ubuntu – 将postfix与LDAP集成到具有特定主机访问权限的eMail用户

前端之家收集整理的这篇文章主要介绍了ubuntu – 将postfix与LDAP集成到具有特定主机访问权限的eMail用户前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我在Ubuntu 14.04(slapd 2.4.31-1)下安装了openLDAP v3,安装了PHPldapadmin,sudo-ldap和其他软件包.我正在尝试将postfix与LDAP集成,因此我可以将电子邮件发送到users@host2.example.com或users@host10.example.com.

当前设置

作为此设置的一部分,我为每个允许用户访问的主机提供主机属性(或者只是允许访问所有主机的*).我在我的ldap客户端上使用它来授予或拒绝访问特定主机.与每个用户相关联的还有他们在mail属性中的公司电子邮件地址.下面给出了用户的示例LDIF:

dn: uid=auser,ou=People,dc=example,dc=com
cn: A User
displayname: A User
gecos: A User
gidnumber: 1011
givenname: A
homedirectory: /home/auser
host: host1
host: host2
host: host3
host: host4
mailacceptinggeneralid: root
loginshell: /bin/bash
mail: a.user@example.com
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: shadowAccount
objectclass: hostObject
objectclass: postfixUser
objectclass: top
sn: User
uid: auser
uidnumber: 1001

LDAP中用户电子邮件地址的Postfix查找

我有一个/etc/postfix/ldap-aliases.cf文件,其中包含以下内容以实现此目的:

server_host = ldap.example.com
search_base = dc=example,dc=com

# look for entries with this
query_filter = (|(uid=%s)(mailacceptinggeneralid=%s)(mail=%s@example.com))

# what attribute from the search result is returned
result_attribute = mail

# the format in which the result is returned
result_format = %s

此配置到目前为止工作,并通过以下postmap命令确认返回我期望的地址:

# A query using the uid of the user
postmap -q auser ldap:/etc/postfix/ldap-mail.cf
a.user@example.com

# A query using the corporate username
postmap -q a.user ldap:/etc/postfix/ldap-mail.cf
a.user@example.com

# A query for a user specified in mailacceptinggeneralid
postmap -q root ldap:/etc/postfix/ldap-mail.cf
a.user@example.com

有权访问主机的用户的Postfix查找

我希望能够发送电子邮件到users@host2.example.com,并为所有有权访问host2的用户从LDAP中提取地址(即主机属性设置为host2或*.这是我需要的地方一些帮助.

到目前为止,我有一个文件/etc/postfix/ldap-host-users.cf,其中包含:

server_host = ldap.example.com
search_base = dc=example,dc=com
query_filter = (|(host=%3)(host=\*))
result_attribute = mail
result_format = %s

它假定查询包含FQDN,但我认为postfix只使用用户名(可能是因为我在/etc/postfix/main.cf中使用了alias_maps?).无论如何,测试上面的:

postmap -q users@host2.example.com ldap:/etc/postfix/ldap-host-users.cf
a.user@example.com

# The following also returns a list of email addresses,but shouldn't:
postmap -q any_group@host2.example.com ldap:/etc/postfix/ldap-host-users.cf
a.user@example.com

postconf -n输出

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases,ldap:/etc/postfix/ldap-mail.cf,ldap:/etc/postfix/ldap-host-users.cf
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
inet_protocols = all
mailBox_size_limit = 0
mydestination = $myhostname,localhost.example.com,localhost
myhostname = host2.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

问题

> postfix仅使用本地用户名查询,并且在查询中不包含FQDN吗?

>这是因为我在/etc/postfix/main.cf中使用了alias_maps吗?

>我可以以某种方式检查查询用户名部分是否为用户,如果是其他内容则不返回任何内容
例如在query_filter中,我可以执行类似%u =“users”的操作吗?
>有没有更好/不同的方法来实现这一目标?

一些部分答案:

1. Does postfix only query using the local username and doesn’t include the FQDN in the query? Is this because I’m using alias_maps in /etc/postfix/main.cf?

是的,根据alias_maps文档,我们需要参考man 5 aliases来了解语法细节.

The name is a local address (no domain part). Use double quotes when the name contains any special characters such as whitespace,#',:’,
or `@’. The name is folded to lowercase,in order to make database lookups case insensitive.

所以,这是postfix的预期行为.

3. Is there a better/different way to achieve this?

使用virtual_alias_maps.根据Confused about alias_maps and virtual_alias_maps的答案,virtual_alias_maps将“user @ domain”作为输入.

猜你在找的Ubuntu相关文章