Hi!
IMHO, you have two choices:
1. Integrate your OS to LDAP, thus making LDAP users also OS (local)
users, in this case, you should make the shell for every "mail-only"
users to /bin/false, or maybe a "menu-like" shell that only let them
run a mail client or something like that (really old-school the
menu-thing).
2. Run virtual-only users, so, mail users doesn't exists for the OS.
Each of them have their own advantages and disadvantages. I selected
the first one, because I was too lazy to implement the 2nd, and this
far I'm able to:
1. Use dovecot as pop3/imap/sasl provider.
2. Use fs quotas, this has a nice side-effect, if I implement a file
server on the same machine and filesystem, I get a *shared* storage
size for mail/files.
3. Group-based quotas, well, I actually made a script that read quota
configuration from a file, and apply quota to the members of groups
according to that configuration, this allows me to manage user's quota
size just by changing users from one group to another.
This thread brings me a question: can all of these things be achieved
in a virtual-only environment? (I know, the info should be in the
docs, but I already stated I was a little lazy). I ask this, because
I'm thinking on moving to a virtual environment, in order to take
advantage of dovecot's proxy features (I think I could do this by
modifying only dovecot's configs, but now that I'm working on it, I
believe it could be a good time/excuse to modify postfix's ones).
I hope this helps, and thanks in advance,
Ildefonso Camargo
On Sat, Sep 5, 2009 at 2:28 PM, Raimund Eimann<raim...@busy-byte.de> wrote:
> Hi,
>
> maybe it's me having completely weird ideas, but the existing Google
> results for "postfix ldap howto" are not very satisfactory for me:
>
> All I would like to do is to have a separate user base (stored in LDAP)
> from /etc/{passwd/shadow} on my Linux box for all email-related issues. So
> far I was always annoyed that the default setup of Postfix (openSuSE,
> dunno about other distros) uses /etc/passwd to look up users, because that
> means evry added mail-user automatically also becomes an SSH user (for
> instance) without me intending this. This becomes particularly tricky if
> such a user pick "secret" as his/her password.
>
> What I find in the howto(s) are discussions about alias mapping via LDAP
> or setting up some catchall user or setting up mail distribution groups.
> Far too advanced for me. All I want is LDAP user lookup for incoming mail
> and user authentication for outgoing mail. Ideally, I would like to use
> two different branches of the LDAP tree for OS logins and mail logins.
>
> Either the info how to do this is very well hidden, or I'm looking for the
> wrong keywords, or my idea is so strange that no one's ever done such
> nonsense before (hence the apparent lack of documentation), or I simply
> missed the right spots in the howto(s).
>
> I turn to this group with some questions:
>
> a) is my idea completely crazy so that I should not do this at all?
> b) hoping for a "no" in a):
> can someone here point me into the right direction/docs?
> c) if someone did this before, can I snaffle some config snippets?
>
> Cheers,
> Raimund
>
