Re: Recommended approach for LDAP as backend for virtual domain mail hosting?

[Dan White <dwhite@olp.net>]

On 04/10/10 20:47 +0200, Andreas Ntaflos wrote:
> Hi,
>
> I will probably also post this to the Postfix mailing list but it is
> fundamentally an (Open)LDAP question so here goes:
>
> Short version: What is a recommended way to set up virtual mail hosting
> based on OpenLDAP? I.e. providing mail and authentication services, like
> SMTP and IMAP, using Postfix and Dovecot, for multiple *independent
> domains* such as example.net, example.org, example.com?

A very flexible is to implement a pam/nss layer on top of your DIT that
presents your users as fully qualified to your system software.

For instance, on my system performing a 'getent passwd' lists all of my
user accounts as fully qualified accounts (e.g. jsmith@example.net).

Assuming that dovecot and your other server software do not strip domains,
or at least strip them in predictable ways, then you can use pam/nss to
export your users as system level users.

Of course, there are many reasons for implementing direct LDAP support in
your software, but you can build up from NSS accounts into something more
flexible, rather than spiral downward into trying to work around different
LDAP implementations within your software.

--
Dan White