Using eDirectory to Manage Access to Postfix
Novell Cool Solutions: Trench
By Tony Casciato
Digg This -
Posted: 19 Feb 2003
Using eDirectory to provide real-time userid pass/fail to an open-source e-mail program Postfix using OpenLDAP.
We have two UNIX based e-mail re-direction servers running Postfix (open source software) for our 1,500 GroupWise users. I use OpenLDAP on those servers to query eDirectory on our GroupWise 6 server and check for the userid as it comes in from the Internet.
eDirectory confirms/denies that this GroupWise user exists, then provides the routing info that the e-mail should go to. This way, adds/changes/deletes are done through ConsoleOne and are real-time.
The old way was to manually edit an alias flat-file, which quickly became outdated.
We can also block e-mail from the internet to certain users by populating the 'Mail' field in NDS with 'NONE' - all without touching GroupWise on the inside.
From the Postfix main.cf file:
alias_maps = ldap:ldap_nds alias_database = ldap:ldap_nds ldap_nds_timeout = 90 ldap_nds_search_base = o=WC ldap_nds_server_host = ldaptree ldap_nds_server_port = 389 ldap_nds_query_filter = (&(ngwobjectid=%s)(!(mail=none))) ldap_nds_result_attribute = ngwobjectid ldap_nds_result_filter = %email@example.com
(w5 is an alias to the real GW6 server inside the firewall)
If you have questions about this solution, you can e-mail Tony at tcasciatoTAKETHISOUT@waukeshacounty.gov
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com