G'day,
I have a Postfix+Dovecot+LDAP set up with multi-level sub-domains. I had
no problem setting Dovecot up for this environment with the '%D' config
variable modifier.
*
https://doc.dovecot.org/configuration_manual/config_file/config_variables/#modifiers
*
https://github.com/dovecot/core/blob/6ec7c04b43b3a31dc9dcf57d1bdeec121f81d13e/src/lib/var-expand.c#L129
It's a simple modifier that substitutes all the dots in the string to
",dc=".
For the sake of explanation, here's an example of the multi-level
subdomains:
@startwbs
* dc=example,dc=com
** dc=admin,dc=example,dc=com
*** dc=hr,dc=admin,dc=example,dc=com
*** dc=accounting,dc=admin,dc=example,dc=com
** dc=legal,dc=example,dc=com
** dc=dev,dc=example,dc=com
*** dc=this-proejct,dc=dev,dc=example,dc=com
*** dc=that-project,dc=dev,dc=example,dc=com
** dc=marketing,dc=example,dc=com
*** dc=domestic,dc=marketing,dc=example,dc=com
*** dc=overseas,dc=marketing,dc=example,dc=com
@endwbs
I fail to see the way to have just one set of ldap_table cf config files
for the Postfix set up. I know I could use %[1-9] modifier to configure
subdomains up to 9 levels from the root. But this means I'd have to
manage 9 different sets of cf files.
search_base = dc=%1,dc=%2,dc=%3 ...
With '%l' expansion I propose, I can have just one set of cf files to
serve all the subdomains. Here's an example:
# Use the regexp config to restrict the use of this ldap cf to certain
domains
domain = regexp:domain-regexp.cf
# Connection info
version = 3
server_host = ldapi:///
bind = sasl
sasl_mechs = EXTERNAL
*search_base = dc=%l*
query_filter = (&(objectClass=x-your-mailbox-class)(mail=%s))
result_attribute = mail
In domain-regexp.cf:
# Match the root domain and its subdomains. The "OK" is just a placeholder as
# this regexp_table is not used for mapping.
/^(([a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?\.)+)?example\.com$/ OK
With these, you can serve example.com and all of its subdomains as long
as the directory follows the same "dc=" structure. You can use the
regexp_table to filter out certain subdomains if you'd like. (domain= is
such a neat filter. I wish Dovecot had something similar for
userdb/passdb driver)
Attached is the draft implementation of '%l'. I couldn't figure out how
to fit this in properly as I'm not familiar with the structure of
_expand() and _parse(). I implemented it in db_common_parse() and
db_common_expand(), but I don't like this approach since the '%l' is
only relevant to ldap_table. But implementing separate functions just
for ldap_table is way above my payroll, so I just decided to implement
it in those two functions.
And here's the wording for proto docs.
# .IP "\fB%l\fR"
# When the input key is an address of the form user@domain, \fB%l\fR
# is replaced by the (RFC 4514) LDAP DN representation of the domain
# part of the address using the (RFC 4519) 'dc' attribute. The value
# of each 'dc' attribute is (QUOTE_STYLE) quoted. For example, the
# input key"u...@sub.domain.org" is replaced by "sub,dc=domain,dc=org".
# Otherwise, the search is suppressed and returns no results.
Regards,
Davo
diff --git a/postfix/src/global/db_common.c b/postfix/src/global/db_common.c
index 15e7a1c1..deb6b89d 100644
--- a/postfix/src/global/db_common.c
+++ b/postfix/src/global/db_common.c
@@ -207,6 +207,11 @@ int db_common_parse(DICT *dict, void **ctxPtr, const char *format, int query
: DB_COMMON_VALUE_USER;
dynamic = 1;
break;
+ case 'l':
+ /* Always use parts to compose DN */
+ if (ctx->nparts == 0)
+ ctx->nparts = 1;
+ /* FALLTHROUGH */
case 'd':
ctx->flags |=
query ? DB_COMMON_KEY_DOMAIN | DB_COMMON_KEY_PARTIAL
@@ -399,6 +404,13 @@ int db_common_expand(void *ctxArg, const char *format, const char *value,
else \
vstring_strcat(buf, v); \
} while (0)
+#define PANIC_DFLAG() \
+ if (!(ctx->flags & dflag)) \
+ msg_panic("%s: %s: %s: bad query/result template context", \
+ myname, ctx->dict->name, format); \
+ if (!vdomain) \
+ msg_panic("%s: %s: %s: expanding domain-less key or value", \
+ myname, ctx->dict->name, format);
/*
* Replace all instances of %s with the address to look up. Replace %u
@@ -427,15 +439,19 @@ int db_common_expand(void *ctxArg, const char *format, const char *value,
break;
case 'd':
- if (!(ctx->flags & dflag))
- msg_panic("%s: %s: %s: bad query/result template context",
- myname, ctx->dict->name, format);
- if (!vdomain)
- msg_panic("%s: %s: %s: expanding domain-less key or value",
- myname, ctx->dict->name, format);
+ PANIC_DFLAG();
QUOTE_VAL(ctx->dict, quote_func, vdomain, result);
break;
+ case 'l':
+ PANIC_DFLAG();
+ QUOTE_VAL(ctx->dict, quote_func, parts->argv[0], result);
+ for (i = 1; i < parts->argc; i++) {
+ vstring_strcat(result, ",dc=");
+ QUOTE_VAL(ctx->dict, quote_func, parts->argv[i], result);
+ }
+ break;
+
case 'S':
if (key)
QUOTE_VAL(ctx->dict, quote_func, key, result);
@@ -518,6 +534,8 @@ int db_common_expand(void *ctxArg, const char *format, const char *value,
argv_free(parts);
return (1);
+#undef QUOTE_VAL
+#undef PANIC_DFLAG
}
