LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-03-2008, 02:42 AM   #1
haariseshu
Member
 
Registered: Jan 2008
Location: Noida, India
Distribution: RHEL
Posts: 81

Rep: Reputation: 15
Question integrating postfix with ldap


Hi all,
i'm running postfix 2.2.10 and openldap 2.2.13 on the same system. Everything is working fine. now the issue is in integrating the postfix and ldap. I have added the parameter in main.cf in order to make postfix to look ldap entries. But it's not seems to taking the user information from ldap on local delivery. when i'm using postmap -q for searching it is fetching from ldap with out any prob.
I have given all the parameters below. and logs of ldap and postfix too.
Any suggesions are most welcome.
-Hari.
==========================================================
main.cf:
alias_maps = ldap:ldapalias
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
local_recipient_maps = ldap:ldapaliases
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = panafnet.com
myhostname = experts.panafnet.com
mynetworks = 192.168.117.0/24, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
relay_domains = $mydestination
relayhost = $mydomain
sample_directory = /usr/share/doc/postfix-2.2.10/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
unknown_local_recipient_reject_code = 550
ldapalias_server_host = experts.panafnet.com
ldapalias_search_base = dc=panafnet, dc=com
ldapalias_scope = sub
ldapalias_bind = no
ldapalias_query_filter = (|(mail=%s)(uid=%s))
ldapalias_result_attribute = mail

========================================================
Here is the postmap command

[root@experts ~]# postmap -q shari ldap:ldapalias
shari@panafnet.com

==========================================================
ldaplog while local mail delivery happens
tailf /var/log/slapd.log
Jul 3 12:07:54 experts slapd[27641]: conn=2 fd=10 ACCEPT from IP=192.168.117.6:32793 (IP=0.0.0.0:389)
Jul 3 12:07:54 experts slapd[27641]: conn=2 op=0 SRCH base="dc=panafnet,dc=com" scope=2 deref=0 filter="(|(mail=shari)(uid=shari))"
Jul 3 12:07:54 experts slapd[27641]: conn=2 op=0 SRCH attr=mail
Jul 3 12:07:54 experts slapd[27641]: conn=2 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 3 12:07:54 experts slapd[27641]: conn=2 op=0 SRCH attr=mail
Jul 3 12:07:54 experts slapd[27641]: conn=2 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 3 12:07:54 experts slapd[27641]: conn=2 op=1 SRCH base="dc=panafnet,dc=com" scope=2 deref=0 filter="(|(mail=owner-shari)(uid=owner-shari))"
Jul 3 12:07:54 experts slapd[27641]: conn=2 op=1 SRCH attr=mail
Jul 3 12:07:54 experts slapd[27641]: conn=2 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=

==========================================================
postfix log

tailf /var/log/maillog
Jul 3 12:07:54 experts postfix/pickup[28141]: 17286FE00D: uid=0 from=<root>
Jul 3 12:07:54 experts postfix/cleanup[28808]: 17286FE00D: message-id=<20080703063754.17286FE00D@experts.panafnet.com>
Jul 3 12:07:54 experts postfix/qmgr[28142]: 17286FE00D: from=<root@panafnet.com>, size=301, nrcpt=1 (queue active)
Jul 3 12:07:54 experts postfix/local[28811]: 17286FE00D: to=<shari@panafnet.com>, orig_to=<shari>, relay=local, delay=1, status=sent (delivered to command: /usr/bin/procmail)
Jul 3 12:07:54 experts postfix/qmgr[28142]: 17286FE00D: removed

==========================================================
 
Old 07-03-2008, 02:49 AM   #2
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
Your mail is being delivered to procmail - is this not what you expect?
 
Old 07-04-2008, 04:25 AM   #3
haariseshu
Member
 
Registered: Jan 2008
Location: Noida, India
Distribution: RHEL
Posts: 81

Original Poster
Rep: Reputation: 15
Question integrating postfix and ldap

Quote:
Originally Posted by Mr. C. View Post
Your mail is being delivered to procmail - is this not what you expect?
Thankyou for your valuable reply. Actually my ldap should act as a centralized authentication. If i'm having around 20000 users in my org. i can't create all the users at os level. But the ldap will have all users entry. If anybody sending mail to my org. it should refer my ldap for user information and where to drop the mail and etc. But in current scenario if user is not at a os level the mail is bouncing. Then what's the meaning of having ldap(centralized authentication). This is my problem.
First, for this requirement what I have configured is right?
-Hari.
 
Old 07-04-2008, 05:03 AM   #4
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
Your are looking up ldap results for *local* users:

local_recipient_maps = ldap:ldapaliases

Local users are delivered using the local delivery agent, so that would be delivery to system accounts or commands (such as procmail).

You probably want virtual aliases or virtual mailboxes, right ?
 
Old 07-04-2008, 05:03 AM   #5
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
Your are looking up ldap results for *local* users:

local_recipient_maps = ldap:ldapaliases

Local users are delivered using the local delivery agent, so that would be delivery to system accounts or commands (such as procmail).

You probably want virtual aliases or virtual mailboxes, right ?

See this thread for an example of the various mail classes and ldap: http://tech.groups.yahoo.com/group/p...message/239324
 
Old 07-07-2008, 02:57 AM   #6
haariseshu
Member
 
Registered: Jan 2008
Location: Noida, India
Distribution: RHEL
Posts: 81

Original Poster
Rep: Reputation: 15
Exclamation integrating postfix and ldap

Quote:
Originally Posted by Mr. C. View Post
Your are looking up ldap results for *local* users:

local_recipient_maps = ldap:ldapaliases

Local users are delivered using the local delivery agent, so that would be delivery to system accounts or commands (such as procmail).

You probably want virtual aliases or virtual mailboxes, right ?

See this thread for an example of the various mail classes and ldap: http://tech.groups.yahoo.com/group/p...message/239324
Hi Friend,
Thank you for your valuable reply.
I have changed the total configuration as a virtual. I got excitement when i see the mails are getting delivered!!!
But now only the problem is users can't login to the server from client like outlook express. When they are attempting to login it's giving error like:
"Server has rejected your login. Please verify your username and password are correct"
When user login from client, as per ldap log it's searching the user information. But no response from postfix.
Here i'm attaching my new configuration file and log of postfix and ldap while receiving mails.
Thanks a lot...
-Hari.

=========================================================================
main.cf file:

[root@experts ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = ldap:aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
local_recipient_maps = $alias_maps unixasswd.byname $virtual_mailbox_maps
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, $mydomain, $transport_maps
mydomain = panafnet.com
myhostname = experts.panafnet.com
mynetworks = 192.168.117.0/24, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
relay_domains = $mydestination
relayhost = $mydomain
sample_directory = /usr/share/doc/postfix-2.2.10/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_gid_maps = static:120
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_maps = ldap:accounts
virtual_minimum_uid = 125
virtual_uid_maps = static:125
#
#
#LDAP ENTRIES#
aliases_server_host = localhost
aliases_search_base = dc=panafnet,dc=com
aliases_query_filter = (uid=%s)
aliases_result_attribute = uid
aliases_bind = no
#ACCOUNTS
accounts_server_host = localhost
accounts_search_base = dc=panafnet,dc=com
accounts_query_filter = (uid=%s)
accounts_result_attribute = uid
accounts_bind = no
#ACCOUNTS_MAP
accountsmap_server_host = localhost
accountsmap_search_base = dc=panafnet,dc=com
accountsmap_query_filter = (uid=%s)
accountsmap_result_attribute = uid
accountsmap_bind = no
#
#
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_maps = ldap:accounts
virtual_minimum_uid = 125
virtual_uid_maps = static:125
virtual_gid_maps = static:120
local_recipient_maps = $alias_maps
unixasswd.byname $virtual_mailbox_maps

=========================================================================
Logs while receiving mails

postfix log

Jul 7 12:28:18 experts postfix/pickup[4981]: 3B0D6FE015: uid=0 from=<root>
Jul 7 12:28:18 experts postfix/cleanup[4985]: 3B0D6FE015: message-id=<20080707065818.3B0D6FE015@experts.panafnet.com>
Jul 7 12:28:18 experts postfix/qmgr[4931]: 3B0D6FE015: from=<root@panafnet.com>, size=305, nrcpt=1 (queue active)
Jul 7 12:28:18 experts postfix/virtual[4987]: 3B0D6FE015: to=<imvirtual@panafnet.com>, orig_to=<imvirtual>, relay=virtual, delay=0, status=sent (delivered to mailbox)
Jul 7 12:28:18 experts postfix/qmgr[4931]: 3B0D6FE015: removed

=========================================================================
slapd.log
Jul 7 12:28:18 experts slapd[4093]: conn=11 fd=13 ACCEPT from IP=127.0.0.1:32788 (IP=0.0.0.0:389)
Jul 7 12:28:18 experts slapd[4093]: conn=11 op=0 SRCH base="dc=panafnet,dc=com" scope=2 deref=0 filter="(uid=imvirtual@panafnet.com)"
Jul 7 12:28:18 experts slapd[4093]: conn=11 op=0 SRCH attr=uid
Jul 7 12:28:18 experts slapd[4093]: conn=11 op=0 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jul 7 12:28:18 experts slapd[4093]: conn=11 op=1 SRCH base="dc=panafnet,dc=com" scope=2 deref=0 filter="(uid=imvirtual)"
Jul 7 12:28:18 experts slapd[4093]: conn=11 op=1 SRCH attr=uid
Jul 7 12:28:18 experts slapd[4093]: conn=11 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=

=========================================================================
 
Old 07-07-2008, 03:42 AM   #7
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
It seems you've made good progress. Nice work.

For your future reference, when posting postfix config, use postconf -n (it shows the important, non-default values, so we can concentrate on settings that are unique). Also best to show logs of error messages, rather than snippets or interpretation.

For your OE client problem, I don't see any relevant log lines. Are you talking about downloading mail, or sending mail?

I see you are using mbox format mailboxes. Have you considered Maildir instead?

I see you are running a very old version of postfix (postfix-2.2.10). Can you update?

Post your postconf -n output, and any relevant log lines.
 
Old 07-07-2008, 05:44 AM   #8
haariseshu
Member
 
Registered: Jan 2008
Location: Noida, India
Distribution: RHEL
Posts: 81

Original Poster
Rep: Reputation: 15
Unhappy integrating postfix and ldap

Quote:
Originally Posted by Mr. C. View Post
It seems you've made good progress. Nice work.

For your future reference, when posting postfix config, use postconf -n (it shows the important, non-default values, so we can concentrate on settings that are unique). Also best to show logs of error messages, rather than snippets or interpretation.

For your OE client problem, I don't see any relevant log lines. Are you talking about downloading mail, or sending mail?

I see you are using mbox format mailboxes. Have you considered Maildir instead?

I see you are running a very old version of postfix (postfix-2.2.10). Can you update?

Post your postconf -n output, and any relevant log lines.
Thank you Friend.
Last time i have posted the main.cf resulted by postconf -n. But I added the extra lines of Ldap.
As you told i'm talking about the client synchronization to the server for downloading their mails. In order to download their mails from pop3 or imap server they have to login to the server first. For that user have pass their credentials. But here nobody can login to the server.
Also no log is getting generated by postfix. But ldap log is searching for user information as I told you earlier.
I have tried with link you have given to me. But same problem follows...
I think i'm only making a silly mistake somewhere.But i can't trace out.
Here i'm attaching postconf -n result and log of ldap when user trying to login to the server.
Thanks a lot...
-Hari.

=========================================================================
#postconf -m

alias_database = hash:/etc/aliases
alias_maps = ldap:aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
local_recipient_maps = $alias_maps unixasswd.byname $virtual_mailbox_maps
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, $mydomain, $transport_maps
mydomain = panafnet.com
myhostname = experts.panafnet.com
mynetworks = 192.168.117.0/24, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
relay_domains = $mydestination
relayhost = $mydomain
sample_directory = /usr/share/doc/postfix-2.2.10/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_gid_maps = static:120
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_maps = ldap:accounts
virtual_minimum_uid = 125
virtual_uid_maps = static:125

=========================================================================
slapd.log
Jul 7 15:17:06 experts slapd[5606]: conn=5 op=23 SRCH base="dc=panafnet,dc=com" scope=2 deref=0 filter="(uid=imvirtual)"
Jul 7 15:17:06 experts slapd[5606]: conn=5 op=23 SRCH attr=uid userPassword
Jul 7 15:17:06 experts slapd[5606]: conn=5 op=23 SEARCH RESULT tag=101 err=0 nentries=1 text=

=========================================================================
 
Old 07-07-2008, 06:00 AM   #9
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
What protocol are you using to allow clients to download email? POP3 ? IMAP ?

LDAP authenicates a user's credentials. It does not handle POP3 nor IMAP mailboxes
 
Old 07-07-2008, 06:06 AM   #10
haariseshu
Member
 
Registered: Jan 2008
Location: Noida, India
Distribution: RHEL
Posts: 81

Original Poster
Rep: Reputation: 15
Question

Quote:
Originally Posted by Mr. C. View Post
What protocol are you using to allow clients to download email? POP3 ? IMAP ?

LDAP authenicates a user's credentials. It does not handle POP3 nor IMAP mailboxes
Thank you for your reply.
I'm using imap protocol. Can't ldap manage just to pass user credentials when they are login to the server?
-Hari.
 
Old 07-07-2008, 06:06 AM   #11
haariseshu
Member
 
Registered: Jan 2008
Location: Noida, India
Distribution: RHEL
Posts: 81

Original Poster
Rep: Reputation: 15
Question integrating postfix and ldap

Quote:
Originally Posted by Mr. C. View Post
What protocol are you using to allow clients to download email? POP3 ? IMAP ?

LDAP authenicates a user's credentials. It does not handle POP3 nor IMAP mailboxes
Thank you for your reply.
I'm using imap protocol. Can't ldap manage just to pass user credentials when they are login to the server?
-Hari.
 
Old 07-07-2008, 06:09 AM   #12
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
I believe it can.
 
Old 07-07-2008, 06:26 AM   #13
haariseshu
Member
 
Registered: Jan 2008
Location: Noida, India
Distribution: RHEL
Posts: 81

Original Poster
Rep: Reputation: 15
Smile integrating postfix and ldap

Quote:
Originally Posted by Mr. C. View Post
I believe it can.
Thank you.
can you suggest hw to do it or pl give any docs link thru which I can try as I told you.
-Hari.
 
Old 07-08-2008, 03:50 AM   #14
haariseshu
Member
 
Registered: Jan 2008
Location: Noida, India
Distribution: RHEL
Posts: 81

Original Poster
Rep: Reputation: 15
Question error on dovecot login

Hi friend,
I have configured postfix, saslauthd and dovecot in such a way to listen only the ldap. My postfix, saslauthd are verifying ldap and doing the things well. User can send mail with saslauthd function.
But when user from client like outlook express can't download their mail. When they attemting to login it's giving error like:
Serer closed the connection. Also their is a error log from dovecot regarding uid prob. But i'm not getting. Here i'm attaching that error log and dovecot configuration.
Pl help me to trace out what is wrong?!
Thank a lot...
-Hari.
=========================================================================
dovecot.conf parameters
protocols = imap pop3
imap_listen = [::]
pop3_listen = [::]
disable_plaintext_auth = no
login_dir = /var/run/dovecot-login
login_user = dovecot
first_valid_uid = 101
last_valid_uid = 101
first_valid_gid = 101
last_valid_gid = 101
auth = default
auth_mechanisms = plain
auth_userdb = ldap /etc/dovecot-ldap.conf
auth_passdb = ldap /etc/dovecot-ldap.conf
auth_executable = /usr/libexec/dovecot/dovecot-auth
auth_user = dovecot-auth

=========================================================================
dovecot-ldap.conf file
hosts = localhost
dn = cn=Manager,dc=panafnet,dc=com
dnpass = hcl123
ldap_version = 3
base = dc=panafnet,dc=com
deref = never
scope = subtree
user_attrs = uid,userPassword
user_filter = (&(uid=%u))
pass_attrs = uid,userPassword
pass_filter = (&(uid=%u))
default_pass_scheme = PLAIN
user_global_uid = 101
user_global_gid = 101

=========================================================================
Error log (maillog)
Jul 8 13:06:08 experts imap-login: Login: seshan [::ffff:192.168.117.25]
Jul 8 13:06:08 experts dovecot: chdir(seshan) failed with uid 101: Permission denied
Jul 8 13:06:08 experts dovecot: child 5939 (imap) returned error 89

=========================================================================
slapd.log retriving user info while login
Jul 8 13:06:07 experts slapd[5652]: conn=8 op=1 SRCH base="dc=panafnet,dc=com" scope=2 deref=0 filter="(&(uid=seshan))"
Jul 8 13:06:07 experts slapd[5652]: conn=8 op=1 SRCH attr=uid userPassword
Jul 8 13:06:08 experts slapd[5652]: conn=8 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 8 13:06:08 experts slapd[5652]: conn=8 op=2 SRCH base="dc=panafnet,dc=com" scope=2 deref=0 filter="(&(uid=seshan))"
Jul 8 13:06:08 experts slapd[5652]: conn=8 op=2 SRCH attr=uid userPassword
Jul 8 13:06:08 experts slapd[5652]: conn=8 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=

=========================================================================
 
Old 07-08-2008, 04:11 AM   #15
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
Quote:
Jul 8 13:06:08 experts dovecot: chdir(seshan) failed with uid 101: Permission denied
Fix this. The permissions are incorrect.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Integrating LDAP with postfix mailserver aravind1024004 Linux - Server 8 04-15-2008 07:49 AM
Integrating ldap, dns and dhcp Blue_Ice Linux - Server 3 10-22-2007 07:21 AM
LXer: Integrating amavisd-new Into Postfix For Spam- And Virus-Scanning LXer Syndicated Linux News 0 03-18-2007 11:46 AM
Ldap for postfix jkmartha Linux - Software 1 05-14-2005 10:46 PM
integrating WEBDAV and LDAP apache modules jasongonella Linux - Networking 0 10-30-2001 05:51 AM


All times are GMT -5. The time now is 08:50 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration