old blog,

Email server with Postfix, Dovecot, and LDAP

Izhar Firdaus Izhar Firdaus Follow Support Oct 03, 2011 · 1 min read
Email server with Postfix, Dovecot, and LDAP
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.
I think I'll skip the introduction as this is mainly a note for myself

The LDAP Setup

I'm not going to cover how to setup LDAP. The setup that I'm using for this system is organized where all users are under an Organizational Unit called 'people' (ou=people,dc=organization,dc=org) with this schema:

dn: uid=user,ou=people,dc=organization,dc=org
objectClass: posixAccount
objectClass: inetOrgPerson
uid: user
homeDirectory: /home/user
userPassword: <passwordhash>


Configuring Dovecot

Add these into dovecot.conf 

mail_uid = 5000
mail_gid = 5000

auth default {
  mechanisms = plain
  passdb ldap {
          args = /etc/dovecot-ldap.pass
  }
  userdb ldap {
          args = /etc/dovecot-ldap.user
  }

  # for postfix to authenticate against
  socket listen {
        client {
          # Assuming the default Postfix $queue_directory setting
          path = /var/spool/postfix/private/auth
          mode = 0660
          # Assuming the default Postfix user and group
          user = postfix
          group = postfix
  }
}

dovecot-ldap.pass

hosts = host.of.ldap.server:389
sasl_bind = no
auth_bind = yes
ldap_version = 3
deref = never
base = uid=%n,ou=people,dc=organization,dc=org
scope = base
dn = uid=manager,dc=organization,dc=org
dnpass = password

dovecot-ldap.user

hosts = host.of.ldap.server:389
sasl_bind = no
auth_bind = yes
ldap_version = 3
deref = never
base = uid=%n,ou=people,dc=organization,dc=org
scope = base
user_attrs = homeDirectory=home
dn = uid=manager,dc=organization,dc=org
dnpass = password


Configuring Postfix

Add these into your main.cf

accounts_server_host = host.of.ldap.server
accounts_search_base = ou=people,dc=organization,dc=org
accounts_query_filter = (&(objectClass=inetOrgPerson)(mail=%s))
accounts_result_attribute = homeDirectory
accounts_result_format  =  %s/Mailbox
accounts_scope = sub
accounts_cache = yes
accounts_bind = yes
accounts_bind_dn = uid=manager,dc=organization,dc=org
accounts_bind_pw = password
accounts_version = 3

virtual_transport = virtual
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_mailbox_base = /
virtual_mailbox_maps = ldap:accounts
virtual_mailbox_domains = organization.org

smtpd_sasl_type = dovecot
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_path = private/auth

Make sure domains under virtual_mailbox_domains is not listed under mydestinations.

Thats it I think, not sure if I missed anyting.


- Izhar Firdaus -
dovecot hacks howto postfix ldap
Izhar Firdaus
Written by Izhar Firdaus Follow Support
I'm a system architect, data engineer and developer advocate with passion in Free / Open Source software, entrepreneurship, community building, education and martial art. I take enjoyment in bridging and bringing together different FOSS technologies to help businesses and organizations utilize IT infrastructure to aid and optimize their business and organizational process.

Radiate: A simple push server for SocketIO (alpha)

Based on my previous post on WebSocket server using Tornado, I've hacked the code more to be a SocketIO server instead of just WebSoc...

In old blog, Oct 03, 2011

« Previous Post

A simple demo application using collective.trajectory

Last week I wrote about a Plone library called collective.trajectory which allows you to do url routing on Plone content type. Back t...

In old blog, Oct 04, 2011

Next Post »

Radiate: A simple push server for SocketIO (alpha)
A simple demo application using collective.trajectory