9:46 p.m.
Hello
I which you an happy new year. I would like to thank all of you for the
great job that is done in the Debops project. It provides a nice way to
manage a lot of classic/needed services.
I am currently setting up my mail service using the LDAP directory
('slapd', 'postfix', 'postldap' and 'postconf' roles).
Following are my
comments/questions.
1. postldap role seems to have outdated default parameters
----------------------------------------------------------
I am the feeling that the documentation and the default settings in
'postldap' role do not correspond to the 'mailservice' schema setup by
'slapd' role. For example, the schema recommends to not use the 'mail'
attribute for delivery. However, in 'postldap' the query filter are:
query_filter: '(&
(objectClass=inetOrgPerson)
(|
(mail=%s)
(mailAlias=%s)
)
(|
(authorizedService=all)
(authorizedService=mail:receive)
)
)'
I manage to have a working system by correcting 'mail' with
'mailAddress' and 'mailAlias' with 'mailAlternateAddress'.
Am I right? I can propose a merge request if needed.
2. How to have several recipient for an address?
------------------------------------------------
The previous setup is working nicely if the address corresponds to a
unique final account, either as main address 'mailAddress' or a
secondary one 'mailAlternateAddress'.
However, if I want a unique address delivers to several accounts, it is
not possible. Indeed, 'mailAlternateAddress' rely on the 'mail'
attribute that is unique. I know how to setup it for local account with
'etc_aliases' role, but how to have it in the LDAP directory?
Thanks a lot for your help and suggestions.
All the best
Thomas
5:50 p.m.
On sty 03, Thomas Blein wrote:
Hello
Hey, welcome in 2021. :-)
I which you an happy new year. I would like to thank all of you for
the
great job that is done in the Debops project. It provides a nice way to
manage a lot of classic/needed services.
Thanks for the kudos, I'm really happy when I hear that the project is useful
to someone.
1. postldap role seems to have outdated default parameters
----------------------------------------------------------
I am the feeling that the documentation and the default settings in
'postldap' role do not correspond to the 'mailservice' schema setup by
'slapd' role. For example, the schema recommends to not use the 'mail'
attribute for delivery. However, in 'postldap' the query filter are:
query_filter: '(&
(objectClass=inetOrgPerson)
(|
(mail=%s)
(mailAlias=%s)
)
(|
(authorizedService=all)
(authorizedService=mail:receive)
)
)'
I manage to have a working system by correcting 'mail' with
'mailAddress' and 'mailAlias' with 'mailAlternateAddress'.
Am I right? I can propose a merge request if needed.
Yes, that's correct. The filters in postldap were set up before the new
mailservice.schema was finalized (it had to be corrected due to wrong use of
SUP in some attributes). The schema is pretty generic and allows for setting
up the mail services in different ways, so I had a bit of trouble deciding
which setup should be the default. But you can definitely change the above
filters to the new ones. You should also check other filters in the role, for
example the mailbox filter needs to be updated as well, probably with
mailHomeDirectory attribute as the lookup path. Looking forward for the merge
request.
2. How to have several recipient for an address?
------------------------------------------------
The previous setup is working nicely if the address corresponds to a
unique final account, either as main address 'mailAddress' or a
secondary one 'mailAlternateAddress'.
However, if I want a unique address delivers to several accounts, it is
not possible. Indeed, 'mailAlternateAddress' rely on the 'mail'
attribute that is unique. I know how to setup it for local account with
'etc_aliases' role, but how to have it in the LDAP directory?
You can do this in two ways using the mailservice.schema. The first one is to
use the 'mailAlias' structural object to define standalone e-mail aliases:
objectClass: mailAlias
mail: alias(a)example.com
mailAddress: alias(a)example.com
mailForwardTo: user1(a)example.com
mailForwardTo: user2(a)example.com
As you can see, mailAddress will ensure that the alias is unique in the mail
system. Keep in mind that the slightly older version of the schema was buggy
and caused the 'mailAddress', 'mailForwardTo' and other such attributes to
be
included in searches for 'mail', so there were unique conflicts between
objects, but that should be fixed in the current version of the schema.
The other way to do this would be to use the 'mailDistributionList' auxiliary
object, which is useful for already existing entities (aliases are separate
objects entirely). For example if you have an organizational unit already
defined, you can create a mail distribution list for it like this:
objectClass: organizationalUnit
objectClass: mailDistributionList
ou: IT Department
mail: itdept(a)example.com
mailAddress: itdept(a)example.com
mailForwardTo: admin1(a)example.com
mailForwardTo: admin2(a)example.com
Both solutions of course need to be properly configured in Postfix or other
mail servers with lookups for mail addresses. You should be able to do that
fairly easily with Postfix LDAP howto.
Both mailAlias and mailDistributionList support many more attirubtes which you
can use to customize your mail infrastructure - multiple separate mailbox
hosts, alternative delivery methods, etc. Check the schema file for
description of the attributes.
Cheers,
Maciej
8:52 p.m.
Hello
Thanks a lot your answer.
You should also check other filters in the role, for
example the mailbox filter needs to be updated as well, probably with
mailHomeDirectory attribute as the lookup path.
Effectively I changed also other filters but only show one for
simplicity. You
are right for mailHomeDirectory. I did not use it since it was a new
setup and
the proposed solution fit.
Looking forward for the merge request.
I will do it. I do not have so much time at the moment, so it will take
a bit of
time.
[...]
Both solutions of course need to be properly configured in Postfix or
other
mail servers with lookups for mail addresses. You should be able to do
that
fairly easily with Postfix LDAP howto.
I effectively only need to add filters that will correspond to the
queries.
I will certainly include them in my proposed merge request with some
example of
entries in the documentation.
Both mailAlias and mailDistributionList support many more attirubtes
which you
can use to customize your mail infrastructure - multiple separate
mailbox
hosts, alternative delivery methods, etc. Check the schema file for
description of the attributes.
You are right. In my case it is still "simple" and was really wondering
about
the aliases.
Cheers
Thomas
1444
days inactive
1448
days old
2 comments
2 participants
participants (2)
-
Maciej Delmanowski -
Thomas Blein