On Wed, 2010-09-01 at 20:13 +0200, Jeroen Geilman wrote: > On 08/25/2010 03:17 PM, Zhou, Yan wrote: > > Hi there, > > We want to implement SMTP authentication in Postfix and support multiple > > virtual domains. Rather than having user/domain/endpoint in different > > files, we prefer them either in database (Oracle) or LDAP. I am trying > > to weigh the pros and cons of both options. I have not seen examples > > about Oracle (most are with MySQL). We are building a new system, so we > > do not have any legacy data to migrate. > > Anyone have an opinion or can direct me to some documents that outline > > pros and cons of Oracle integration and LDAP integration with Postfix? I > > already got LDAP working and find it fairly easy, not sure if Oracle > > integration is just like that. > Adding to the earlier replies, it won't be that easy at all, because > there is no postfix support for Oracle maps. > Postfix, of course, doesn't do SMTP authentication - it asks an SASL > provider, which says "yes" or "no". > In this sense, postfix support for $yourbackend is only part of the > equation - your chosen SASL provider must support it too. > Currently supported SASL providers are Cyrus and dovecot;
SASL with LDAP is pretty common. > one advantage > of dovecot is that it supports just about absolutely any backend you can > think of - except, obviously, Oracle - and I really like its easy > configuration. +1 Cyrus. Even easier configuration, robust, fast, and feature complete. > An advantage of LDAP is that you can use any schema that suits you - so > if you already HAVE a schema that is useful, you can hijack attributes > that aren't used and re-purpose them for, say, mailbox location, > aliases, access lists, passwords, whatever. > Or you can extend the schema, if you have that option, and add any > attributes you need. LDAP is also the 'standard' way to do such things. If you *really* want to use Oracle you can use OpenLDAP's back-sql to provide an LDAP view of your RDBMS data. But this account, configuration, etc... information, IMNSHO, belongs in a DSA [directory server, aka LDAP] anyway and not in a "database". > If you wanted to, you could con Windows AD into working seamlessly with > postfix - all you need is the right LDAP query maps.