Raimund Eimann wrote:
> Hi,
>
> maybe it's me having completely weird ideas, but the existing Google
> results for "postfix ldap howto" are not very satisfactory for me:
>
> All I would like to do is to have a separate user base (stored in LDAP)
> from /etc/{passwd/shadow} on my Linux box for all email-related issues. So
> far I was always annoyed that the default setup of Postfix (openSuSE,
> dunno about other distros) uses /etc/passwd to look up users, because that
> means evry added mail-user automatically also becomes an SSH user (for
> instance) without me intending this. This becomes particularly tricky if
> such a user pick "secret" as his/her password.
>
> What I find in the howto(s) are discussions about alias mapping via LDAP
> or setting up some catchall user or setting up mail distribution groups.
> Far too advanced for me. All I want is LDAP user lookup for incoming mail
> and user authentication for outgoing mail. Ideally, I would like to use
> two different branches of the LDAP tree for OS logins and mail logins.
>
> Either the info how to do this is very well hidden, or I'm looking for the
> wrong keywords, or my idea is so strange that no one's ever done such
> nonsense before (hence the apparent lack of documentation), or I simply
> missed the right spots in the howto(s).
>
> I turn to this group with some questions:
>
> a) is my idea completely crazy so that I should not do this at all?
> b) hoping for a "no" in a):
> can someone here point me into the right direction/docs?
> c) if someone did this before, can I snaffle some config snippets?
>
It sounds like you may want a Virtual Mailbox setup.
The local transport is to support local users (i.e. shell accounts)
Try reading the following document to understand what you want.
http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox
If you really want local users to be looked up via LDAP, this is
possible with a table lookup in local_recipient_maps.
Virtual Mailbox can be more flexible in this case since you do not
require a user to be created in the system to be valid.
A simple addition to LDAP (or other lookup) would let their mail start
flowing.
