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 3 12:07:54 experts slapd[27641]: conn=2 op=0 SRCH attr=mail
Jul 3 12:07:54 experts slapd[27641]: conn=2 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 3 12:07:54 experts slapd[27641]: conn=2 op=1 SRCH base="dc=panafnet,dc=com" scope=2 deref=0 filter="(|(mail=owner-shari)(uid=owner-shari))"
Jul 3 12:07:54 experts slapd[27641]: conn=2 op=1 SRCH attr=mail
Jul 3 12:07:54 experts slapd[27641]: conn=2 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=

================================================== ========
postfix log

tailf /var/log/maillog
Jul 3 12:07:54 experts postfix/pickup[28141]: 17286FE00D: uid=0 from=<root>
Jul 3 12:07:54 experts postfix/cleanup[28808]: 17286FE00D: message-id=<20080703063754.17286FE00D@experts.panafnet.com>
Jul 3 12:07:54 experts postfix/qmgr[28142]: 17286FE00D: from=<root@panafnet.com>, size=301, nrcpt=1 (queue active)
Jul 3 12:07:54 experts postfix/local[28811]: 17286FE00D: to=<shari@panafnet.com>, orig_to=<shari>, relay=local, delay=1, status=sent (delivered to command: /usr/bin/procmail)
Jul 3 12:07:54 experts postfix/qmgr[28142]: 17286FE00D: removed

================================================== ========
topdog
3rd July 2008, 18:33
what exactly is not working ?
haariseshu
4th July 2008, 05:56
what exactly is not working ?

Thankyou for your valuable reply. Actually my ldap should act as a centralized authentication. If i'm having around 20000 users in my org. i can't create all the users at os level. But the ldap will have all users entry. If anybody sending mail to my org. it should refer my ldap for user information and where to drop the mail and etc. But in current scenario if user is not at a os level the mail is bouncing. Then what's the meaning of having ldap(centralized authentication). This is my problem.
First, for this requirement what I have configured is right?
-Hari.
topdog
4th July 2008, 13:24
All you are doing there is queries the ldap directory for aliases, this is not what you want to do, you need actual recipients to be matched in ldap,

You have two options either use pam to bind to ldap (i.e simulate local users) or use virtual domains that point to ldap for the user info.

There should be several howto's on the net on how to set this up good luck.
haariseshu
4th July 2008, 14:04
All you are doing there is queries the ldap directory for aliases, this is not what you want to do, you need actual recipients to be matched in ldap,

You have two options either use pam to bind to ldap (i.e simulate local users) or use virtual domains that point to ldap for the user info.

There should be several howto's on the net on how to set this up good luck.

Friend tell me one thing is it possible to do something like this.
as i have told you in my organization 20000+users are there. I don't like to create account for each user at os level. Instead the ldap will have all the users entry. all the authentication and mail delivering regarding postfix should done with ldap only. I don't know it is psbl or not? Here the main picture is the absence of user account in os level.
if u can guide me i will be very much useful for me. also tell me where i can get docs.to configure the things as i mentioned above.
Thanks a lot......
Hari.