Re: OT: ldap schema
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/06/2010 11:22 PM, Fran Garcia wrote: Postfix has no preferred LDAP schemas, it operates at a higher level of abstraction, i.e. virtual_alias_maps, transport_maps, ... which can be implemented via LDAP if you so choose. The mapping between an actual LDAP dataset and the conceptual Postfix key/value table is up to you. Thanks for the links :-) . I already came across the postfix adapts to any ldap schema but, since I'm starting with ldap and not very familiar with all the concepts, I wanted to get some reall ife examples of actual schemas people are using. I can suggest the Spanish schema it has provisions for mail routing and is in use in several Universities and Higher Ed institutions: http://www.rediris.es/ldap/schema/iris.schema You can read use cases and some other information (in Spanish) here: http://wiki.rediris.es/gtschema/Portada - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iD8DBQFMNF62V6+mDjj1PTgRAsZ6AKC7Dt7H8T3rMH7eEkn3D54KdIxcBwCfQo5M wpUBksmO5zDSIIxK8V6XC68= =ZhKy -END PGP SIGNATURE-
Re: OT: ldap schema
On Wed, Jul 7, 2010 at 12:02, Victoriano Giralt wrote: On 07/06/2010 11:22 PM, Fran Garcia wrote: Postfix has no preferred LDAP schemas, it operates at a higher level of abstraction, i.e. virtual_alias_maps, transport_maps, ... which can be implemented via LDAP if you so choose. The mapping between an actual LDAP dataset and the conceptual Postfix key/value table is up to you. Thanks for the links :-) . I already came across the postfix adapts to any ldap schema but, since I'm starting with ldap and not very familiar with all the concepts, I wanted to get some reall ife examples of actual schemas people are using. I can suggest the Spanish schema it has provisions for mail routing and is in use in several Universities and Higher Ed institutions: http://www.rediris.es/ldap/schema/iris.schema Ahh, excelente, gracias! . You can read use cases and some other information (in Spanish) here: http://wiki.rediris.es/gtschema/Portada I'm getting a Mediawiki internal error there, does it work for you? Cheers
Re: OT: ldap schema
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/07/2010 01:24 PM, Fran Garcia wrote: http://wiki.rediris.es/gtschema/Portada I'm getting a Mediawiki internal error there, does it work for you? Works for me right now (Wed Jul 7 13:29:29 CEST 2010) - -- Victoriano Giralt Systems Manager Central ICT Services University of Malaga SPAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iD8DBQFMNGUoV6+mDjj1PTgRAgJSAJ9MGu+SGZ60FPngL4QhUTryhCK2fgCfezh+ WrdMX4iPbd4ZHQyZX9lvuyo= =J/3n -END PGP SIGNATURE-
Re: OT: ldap schema
On Wed, 07 Jul 2010 13:02:15 +0200 Victoriano Giralt victori...@uma.es articulated: On 07/06/2010 11:22 PM, Fran Garcia wrote: Postfix has no preferred LDAP schemas, it operates at a higher level of abstraction, i.e. virtual_alias_maps, transport_maps, ... which can be implemented via LDAP if you so choose. The mapping between an actual LDAP dataset and the conceptual Postfix key/value table is up to you. Thanks for the links :-) . I already came across the postfix adapts to any ldap schema but, since I'm starting with ldap and not very familiar with all the concepts, I wanted to get some reall ife examples of actual schemas people are using. I can suggest the Spanish schema it has provisions for mail routing and is in use in several Universities and Higher Ed institutions: http://www.rediris.es/ldap/schema/iris.schema You can read use cases and some other information (in Spanish) here: http://wiki.rediris.es/gtschema/Portada Perhaps someone with time to spare might be motivated to create a custom schema for Postfix. Personally, I prefer MySQL so it is not something that I would be interested in. -- Jerry ✌ postfix-u...@seibercom.net _ TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html He that teaches himself has a fool for a master. Benjamin Franklin
Re: OT: ldap schema
On Wednesday, July 07, 2010 at 13:30 CEST, Jerry postfix-u...@seibercom.net wrote: On Wed, 07 Jul 2010 13:02:15 +0200 Victoriano Giralt victori...@uma.es articulated: I can suggest the Spanish schema it has provisions for mail routing and is in use in several Universities and Higher Ed institutions: http://www.rediris.es/ldap/schema/iris.schema You can read use cases and some other information (in Spanish) here: http://wiki.rediris.es/gtschema/Portada Perhaps someone with time to spare might be motivated to create a custom schema for Postfix. Personally, I prefer MySQL so it is not something that I would be interested in. No, a Postfix LDAP schema doesn't make sense. Postfix works with any reasonably designed schema. LDAP schemas should match the information model and not the tools used to access the information. -- Magnus Bäck mag...@dsek.lth.se
Re: OT: ldap schema
On Wed, Jul 07, 2010 at 03:58:54PM +0200, Magnus B?ck wrote: On Wednesday, July 07, 2010 at 13:30 CEST, Jerry postfix-u...@seibercom.net wrote: On Wed, 07 Jul 2010 13:02:15 +0200 Victoriano Giralt victori...@uma.es articulated: I can suggest the Spanish schema it has provisions for mail routing and is in use in several Universities and Higher Ed institutions: http://www.rediris.es/ldap/schema/iris.schema You can read use cases and some other information (in Spanish) here: http://wiki.rediris.es/gtschema/Portada Perhaps someone with time to spare might be motivated to create a custom schema for Postfix. Personally, I prefer MySQL so it is not something that I would be interested in. No, a Postfix LDAP schema doesn't make sense. Postfix works with any reasonably designed schema. LDAP schemas should match the information model and not the tools used to access the information. There are many possible LDAP schemas that support various Postfix features. Which schema is most suitable depends a lot on what mappings one needs to support high level Postfix abstractions such as virtual mailboxes, virtual aliases, ... -- Viktor.
Re: OT: ldap schema
On Sat, Jul 03, 2010 at 02:15:53AM +0200, Fran Garcia wrote: Basically the schema should : - Be OpenLDAP compatible Not a problem. - Allow multidomain I don't know what this means. - Host transports for each defined account / email address. This is not a good idea. Avoid using LDAP for transport lookups. Instead: - rewrite envelope recipients to an appropriate destination domain via virtual(5) (i.e. virtual_alias_maps). - explicitly set virtual_alias_domains (even if empty). - Map each destination domain to a suitable transport via an indexed file (Berkeley DB hash or btree, CDB, ...) - Integrate with dovecot and/or cyrus-imapd. Postfix will happily use any schema in which lookup keys (typically email addresses) can be mapped to a result value (or list of values which are transformed to a comma-separated result string) by a query as explained in: http://www.postfix.org/ldap_table.5.html http://www.postfix.org/LDAP_README.html Postfix has no preferred LDAP schemas, it operates at a higher level of abstraction, i.e. virtual_alias_maps, transport_maps, ... which can be implemented via LDAP if you so choose. The mapping between an actual LDAP dataset and the conceptual Postfix key/value table is up to you. -- Viktor.
Re: OT: ldap schema
This site uses LDAP for postfix/dovecot administration since about ten years. We use qmailControl.schema (to define the domains, which are accepted at this site) and qmail.schema (to define the mailboxes whithin these domains). suomi On 2010-07-06 15:58, Victor Duchovni wrote: On Sat, Jul 03, 2010 at 02:15:53AM +0200, Fran Garcia wrote: Basically the schema should : - Be OpenLDAP compatible Not a problem. - Allow multidomain I don't know what this means. - Host transports for each defined account / email address. This is not a good idea. Avoid using LDAP for transport lookups. Instead: - rewrite envelope recipients to an appropriate destination domain via virtual(5) (i.e. virtual_alias_maps). - explicitly set virtual_alias_domains (even if empty). - Map each destination domain to a suitable transport via an indexed file (Berkeley DB hash or btree, CDB, ...) - Integrate with dovecot and/or cyrus-imapd. Postfix will happily use any schema in which lookup keys (typically email addresses) can be mapped to a result value (or list of values which are transformed to a comma-separated result string) by a query as explained in: http://www.postfix.org/ldap_table.5.html http://www.postfix.org/LDAP_README.html Postfix has no preferred LDAP schemas, it operates at a higher level of abstraction, i.e. virtual_alias_maps, transport_maps, ... which can be implemented via LDAP if you so choose. The mapping between an actual LDAP dataset and the conceptual Postfix key/value table is up to you.
Re: OT: ldap schema
On Tue, Jul 6, 2010 at 15:58, Victor Duchovni wrote: On Sat, Jul 03, 2010 at 02:15:53AM +0200, Fran Garcia wrote: Basically the schema should : - Be OpenLDAP compatible Not a problem. - Allow multidomain I don't know what this means. Hi Viktor, thanks for your reply. This means be able to hold several virtual domains as destination. Think of an ISP configuring a shared email platform for several domains / customers. Ideally those domains would be held in LDAP as well. (I've seen the qmail.schema and apparently is only ready fo one single domain). - Host transports for each defined account / email address. This is not a good idea. Avoid using LDAP for transport lookups. Instead: - rewrite envelope recipients to an appropriate destination domain via virtual(5) (i.e. virtual_alias_maps). - explicitly set virtual_alias_domains (even if empty). - Map each destination domain to a suitable transport via an indexed file (Berkeley DB hash or btree, CDB, ...) The rationale for requesting this was how do I grow if I have say 100k accounts in a single domain and I want to spread the load on several backend servers. As per your description, that would be handled like : us...@example.org - us...@internal_backendx.example.org ? - Integrate with dovecot and/or cyrus-imapd. Postfix will happily use any schema in which lookup keys (typically email addresses) can be mapped to a result value (or list of values which are transformed to a comma-separated result string) by a query as explained in: http://www.postfix.org/ldap_table.5.html http://www.postfix.org/LDAP_README.html Postfix has no preferred LDAP schemas, it operates at a higher level of abstraction, i.e. virtual_alias_maps, transport_maps, ... which can be implemented via LDAP if you so choose. The mapping between an actual LDAP dataset and the conceptual Postfix key/value table is up to you. Thanks for the links :-) . I already came across the postfix adapts to any ldap schema but, since I'm starting with ldap and not very familiar with all the concepts, I wanted to get some reall ife examples of actual schemas people are using. cheers
Re: OT: ldap schema
On 07/06/2010 04:22 PM, Fran Garcia wrote: On Tue, Jul 6, 2010 at 15:58, Victor Duchovni wrote: On Sat, Jul 03, 2010 at 02:15:53AM +0200, Fran Garcia wrote: FWITW, I've used this as a reference in the past. After you build a few of these systems, They become quite easy. http://phamm.org/ kind regards, Terry
Re: OT: ldap schema
On Tue, Jul 06, 2010 at 11:22:47PM +0200, Fran Garcia wrote: - Allow multidomain I don't know what this means. Hi Viktor, thanks for your reply. This means be able to hold several virtual domains as destination. Think of an ISP configuring a shared email platform for several domains / customers. Ideally those domains would be held in LDAP as well. (I've seen the qmail.schema and apparently is only ready fo one single domain). Postfix supports multiple domains not via pre-fab LDAP schemas, but via decisions about local and virtual users as described in http://www.postfix.org/VIRTUAL_README.html you can implement virtual alias or virtual mailbox users in as many domains as you wish, via any LDAP schema that contains the required address - value (either address of mailbox path) mappings. - Host transports for each defined account / email address. This is not a good idea. Avoid using LDAP for transport lookups. Instead: ? ?- rewrite envelope recipients to an appropriate destination ? ? ?domain via virtual(5) (i.e. virtual_alias_maps). ? ?- explicitly set virtual_alias_domains (even if empty). ? ?- Map each destination domain to a suitable transport via ? ? ?an indexed file (Berkeley DB hash or btree, CDB, ...) The rationale for requesting this was how do I grow if I have say 100k accounts in a single domain and I want to spread the load on several backend servers. As per your description, that would be handled like : us...@example.org - us...@internal_backendx.example.org ? Yes. - Integrate with dovecot and/or cyrus-imapd. Postfix will happily use any schema in which lookup keys (typically email addresses) can be mapped to a result value (or list of values which are transformed to a comma-separated result string) by a query as explained in: ? ?http://www.postfix.org/ldap_table.5.html ? ?http://www.postfix.org/LDAP_README.html Postfix has no preferred LDAP schemas, it operates at a higher level of abstraction, i.e. virtual_alias_maps, transport_maps, ... ?which can be implemented via LDAP if you so choose. The mapping between an actual LDAP dataset and the conceptual Postfix key/value table is up to you. Thanks for the links :-) . I already came across the postfix adapts to any ldap schema but, since I'm starting with ldap and not very familiar with all the concepts, I wanted to get some reall ife examples of actual schemas people are using. Design the Postfix configuration first, and the LDAP schema second. -- Viktor.
OT: ldap schema
Hi all, I'm planning now a LDAP-based Postfix setup and struggling designing the how the LDAP schema should look like. Basically the schema should : - Be OpenLDAP compatible - Allow multidomain - Host transports for each defined account / email address. - Integrate with dovecot and/or cyrus-imapd. The goal is to produce a scalable, HA system based on RHEL5 stock components. The solution would look something like : - 2x Internet-facing antispam appliances (Ironport, Barracuda, whatever) - 2x Postfix mailhub servers. They receive emails from appliances and route the mail internally based on transport rules to the right mailbox server. Also host outgoing email queues and do relay for SASL-authenticated users. - 2 to n mailbox servers running IMAP server (perhaps with LMTP capabilities) and Postfix if necessary for mail storage. Anybody has a similar setup and is willing to share? :-) Thanks in advance!
