PPoossttffiixx LLDDAAPP HHoowwttoo

-------------------------------------------------------------------------------

PPoossttffiixx  LLDDAAPP ݡ

Postfix ϰʲθΥȤ LDAP ǥ쥯ȥȤȤǤޤ:
aliases(5)virtual(5)canonical(5) ʤɡˤ᡼륵ӥФ
򡢤٤ʣ줿ͥåȥǡ١
ݻ뤳ȤǤޤ᡼륵Ф˥ݴɤʤȤǡ
ԤϤɤǤǤ桼ϤʤŬڤȻפξ
ǤޤäݤʤȤʤγƥФؤΥԡ٤뤳Ȥ
ʤˡƱȤäʣΥ᡼륵ФĤȤǤޤ

ΥɥȤСƤ:

  * LDAP ݡդǤ Postfix ι
  * LDAP 
  * : ꥢ
  * : Сɥᥤ/ɥ쥹
  * LDAP ¾ˡ
  * ȹθ٤
  * եɥХå
  * 쥸å

LLDDAAPP ݡդǤ PPoossttffiixx ι

 1: Postfix ϤǤ LDAP С 1 󥿡ե򥵥ݡȤ
ޤ

 2: Debian GNU/Linux  Postfix  LDAP Ȥˤϡpostfix-ldap
ѥå򥤥󥹥ȡ뤹ǽǤPostfix ƥѥ뤹
ɬפϤޤ

LDAP 饤֥ȥ󥯥롼ɥե뤬ƥΤɤ˥󥹥ȡ뤵Ƥ
ɬפꡢޤ˹碌 Postfix Makefile ꤹɬפޤ

㤨СPostfix ǻѤ뤿 (Ĥޤ LDAP 饤ȥɤ)
OpenLDAP 饤֥ӥɤˤϡʲΤ褦ʥޥɤȤޤ:

    % ./configure  --without-kerberos --without-cyrus-sasl --without-tls \
        --without-threads --disable-slapd --disable-slurpd \
        --disable-debug --disable-shared

UM distribution (http://www.umich.edu/~dirsvcs/ldap/ldap.html) ޤ OpenLDAP
(http://www.openldap.org) Υ饤֥ȤΤǤСPostfix ĥ꡼
ȥåץ٥ǼΤ褦ˤޤ:

    % make tidy
    % make makefiles CCARGS="-I/usr/local/include -DHAS_LDAP" \
        AUXLIBS="-L/usr/local/lib -lldap -L/usr/local/lib -llber"

Solaris 2.x Ǥϡ󥿥󥯾ꤹɬפ뤫⤷ޤ
ʤȡld.so ϥɥ饤֥ΰ򸫤ĤʤǤ礦:

    % make tidy
    % make makefiles CCARGS="-I/usr/local/include -DHAS_LDAP" \
        AUXLIBS="-L/usr/local/lib -R/usr/local/lib -lldap \
                -L/usr/local/lib -R/usr/local/lib -llber"

'make tidy' ޥɤϰ Postfix  LDAP ݡȤʤ˥ӥɤ
ΤɬפǤ

'/usr/local'  LDAP 󥯥롼ɥե饤֥μºݤξ
ꤷޤۤʤС LDAP 󥯥롼ɥե LDAP 饤֥
ʤ褦˵ĤƤ!!

LDAP 饤֥꤬ Kerberos ݡդǥӥɤƤ顢ιԤ Kerberos
饤֥ޤɬפޤKTH Kerveros IV 饤֥ dns_lookup 
Ƥ Postfix  lib/libdns.a ȶ礹뤫⤷ʤΤդ
ˤ Kerberos  LDAP ФؤΥХɤ򥵥ݡȤʤᡢ
礬ä顢Postfix ӥɤ뤿 Kerberos ݡȤʤ LDAP
饤֥ȥ󥯤Ȼפ⤷ޤ󡣤Ǥ򤪤ޤ

Netscape LDAP SDK Τɤ줫ȤΤǤСAUXLIBS Ԥ libldap10.so 
libldapssl30.so äƤΤ褦ѹɬפꡢޤ¹
ե뤬¹Իˤ򸫤Ĥ뤳ȤǤ褦ˡŬڤʥ󥫥ץ
(e.g. '-R') Ȥɬפޤ

LLDDAAPP 

LDAP ȤˤϡʤȤĤ LDAP  main.cf θơ֥Ȥ
ޤ:

    alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf

/etc/postfix/ldap-aliases.cf ˤ LDAP SSL  STARTTLS ͭˤ褦
ѥ᡼ޤơ̤Υѥ᡼ꤹ뤳ȤǤޤʵҤ
ldap_table(5) ޥ˥奢ڡ򻲾ȤƤ

:: llooccaall((88)) ꥢ

Ǥ local(8) ꥢ򸡺Τ LDAP ȤŪ򼨤ޤ
main.cf ˼Τ褦ʹԤȤޤ:

    alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf

 ldap:/etc/postfix/ldap-aliases.cf ϰʲΤ褦ˤʤäƤȤޤ:

    server_host = ldap.my.com
    search_base = dc=my, dc=com

/etc/aliases ǡ١˸Ĥʤ륢ɥ쥹 "ldapuser" Υ᡼
ȡPostfix ldap.my.com Υݡ 389 ԤäƤ LDAP Ф
ޤƿ̾ǥХɤmailacceptinggeneralid ° "ldapuser" Ǥ
ǥ쥯ȥꥨȥ򸡺ĤäΤ "maildrop" °ɤ߹ߡ
å RFC822 ɥ쥹Ȥư maildrop ΥꥹȤ
ۤޤ

:: Сɥᥤ//ɥ쥹

С븡ξǥ쥯ȥ¸ϡʣǤޤ
Postfix СɥᥤˤĤΤäƤ뤫Τɬפޤ
δñˡϡɥᥤǥ쥯ȥΤ줫Υȥ
mailacceptinggeneralid °˲ä뤳ȤǤˡƤΥСԤ
mailacceptinggeneralid °СɥᥤδˤʤäƤ뤳Ȥ
ΤޤǸˡǥ쥯ȥꥨȥСɥᥤΥǥե
桼ȤƻؤΤǤСΥȥˤ "@virtual.dom" 
mailacceptinggeneralid (ޤϥǥ쥯ȥƱΤ)Ϳޤ
桼ʬϤޤ󡣤ʤǤ桼ʤСΥƥåפ
άȡΥɥᥤΤʤ桼ñ˥Х󥹤ޤ

ޤȤȡΤ褦˸СɥᥤƤΥɥ쥹
桼Ĥ⤷ޤ:

         dn: cn=defaultrecipient, dc=fake, dc=dom
         objectclass: top
         objectclass: virtualaccount
         cn: defaultrecipient
         owner: uid=root, dc=someserver, dc=isp, dc=dom
    1 -> mailacceptinggeneralid: fake.dom
    2 -> mailacceptinggeneralid: @fake.dom
    3 -> maildrop: realuser@real.dom

    1: Postfix  fake.dom õƲ (maildrop) ֤äƤȤˤ줬
       ͭʥСɥᥤǤ뤳ȤΤޤ

    2: ΤȤˤꡢfake.dom Τʤ桼Τʤ᡼⤳
       ȥ˹Ԥޤ...

    3: ...  maildrop ˹Ԥޤ

̤Υ桼ñ˰Ĥ mailacceptinggeneralid  maildropĤޤ
"normaluser@fake.dom"  "normaluser@real.dom" ĤǤ礦

LLDDAAPP ¾¾ˡˡ

¾˰Ū LDAP ˡȤƤϡ㤨Х᡼뤬
"userid@site.dom"  "First.Last@site.dom" 褿褦
褦ˤ뤿ΡPostfix  canonical ǤԤԤ
񤭴ޤ

ȹθθ٤

  * ΥɥȤ˻ȤƤäȤޤ°̾ñʤǤ
    Ĥ LDAP ѥ᡼ΥǥեȤǤȤʳä˰̣
    ޤ󡣹ʥޤȤäơ˹碌 Postfix ꤷ
    

  * mailacceptinggeneralids ˡǤ뤳Ȥ䡢ï⤬ postmaster  root
    ȤƻǤ櫓ǤϤʤȤǧ⤷ޤ

  * 1ĤΥȥǤդο mailacceptinggeneralids ޤ maildrops 
    ĤȤǤޤmaildrops ϥޤǶڤ줿ɥ쥹ΥꥹȤ
    ȤޤƸˤ긫Ĥ졢֤ޤ㤨СΤ褦
    ᡼󥰥ꥹȤȤƻȤΥȥǤޤ
    (ٹ Τ˺줿ޤǤ):

        dn: cn=Accounting Staff List, dc=my, dc=com
        cn: Accounting Staff List
        o: my.com
        objectclass: maillist
        mailacceptinggeneralid: accountingstaff
        mailacceptinggeneralid: accounting-staff
        maildrop: mylist-owner
        maildrop: an-accountant
        maildrop: some-other-accountant
        maildrop: this, that, theother

  * LDAP ޥåפ򥨥ꥢʳθ˻ȤΤǤС˰̣뤳Ȥ
    ΤʤФʤ⤷ޤvirtual ξ硢᡼륢ɥ쥹
    ʳ maildrops ϡPostfix ץեνͭԤ򥻥åȤ
    ˡΤ뤳ȤʤΤǡۤȤɰ̣ޤqquueerryy__ffiilltteerr 
    餯Τ褦ˤ٤Ǥ礦:

        query_filter = (&(mailacceptinggeneralid=%s)(!(|(maildrop="*|*")
        (maildrop="*:*")(maildrop="*/*"))))

  * Ƥ˴ؤơä˥ꥢФƤ⡢ץ include ʤ
    Ȥƥ桼 maildrops Ǥʤ褦ˤ⤷ޤ󡣤
    ŵŪˤ UNIX 륢Ȥ LDAP  Cyrus ˥桼
    ¸ߤ롢̩Ĥ줿ФŬڤ⤷ޤ󡣴ԥȤͭ
    ǥ쥯ȥꥨȥ˳ڤȤĤ⤷ޤ󤷡η̡
    ˥֥Ȥ켫Ȥ maildrop ȤƤΥץäƤ
    "cn=root" ˤͭƤʤȤƤ⡢ͭʥ桼Ȥ
    ֤뤳ȤϤޤ󡣤ΤȤˤꡢʤʬ˰˼
    ˡΥפФƤ餫ιθɬפǤ
    LDAP ̵̤Ѥ路˲ͤʤ qquueerryy__ffiilltteerr Ƕػߤ
    majordomo ꥹȤΥ륨ꥢǡ١Τ褦˰ݻ褦
    뤫Τޤ

        query_filter = (&(mailacceptinggeneralid=%s)(!(|(maildrop="*|*")
        (maildrop="*:*")(maildrop="*/*"))(owner=cn=root, dc=your, dc=com)))

  * LDAP ϥ DB  DBM ٤ǤۤȤɤΥȤǤ
    줬ܥȥͥåȤʤ뤳ȤϤʤǤ礦ǥ쥯ȥꥵӥ
    ĴˡΤäƤΤϤ褤ͤǤ

  * ʲΥϢѥ᡼Τߤۤʤ硢ʣ LDAP ޥåפƱ LDAP
    ³ͭޤ: basescopequery_filter ʤɡѤˤϡ
    LDAP ޥåפǸä㤤򤱤Ƥ: ۥȤ
    Сbindtls ѥ᡼... ϤǤʣΥޥåפ
    Ʊˤ٤Ǥ

եɥХå

䤬Сpostfix-users@postfix.org äƤˤϤʤ
Postfix åȥåפ˴ϢޤƤ: postconf  LDAP Ϣ
ϡӥɤ˻Ȥä LDAP 饤֥μࡢȤäƤǥ쥯ȥꥵС
˥ǥ쥯ȥƤޤޤΤǤСǥ쥯ȥꥨȥΤ
ƤϤޤΤޤƤ

쥸å

  * Manuel Guesdon: ॢ°˴ؤХȯ
  * John Hensley: ¿ǽ°ʣ LDAP Υ
  * Carsten Hoeger: פΰ
  * LaMont Jones: ɥᥤ¡URL  DN Υʣη°
  * Mike Mattice: ꥢλȳ档
  * Hery Rakotoarisoa: LDAPv3 ؤΥåץǡȤΥѥå
  * Prabhat K Singh:  Postfix LDAP ³åεҡ
  * Keith Stevenson: Ǥ RFC 2254 ס
  * Samuel Tardieu: ˥磻ɥɤޤޤǽ˵ŤRFC 2254
    λŻ¥Хǥ󥰤ΥХȯ
  * Sami Haahtinen: Referral chasing  v3 ݡȡ
  * Victor Duchovni: ldap_bind() ॢȡLaMont Jones ν:
    OpenLDAP åԺѡƵŸ̤Υ¡
    ѥ᡼ΤߤۤʤޥåפǤ LDAP ³ζͭ
  * Liviu Daia: SSL/STARTTLS Υݡȡޥåγե
    (ldap:/path/ldap.cf) ؤ¸򥵥ݡȤˤϡ plain ǧڤǥѥɤ
    ¸ɬפޤ
  * Liviu Daia ꥤ󥿡եmain.cf 굡ǽɲäޤ
  * Liviu Daia  LDAP  MySQLPostgreSQL ǥꡢ̤Υեޥåȡ
    ɥᥤŸ¤Ȥä̤Υ󥿡եȯJose Luis Tallon
     Victor Duchovni ˲ޤ

Ƥ Wietse

