Sheldon Hearn wrote:
> I'm working toward having my entire per-user mail configuration stored
> in an LDAP directory (using OpenLDAP).
O.k.
> My reading online suggests that I'm not alone when I say the hardest
> part is settling on a schema. Makes sense; that's the hardest part of
> database design too. :-)
Not really. I use Openldap 2.1.x, presently 2.1.23. This is the basis
for all local user and alias authentication in "the network" (i.e. I
don't use /etc/passwd or NIS/NIS+). The word "schema", as applied to
Openldap at least, applies to standard directory design (rfc2256 et al)
and in principle I don't need other schemas than those included with the
tarball distribution to set up local users and aliases for the 2 MTAs I
know about and use - Exim 4 and Postfix 2 snapshot.
> Your sample routers and account LDIF file look interesting (and give me
> hope), but I'm stumped on the issue of aliases and forwarding.
Basically what I'm doing, as you'll see from the ldif, is putting (in
this case) system aliases (normally in /etc/aliases) into the LDAP
directory, such that mail to any of them gets sent to one single user,
me. This model is best for LDAP - many-to-one in this case and is a
simple model. For this I use objectclasses from core.schema and
misc.schema.
> For example, how do you model in the directory, the notion that
>
> a) a user's mail is to be forwarded to another address, not delivered
> locally,
The same way as /etc/aliases does. F.ex. all mail to root@localhost gets
sent to whoever@???.
> b) a user's mail is to be forwarded to another address AND delivered
> locally,
the misc.schema attribute mailroutingaddress is single value, but
accepts a comma-separated input; i.e.:
1436 [root:billy.demon.nl] /root # exim -bt root@???
info@???
<-- root@???
router = localuser, transport = local_delivery
tonye@???
<-- root@???
router = localuser, transport = local_delivery
> or
> c) an alias which doesn't belong to any person (perhaps as part of a
> dummy organizational unit called Aliases) should be delivered to 6
> arbitrary users?
The same way. You'd use these for a small mailing list, for example.
Still using misc.schema, use the objectclass nisMailAlias instead of
mailroutingaddress. The ldif might look like:
dn: cn=nwliste,ou=contacts,dc=billy,dc=demon,dc=nl
objectClass: top
objectClass: nisMailAlias
rfc822MailMember: jongaustad@???
rfc822MailMember: gaute@???
rfc822MailMember: bjornst@???
rfc822MailMember: unnicat@???
cn: nwliste
> I had hoped that enough diligent Googling would turn up a tried and
> trusted schema for Exim mail servers that's flexible enough to handle
> these common cases.
Maybe you have the wrong idea of what "schema" means in LDAP language.
What you really mean is "directory structure", "DIT design". What you
have to do, is to get the latest release source from Openldap.org, get
the 2.1 Admin guide, subscribe to the mailing list, configure and
compile the source, and play around with the result. *No one else's rpms
or BSD port is good enough* - it's all second hand. Even linux SRPMs -
forget it. With Openldap at least, there is no tailor-made solution -
it's roll-your-own in every case. For Postfix you have to go much
further and configure SASL for digest-md5 proxy authorization and
authentication, which again means much swatting, experimenting and
archive reading. Much of this is still in its infancy, as far as
practical implementation is concerned and people who do it are path finders.
I'd also mention (and you're not going to like this as a BSD person)
that a GTK GUI such as GQ 0.7.0b2 will mean all the difference between a
dead slog and your eyes being opened ("Epiphany", "a visitation" :) You
can see and manipulate your directory graphically and, no, there's no
real other functionally-working /alternative/ to GQ. I've tried them all.
> The closest thing I've found is the qmail-ldap schema
> (http://www.nrg4u.com/qmail/QLDAPINSTALL).
The Courier IMAP schema does more or less the same. But you don't need
it for what you want, to begin with.
Best,
Tonni
--
Tony Earnshaw
Once the camel's head has entered your tent,
it's very difficult to stop the rest of the
animal from following it
http://www.billy.demon.nl
Mail: billy-at-billy.demon.nl
