On Wed, Jan 30, 2013 at 11:34:13AM -0300, Peter von Nostrand wrote:
> The users data is on Active Directory.
> Users has different email addresses to their username on AD and they have
> aliases on proxyaddress field.
>
> Here is the AD query:
>
> server_host = dc1.intranet.local
> search_base = dc=intranet,dc=local
> version = 3
> query_filter = (&(objectclass=Person)(|(mail=%s)(proxyAddresses=%s)))
This query is perhaps wrong, the "proxyAddresses" field in AD usually
contains address forms with <protocol>: prefixes, thus for SMTP addresses
the content is usually "smtp:localpart@domain" not "localpart@domain".
You should also set the "domain = " attribute in the map definition so
that lookups are always for full addresses and don't waste cycles with
addresses in domains that never have entries in AD.
> result_attribute = sAMAccountName
> result_format = %u/Maildir/
The sAMAccountName attribut is username not email address valued, so
there is no need to use %u here, use "%s".
> scope= sub
> bind = yes
> bind_dn = intranet\ldap
> bind_pw = somepassword
>
> And the result:
>
> #postmap -q diego@real.domain ldap:/etc/postfix/ldap-users.cf
> diego.maradona/Maildir/
>
> But when I try to deliver a mail to diego@real.domain, Dovecot tries to
> deliver it to the mail address and not the username. Returning with a "user
> unknown" message. It works OK if I edit a file with virtual aliases,
> mapping addresses to usernames, but I need to have all integrated on the AD.
Since you're using Dovecot, the virtual_mailbox_maps table is only
used for recipient validation, not for delivery, since that's done
by Dovecot. Since you want to rewrite the envelope (Dovecot user
address), you should use virtual_alias_maps instead, just change the
result to:
result_attribute = sAMAccountName
result_format = %s@dovecot.invalid
with this the virtual_mailbox_domain is now a virtual_alias_domain,
since all valid addresses are rewritten to <samaccountname>@dovecot.invalid.
Use the resulting table in virtual_alias_maps, leaving virtual_mailbox_maps
empty, since you're not using virtual(8) to do the deliveries and no longer
using virtual_mailbox_domains.
Then map the "dovecot.invalid" domain to the dovecot transport in
transport_maps.
transport:
dovecot.invalid dovecot
> master relevant line:
>
> dovecot unix - n n - - pipe
> flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f
> ${sender} -d ${recipient}
This will pass the user's rewritten email address to dovecot with
an @dovecot.invalid suffix. See pipe(8) for instructions on passing
just the localpart.
--
Viktor.
