There is a new version of this tutorial available for Ubuntu 18.04 (Bionic Beaver).

Postfix Virtual Hosting With LDAP Backend With Dovecot As IMAP/POP3 Server On Ubuntu Hardy Heron 8.04 TLS 

I've been running with a MySQL backend for virtual hosting for some time, but when I discovered Phamm and the added FTP feature (amongst others) I decided to switch to LDAP as backend for Postfix with virtual hosting.

In view of the fact that the installation and configuration guide of Phamm is lacking some basic information it took me quite some time (including crying, swearing, getting depressed, ...) to put it all together and get it working. Long live google to find hints or explanations for problems and configuration issues. Piecing it all together wasn't simple so I would like to share how I configured it and got it all working toghether (as I like), but I think that it will benefit other users as well.

Software to be used in this how to:

Postfix (logical), Postfix-ldap, Dovecot IMAP / POP3, Openldap, Apache2, php5-ldap, phpldapadmin and gnarwl.

Note: this how to also uses dovecot deliver as maildrop agent and dovecot sasl for smtp sasl authentication. For one: postfix maildrop doesn't support ldap and I didn'd want to use courier (maildrop, authdaemon and sasl) if dovecot coud do the trick and also provide sieve support.


This how to assumes the following configurations, if your installtion differs from this, than replace the entries below with your actual configuration.

Mail delivery (mailboxes) path:


User vmail:

UID:1000, GID:1000

User postfix:

UID: 108, GID:108

Openldap base dn:


Openldap admin account:


Phamm search dn:



Step 1: Install and configure an ubuntu server

I recommend following one of the guides below for this (I do not need to rewrite or reinvent what others did bether than me):

The Perfect Server - Ubuntu Hardy Heron (Ubuntu 8.04 LTS Server)

or my favourite:

The Perfect SpamSnake - Ubuntu 8.04 LTS

In both cases, skip the installtion of the courier packages.

So let's get started:


Step 2: Install postfix-ldap, php5-ldap, and openldap

apt-get install postfix-ldap php5-ldap slapd

When prompted provide a password for the openldap admin.

Install phpldapadmin for LDAP manipulation, we need to configure out ldap tree.

apt-get install phpldapadmin

Execute the above command after that you have installed openldap, then your openldap configuration will be taken into account eg base dn: dc=excample,dc=tld

Next we import the phamm schema's for openldap:

cd /etc/ldap/schema

Now we download and extract phamm since we also need the phamm.schema

cd /usr/src
tar xvzf phamm0.5.12.tar.gz

Allwas look for new version before download!

cd /etc/ldap/schema
cp /usr/src/phamm0.5.12/schema/phamm.schema .

Next we edit the slapd.conf to include the schema's needed for phamm:

vi /etc/ldap/slapd.conf

Insert the following info the slapd.conf (after the last line that says include /etc/ldap/schema/..)

include         /etc/ldap/schema/phamm.schema
include         /etc/ldap/schema/ISPEnv2.schema
include         /etc/ldap/schema/amavis.schema
include         /etc/ldap/schema/pureftpd.schema

These only for mail and ftp account. Add the other schem's if you would like to use them, but the integration of these services is not covered in this tutorial.

Next we restart openldap in order to load the new schemas:

/etc/init.d/slapd restart

Next login to phpldapadmin and create and organisation named hosting.

Click on dc=example,dc=tld.

Click on 'Create new child entry'.

Choose 'Default'.

In the next screen choose organization from the scroll box.

Click create.

On the next sceen chose o from the RDN drop down box.

Enter hosting in the first field boxn scroll down and click create.

This concludes the first part of this how to.

Share this page:

Suggested articles

6 Comment(s)

Add comment



You can add as many virtual domains as you want. The virtual users belong to the virtual domains you add in the phamm interface.

Only the admin account can add domains. Virtual users are managed either by admin, or by the account created when you add a virtual domain. 


This was exactly what I was looking for, until I notice this was set up for virtual users on a single domain and not multiple virtual domains. I don't think it stated in the article?


The schema files are missing, some of them are available in the openldap config, some don't.
I've been searching for some of them on google, some are still located in the catch. Is there someone with the full package or has the files available some where?

By: Anonymous

In the next screen choose organization from the scroll box.

Click create.

On the next sceen chose o from the RDN drop down box.

Enter hosting in the first field boxn scroll down and click create.

 I do this, the first field being "o" required.

I enter hosting

click create,

and it returns


The Rdn attribute () does not exist.

where, oh where, have I gone amiss?


By: dali

I know that you may not need this info anymore , but let me post it for newbies that search for info :

you have to initialize you slapd with an ldif that contiains intitial domain , group or anything else : 

 like :

dn: dc=esprit,dc=tn
dc: esprit
objectClass: domain

dn: ou=People,dc=esprit,dc=tn
ou: People
objectClass: organizationalUnit

dn: ou=Groups,dc=esprit,dc=tn
ou: Groups
objectClass: organizationalUnit

# Engineering Department
dn: ou=Engineering,ou=People,dc=esprit,dc=tn
ou: Engineering
objectClass: organizationalUnit

# Admin Group
dn: cn=Admin,ou=Groups,dc=esprit,dc=tn
gidNumber: 502
memberUid: admin
memberUid: admin
cn: Admin
objectClass: posixGroup

# Admin User :
dn: uid=dali,ou=Engineering,ou=People,dc=esprit,dc=tn
sn: dali difallah
userPassword: BJsRlQT3MmAYL+HluuVVwkWX4UM96yXQ
objectClass: shadowAccount
objectClass: person
uid: dali
cn: dali difallah

# Admin User : admin
dn: uid=admin,ou=Engineering,ou=People,dc=esprit,dc=tn
sn: Admin User
userPassword: BJsRlQT3MmAYL+HluuVVwkWX4UM96yXQ
objectClass: shadowAccount
objectClass: person
uid: admin
cn: Administrator


you can refer to

 thats not the same thing but it give you better idea

also , a cummon problem , when using a used domain name : .com .net .fr .de .net .   ...... remember to disable name resolution to avoid : SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)

 (comment your /etc/resolv.conf entries)

By: claytondus

Until this guide is updated for Ibex, users need to know that the slapd.conf file has been supplanted by the cn=config database in Ibex.  This guide from the Ubuntu Server Guide should help you get the schemata imported.

OpenLDAP Server for Ubuntu 8.10 (Intrepid Ibex)

 The schemata must be converted to LDIF and then imported into the cn=config database before proceeding.