Novell Home

Using eDirectory to Manage Access to Postfix

Novell Cool Solutions: Trench
By Tony Casciato

Digg This - Slashdot This

Posted: 19 Feb 2003
 

The Problem

Using eDirectory to provide real-time userid pass/fail to an open-source e-mail program Postfix using OpenLDAP.

The Solution

We have two UNIX based e-mail re-direction servers running Postfix (open source software) for our 1,500 GroupWise users. I use OpenLDAP on those servers to query eDirectory on our GroupWise 6 server and check for the userid as it comes in from the Internet.

eDirectory confirms/denies that this GroupWise user exists, then provides the routing info that the e-mail should go to. This way, adds/changes/deletes are done through ConsoleOne and are real-time.

The old way was to manually edit an alias flat-file, which quickly became outdated.

We can also block e-mail from the internet to certain users by populating the 'Mail' field in NDS with 'NONE' - all without touching GroupWise on the inside.

From the Postfix main.cf file:

alias_maps = ldap:ldap_nds
alias_database = ldap:ldap_nds
ldap_nds_timeout = 90
ldap_nds_search_base = o=WC
ldap_nds_server_host = ldaptree
ldap_nds_server_port = 389
ldap_nds_query_filter = (&(ngwobjectid=%s)(!(mail=none)))
ldap_nds_result_attribute = ngwobjectid
ldap_nds_result_filter = %s@w5.waukeshacounty.gov

(w5 is an alias to the real GW6 server inside the firewall)

If you have questions about this solution, you can e-mail Tony at tcasciatoTAKETHISOUT@waukeshacounty.gov


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell