[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Recommended approach for LDAP as backend for virtual domain mail hosting?
On Friday 08 October 2010 13:39:25 Buchan Milne wrote:
> > > > * Groups and aliases must be possible
> > > What specifically do you mean by groups?
> > By group support I just mean the usual way to group users together,
> > as in ou=groups,dc=example,dc=com. Users on different hosted
> > domains won't/can't be in the same group, if that matters any.
>
> But, what would you use the groups for? Authorization to specific
> services only available to specific groups?
Exactly. That shouldn't be a problem, should it?
> > However, when using uid=joe@example.com,o=mysitename, how would
> > Postfix (or anything else) look up which virtual domains it is
> > supposed to serve, i.e. virtual_mailbox_domains?
> >
> > That's the one think about which I am not yet quite clear. In our
> > relational database there's a simple table "virtual_domains" with a
> > name and an ID for the hosted domains. Postfix only wants the key
> > (the domain name) to exist when doing a lookup so a query is just
> > a simple "SELECT 1 FROM virtual_domains WHERE name='%s'", %s being
> > the domain name of course. How would a "corresponding" LDAP query
> > look like?
>
> Don't try and one-to-one map an RDBMS table to an LDAP container,
> start by mapping the query to an ldap search (basedn, filter, result
> attributes) first.
Yeah, I am having some difficulties with that :)
> You could use something like this:
>
> dn: domain=domain1.example.com,dc=example,dc=com
> objectclass: domain
> domain: domain1.example.com
>
> Then you would use an LDAP map with
> search_base = dc=example,dc=com
> query_filter = (&(objectclass=domain)(domain=%s))
> result_attribute = domain
Thank you, that makes a lot of sense. Based on that it should not be too
difficult to map other necessary queries from SQL to LDAP.
> You may choose to have more separation, with a separate basedn for
> domains, but it isn't necessary.
I see now how it is supposed to work. Hopefully I'll have some time this
week to build a test setup. Expect more concrete questions about
OpenLDAP :)
Thanks again for your help and ideas!
Andreas