Skip to content

date: 2010-01-25 18:29:40+00:00

Postfix + virtual users/groups/aliases stored in LDAP

categories: - Howto - LDAP - Postfix

This will just explain the configuration files needed for Postfix to check against the LDAP server.

We want to be able to send emails to username@domain.tld We also want to have aliases for our users, for example : firstname.lastname@domain.tld pointing to username@domain.tld Finally, we want groups to act as a mailing list, forwarding emails to members of the group, for example : support@domain.tld

LDAP tree

|       cn : support
|       description : alias support
|       gidNumber : 50000
|       mailRoutingAddress : support@domain.tld
|       memberUid : it (this is a group with a inetLocalMailRecipient class and a mailRoutingAddress field defined)
|       memberUid : username3 (this is a user account)
|       cn : it
|       description : IT dept group
|       gidNumber : 40000
|       mailRoutingAddress : it@domain.tld
|       memberUid : username1
|       memberUid : username2

        cn : username1
        gecos : John Doe
        gidNumber : 10000
        homeDirectory : /home/username1
        mail : john.doe@domain.tld
        mailLocalAddress : john.doe
        uid : username1

Postfix configuration

For this to work, we must define "append_at_myorigin = yes" in For group/alias emails to work, the group must have the inetLocalMailRecipient class and mailRoutingAddress defined

So we basically add in : virtual_alias_maps = ldap:/etc/postfix/, ldap:/etc/postfix/, ldap:/etc/postfix/

It means that Postfix will check first, then and finally

So we create those files : (for virtual users) :

`server_host = localhost port = 389 version = 3 search_base = ou=Users,dc=domain,dc=tld scope = sub

we search through the Users base for the recipient email address (%s)

query_filter = (mail=%s)

if we find anything under ou=Users,dc=domain,dc=tld, we deliver to the account specified under "uid"

so basically, if we send an email to john.doe@domain.tld, we will find an entry, finally delivering the email to uid username1

result_attribute = uid` (for virtual aliases) :

`server_host = localhost port = 389 version = 3 scope = sub

we search through the Aliases base...

search_base = ou=Aliases,dc=domain,dc=tld

...for the recipient email address (%s) specified under mailRoutingAddress field

query_filter = mailRoutingAddress=%s

If we find anything, return memberUid, that can be accounts, groups, or aliases

result_attribute = memberUid` (for virtual groups) :

`server_host = localhost port = 389 version = 3 scope = sub

Same as aliases, but in a different base

search_base = ou=Groups,dc=domain,dc=tld query_filter = mailRoutingAddress=%s result_attribute = memberUid`