-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gabriele, i am using the courier LDAP schema for mail attributes. but i don't see why you couldn't use what you currently have in place. if your uid of the user is where you would actually deliver the mail, you could probably just use that. your postfix configuration for alias lookups would look something like this: ~ search_base = dc=example,dc=com ~ scope = sub ~ query_filter = (mail=%s) ~ result_attribute = uid ~ special_result_filter = %s@%d i would suggest investigating the default schemas offered, or finding another mail schema to use. you will probably want the flexibility of having an email address deliver outside of a user's account (forwarding to your home account, etc). the postfix list will probably have a lot more to offer in the way of configuring postfix to use LDAP. one thing i remember is that postfix does two different LDAP lookups, one to verify there is a user by that name (local_recipient_maps) on the system, and two, where to deliver the email (virtual_alias_maps; my configuration above is for this second part). here are my two lines out of the main.cf: ~ virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf ~ local_recipient_maps = $alias_maps, ldap:/etc/postfix/ldap-users.cf good luck, i hope this helped. nb Gabriele Chervatin thus spake on 07/01/2005 03:05 AM: | Hi everyone, | | first i use Directory Server as a address book, and i tested it whit | Thunderbird. It's fine I'm able to search the users an their emails. | Now i try to configure postfix with virtual user but i a bit | complicated task for me. | | What are the basic step for the success? | I need to add new schema? | | Follow my Directory content: | | version: 1 | | # entry-id: 1 | dn: dc=example,dc=com | objectClass: top | objectClass: domain | dc: example | creatorsName: cn=directory manager | modifiersName: cn=directory manager | createTimestamp: 20050629120831Z | modifyTimestamp: 20050629120832Z | nsUniqueId: 821fc9bf-1dd211b2-8050be72-f5080000 | aci: (targetattr!="userPassword")(version 3.0; acl "Enable anonymous access"; | allow (read, search, compare)userdn="ldap:///anyone";;) | aci: (targetattr="carLicense ||description ||displayName ||facsimileTelephoneN | umber ||homePhone ||homePostalAddress ||initials ||jpegPhoto ||labeledURL || | mail ||mobile ||pager ||photo ||postOfficeBox ||postalAddress ||postalCode | | |preferredDeliveryMethod ||preferredLanguage ||registeredAddress ||roomNumbe | r ||secretary ||seeAlso ||st ||street ||telephoneNumber ||telexNumber ||titl | e ||userCertificate ||userPassword ||userSMIMECertificate ||x500UniqueIdenti | fier")(version 3.0; acl "Enable self write for common attributes"; allow (wr | ite) userdn="ldap:///self";;) | aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (a | ll) userdn="ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, o=Ne | tscapeRoot";) | aci: (targetattr ="*")(version 3.0;acl "Configuration Administrators Group";al | low (all) (groupdn = "ldap:///cn=Configuration Administrators, ou=Groups, ou | =TopologyManagement, o=NetscapeRoot");) | aci: (targetattr ="*")(version 3.0;acl "Directory Administrators Group";allow | (all) (groupdn = "ldap:///ou=Directory Administrators, dc=example,dc=c | om");) | aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)groupdn = "ld | ap:///cn=slapd-centos41, cn=Fedora Directory Server, cn=Server Group, cn=cen | tos41.example.com, ou=example.com, o=NetscapeRoot";) | | # entry-id: 2 | dn: cn=Directory Administrators, dc=example,dc=com | objectClass: top | objectClass: groupofuniquenames | cn: Directory Administrators | creatorsName: cn=directory manager | modifiersName: cn=directory manager | createTimestamp: 20050629120831Z | modifyTimestamp: 20050629120832Z | nsUniqueId: 821fc9c0-1dd211b2-8050be72-f5080000 | | # entry-id: 3 | dn: ou=Groups, dc=example,dc=com | objectClass: top | objectClass: organizationalunit | ou: Groups | creatorsName: cn=directory manager | modifiersName: cn=directory manager | createTimestamp: 20050629120832Z | modifyTimestamp: 20050629120832Z | nsUniqueId: 821fc9ef-1dd211b2-8050be72-f5080000 | | # entry-id: 4 | dn: ou=People, dc=example,dc=com | objectClass: top | objectClass: organizationalunit | ou: People | aci: (targetattr ="userpassword || telephonenumber || facsimiletelephonenumber | ")(version 3.0;acl "Allow self entry modification";allow (write)(userdn = "l | dap:///self");) | aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Accounting)")(version | 3.0;acl "Accounting Managers Group Permissions";allow (write)(groupdn = "ld | ap:///cn=Accounting Managers,ou=groups,dc=example,dc=com");) | aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Human Resources)")(ve | rsion 3.0;acl "HR Group Permissions";allow (write)(groupdn = "ldap:///cn=HR | Managers,ou=groups,dc=example,dc=com");) | aci: (targetattr !="cn ||sn || uid")(targetfilter ="(ou=Product Testing)")(ver | sion 3.0;acl "QA Group Permissions";allow (write)(groupdn = "ldap:///cn=QA M | anagers,ou=groups,dc=example,dc=com");) | aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Product Development)" | )(version 3.0;acl "Engineering Group Permissions";allow (write)(groupdn = "l | dap:///cn=PD Managers,ou=groups,dc=example,dc=com");) | creatorsName: cn=directory manager | modifiersName: cn=directory manager | createTimestamp: 20050629120832Z | modifyTimestamp: 20050629120832Z | nsUniqueId: 821fc9f0-1dd211b2-8050be72-f5080000 | | # entry-id: 5 | dn: ou=Special Users,dc=example,dc=com | objectClass: top | objectClass: organizationalUnit | ou: Special Users | description: Special Administrative Accounts | creatorsName: cn=directory manager | modifiersName: cn=directory manager | createTimestamp: 20050629120832Z | modifyTimestamp: 20050629120832Z | nsUniqueId: 821fc9f1-1dd211b2-8050be72-f5080000 | | # entry-id: 6 | dn: cn=Accounting Managers,ou=groups,dc=example,dc=com | objectClass: top | objectClass: groupOfUniqueNames | cn: Accounting Managers | ou: groups | description: People who can manage accounting entries | creatorsName: cn=directory manager | modifiersName: cn=directory manager | createTimestamp: 20050629120832Z | modifyTimestamp: 20050629120832Z | nsUniqueId: 821fc9f2-1dd211b2-8050be72-f5080000 | | # entry-id: 7 | dn: cn=HR Managers,ou=groups,dc=example,dc=com | objectClass: top | objectClass: groupOfUniqueNames | cn: HR Managers | ou: groups | description: People who can manage HR entries | creatorsName: cn=directory manager | modifiersName: cn=directory manager | createTimestamp: 20050629120832Z | modifyTimestamp: 20050629120832Z | nsUniqueId: 821fc9f3-1dd211b2-8050be72-f5080000 | | # entry-id: 8 | dn: cn=QA Managers,ou=groups,dc=example,dc=com | objectClass: top | objectClass: groupOfUniqueNames | cn: QA Managers | ou: groups | description: People who can manage QA entries | creatorsName: cn=directory manager | modifiersName: cn=directory manager | createTimestamp: 20050629120832Z | modifyTimestamp: 20050629120832Z | nsUniqueId: 821fc9f4-1dd211b2-8050be72-f5080000 | | # entry-id: 9 | dn: cn=PD Managers,ou=groups,dc=example,dc=com | objectClass: top | objectClass: groupOfUniqueNames | cn: PD Managers | ou: groups | description: People who can manage engineer entries | creatorsName: cn=directory manager | modifiersName: cn=directory manager | createTimestamp: 20050629120832Z | modifyTimestamp: 20050629120832Z | nsUniqueId: 821fc9f5-1dd211b2-8050be72-f5080000 | | # entry-id: 10 | dn: uid=chervatin,dc=example,dc=com | preferredLanguage: it | givenName: Gabriele | ntUserCreateNewAccount: true | objectClass: top | objectClass: person | objectClass: organizationalPerson | objectClass: inetorgperson | objectClass: ntuser | objectClass: posixAccount | sn;lang-af: Chervatin | facsimileTelephoneNumber: 338 175 1966 | uid: chervatin | mail: gabriele.chervatin at example.com | uidNumber: 2000 | cn: Gabriele Chervatin | ntUserComment: Accoutn Test NT | loginShell: /bin/bash | telephoneNumber;lang-af: 338 175 1966 | gidNumber: 2000 | ntUserDomainId: gchervatin | cn;lang-af:: R2FicmllbGUgQ2hlcnZhdGluIA== | gecos: Gabriele Chervatin | givenName;lang-af: Gabriele | homeDirectory: /home/ghcervatin | sn: Chervatin | userPassword: {SSHA}** | creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot | modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo | t | createTimestamp: 20050629131933Z | modifyTimestamp: 20050629131933Z | nsUniqueId: 6d483381-1dd211b2-805abe72-f5080000 | | # entry-id: 15 | dn: ou=domains,dc=example,dc=com | ou: domains | description: domini di posta | objectClass: top | objectClass: organizationalunit | creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot | modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo | t | createTimestamp: 20050630140356Z | modifyTimestamp: 20050630140356Z | nsUniqueId: a9969501-1dd111b2-807fbe72-f5080000 | | # entry-id: 17 | dn: ou=example.com,ou=domains,dc=example,dc=com | ou: example.com | objectClass: top | objectClass: organizationalunit | creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot | modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo | t | createTimestamp: 20050630140640Z | modifyTimestamp: 20050630140640Z | nsUniqueId: 14e06701-1dd211b2-807fbe72-f5080000 | | # entry-id: 18 | dn: uid=vtest1,ou=example.com,ou=domains,dc=example,dc=com | mail: vtest1 at example.com | givenName: vtest1 | objectClass: top | objectClass: person | objectClass: organizationalPerson | objectClass: inetorgperson | sn: vtest1 | cn: vtest1 | userPassword: {SSHA}** | creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot | modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo | t | createTimestamp: 20050630140725Z | modifyTimestamp: 20050630142229Z | nsUniqueId: 38a3ad01-1dd211b2-807fbe72-f5080000 | uid: vtest1 | passwordGraceUserTime: 0 | | # entry-id: 19 | dn: uid=vtest2,ou=example.com,ou=domains,dc=example,dc=com | mail: vtest2 at example.com | givenName: vtest2 | objectClass: top | objectClass: person | objectClass: organizationalPerson | objectClass: inetorgperson | sn: vtest2 | cn: vtest2 | userPassword: {SSHA}** | creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot | modifiersName: cn=server,cn=plugins,cn=config | createTimestamp: 20050630140940Z | modifyTimestamp: 20050630142223Z | nsUniqueId: 802a3901-1dd211b2-807fbe72-f5080000 | uid: vtest2 | passwordGraceUserTime: 0 | | # entry-id: 20 | dn: uid=vtest3,ou=example.com,ou=domains,dc=example,dc=com | mail: Vtest3 at example.com | givenName: vtest3 | objectClass: top | objectClass: person | objectClass: organizationalPerson | objectClass: inetorgperson | sn: vtest3 | cn: vtest3 | userPassword: {SSHA}** | creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot | modifiersName: cn=server,cn=plugins,cn=config | createTimestamp: 20050630141046Z | modifyTimestamp: 20050630142312Z | nsUniqueId: a3ed7f01-1dd111b2-8080be72-f5080000 | uid: vtest3 | passwordGraceUserTime: 0 | - -- Nathan Benson http://sourcefire.com/ 1C1A F2C1 82AD F75F 9B6B E501 0D73 DC9B E96B DD96 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCxVjKDXPcm+lr3ZYRAjapAKCVVQSVOm6xRevUg3cJPAYArkD25ACgmB36 rNhKIaws2GGamDWigqc36cc= =Vb3H -----END PGP SIGNATURE-----
