[Freeipa-users] Getting virtual aliases and domains via freeipa with Postfix
Stephen Ingram
sbingram at gmail.com
Wed Oct 31 22:20:50 UTC 2012
On Tue, Oct 30, 2012 at 6:34 PM, Peter Brown <rendhalver at gmail.com> wrote:
> Hi everyone,
>
> I have been trying to work out how to achieve this.
> I have freeipa 3.0.0 setup on a Fedora 18 server and I have postfix and
> dovecot on my new mail server authenticating against Freeipa.
> One last thing I would love to do it pull down the virtual users and aliases
> for the domains my mailserver will be serving from freeipa.
> Is this possible?
> Is this all automatic due to sssd looking up the user details in the ds?
> Does it do the same for domains and email aliases or will I need extra
> lookups to achieve this.
I've recently built an entire mail system around FreeIPA and it works
great. There are two parts to be concerned with:
1. Authentication - With Postfix, this is handled by saslauthd which
can authenticate against Kerberos (using or not using sssd). I used
Cyrus-IMAP for the mailstore which also uses saslauthd. Doveccot has
it's own sasl built in which can authenticate against Kerberos or
LDAP, thus it should work with IPA.
2. Configuration - With Postfix, you can set all different areas (e.g.
virtual, aliases, etc.) to use LDAP lookup of configuration
information. You are typically searching for the email address (mail
attribute in IPA) and your search will generally return the userid
(uid attribute) of where the mail is to be stored. I don't believe
that Dovecot or Cyrus-IMAP have any way of maintaining any
configuration in LDAP so you generally have to setup mailboxes and
authorization information by hand using their tools.
Steve
More information about the Freeipa-users
mailing list