当前设置
作为此设置的一部分,我为每个允许用户访问的主机提供主机属性(或者只是允许访问所有主机的*).我在我的ldap客户端上使用它来授予或拒绝访问特定主机.与每个用户相关联的还有他们在mail属性中的公司电子邮件地址.下面给出了用户的示例LDIF:
dn: uid=auser,ou=People,dc=example,dc=com cn: A User displayname: A User gecos: A User gidnumber: 1011 givenname: A homedirectory: /home/auser host: host1 host: host2 host: host3 host: host4 mailacceptinggeneralid: root loginshell: /bin/bash mail: a.user@example.com objectclass: inetOrgPerson objectclass: posixAccount objectclass: shadowAccount objectclass: hostObject objectclass: postfixUser objectclass: top sn: User uid: auser uidnumber: 1001
我有一个/etc/postfix/ldap-aliases.cf文件,其中包含以下内容以实现此目的:
server_host = ldap.example.com search_base = dc=example,dc=com # look for entries with this query_filter = (|(uid=%s)(mailacceptinggeneralid=%s)(mail=%s@example.com)) # what attribute from the search result is returned result_attribute = mail # the format in which the result is returned result_format = %s
此配置到目前为止工作,并通过以下postmap命令确认返回我期望的地址:
# A query using the uid of the user postmap -q auser ldap:/etc/postfix/ldap-mail.cf a.user@example.com # A query using the corporate username postmap -q a.user ldap:/etc/postfix/ldap-mail.cf a.user@example.com # A query for a user specified in mailacceptinggeneralid postmap -q root ldap:/etc/postfix/ldap-mail.cf a.user@example.com
有权访问主机的用户的Postfix查找
我希望能够发送电子邮件到users@host2.example.com,并为所有有权访问host2的用户从LDAP中提取地址(即主机属性设置为host2或*.这是我需要的地方一些帮助.
到目前为止,我有一个文件/etc/postfix/ldap-host-users.cf,其中包含:
server_host = ldap.example.com search_base = dc=example,dc=com query_filter = (|(host=%3)(host=\*)) result_attribute = mail result_format = %s
它假定查询包含FQDN,但我认为postfix只使用用户名(可能是因为我在/etc/postfix/main.cf中使用了alias_maps?).无论如何,测试上面的:
postmap -q users@host2.example.com ldap:/etc/postfix/ldap-host-users.cf a.user@example.com # The following also returns a list of email addresses,but shouldn't: postmap -q any_group@host2.example.com ldap:/etc/postfix/ldap-host-users.cf a.user@example.com
postconf -n输出
alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases,ldap:/etc/postfix/ldap-mail.cf,ldap:/etc/postfix/ldap-host-users.cf append_dot_mydomain = no biff = no config_directory = /etc/postfix inet_interfaces = all inet_protocols = all mailBox_size_limit = 0 mydestination = $myhostname,localhost.example.com,localhost myhostname = host2.example.com mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 readme_directory = no recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes
问题
> postfix仅使用本地用户名查询,并且在查询中不包含FQDN吗?
>这是因为我在/etc/postfix/main.cf中使用了alias_maps吗?
>我可以以某种方式检查查询的用户名部分是否为用户,如果是其他内容则不返回任何内容?
例如在query_filter中,我可以执行类似%u =“users”的操作吗?
>有没有更好/不同的方法来实现这一目标?
1. Does postfix only query using the local username and doesn’t include the FQDN in the query? Is this because I’m using
alias_mapsin/etc/postfix/main.cf?
是的,根据alias_maps文档,我们需要参考man 5 aliases来了解语法细节.
The name is a local address (no domain part). Use double quotes when the name contains any special characters such as whitespace,
#',:’,
or `@’. The name is folded to lowercase,in order to make database lookups case insensitive.
所以,这是postfix的预期行为.
3. Is there a better/different way to achieve this?
使用virtual_alias_maps.根据Confused about alias_maps and virtual_alias_maps的答案,virtual_alias_maps将“user @ domain”作为输入.
