diff options
Diffstat (limited to 'fripost-docs.org')
-rw-r--r-- | fripost-docs.org | 43 |
1 files changed, 35 insertions, 8 deletions
diff --git a/fripost-docs.org b/fripost-docs.org index 53f21d2..21d7154 100644 --- a/fripost-docs.org +++ b/fripost-docs.org @@ -745,6 +745,25 @@ Note: For the meaning of the sequences of digits above, grep the output of (For instance, 1.3.6.1.4.1.1466.115.121.1.26 is a IA5String, meaning the spaces don't matter) +TODO: Because of the use of `mailLocalAddress', we cannot use wildcard on aliases +with the current schema. It should be amended as follows: + + olcAttributeTypes: ( 1.3.6.1.4.1.7914.1.2.1.3 NAME 'mailAliasGoto' + DESC 'The target of e-mail virtual aliases.' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) + olcAttributeTypes: ( 1.3.6.1.4.1.7914.1.2.1.4 NAME 'mailAliasFrom' + DESC 'The login part of virtual aliases.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + olcObjectclasses: ( 1.3.6.1.4.1.12461.1.2.2 NAME 'virtualAliases' + SUP top STRUCTURAL + DESC 'Virtual Aliases.' + MUST ( mailAliasGoto $ mailAliasFrom $ isActive ) + + We can now add it to the schema list: ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/fripost/fripost.ldif @@ -813,6 +832,13 @@ be looking for e.g., the `uid' attribute. add: olcDbIndex olcDbIndex: owner eq +TODO: After having amended the schema as specified above, we'll also need a +`sub' index on aliases: + + add: olcDbIndex + olcDbIndex: mailAliasGoto,mailAliasFrom eq,sub + + ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ldap/fripost/indexes.ldif @@ -1247,22 +1273,23 @@ the prefix. TODO: Postfix 2.7 does not support SASL binds. Hence one cannot SASL bind on the socket with the EXTERNAL mechanism, which leads to a flood of warnings "connection_read(XX): no connection!" in the syslog. One can also reproduce the -flood with +warning with ldapsearch -H 'ldapi://%2Fvar%2Fspool%2Fpostfix%2Fvar%2Frun%2Fldapi/' -x -WD 'cn=guilhem,ou=managers,o=mailHosting,dc=fripost,dc=org' -b 'o=mailHosting,dc=fripost.org,dc=org' -instead of +instead of the proper ldapsearch -H 'ldapi://%2Fvar%2Fspool%2Fpostfix%2Fvar%2Frun%2Fldapi/' -Y EXTERNAL -WD 'cn=guilhem,ou=managers,o=mailHosting,dc=fripost,dc=org' -b 'o=mailHosting,dc=fripost.org,dc=org' (The first one performs a simple bind and does not unbind properly, while the second one is safe and performs a SASL bind with the EXTERNAL mechanism.) -TODO: With Postfix 2.8, one could do [Not tested] - bind = sasl - sasl_mechs = EXTERNAL - See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643970 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660223 http://www.openldap.org/lists/openldap-software/200811/msg00078.html +TODO: In the time being, we stick to simple binds on 127.0.0.1:389, but with +Postfix 2.8, one could do [Not tested] + bind = sasl + sasl_mechs = EXTERNAL + :: /etc/postfix/ldap/ldap_virtual_mailbox_domains.cf @@ -1833,8 +1860,8 @@ on this machine actually speaks to the master). $rcmail_config['password_driver'] = 'ldap_simple'; $rcmail_config['password_confirm_current'] = true; - $rcmail_config['password_minimum_length'] = 8; - $rcmail_config['password_require_nonalpha'] = true; + $rcmail_config['password_minimum_length'] = 12; + $rcmail_config['password_require_nonalpha'] = false; $rcmail_config['password_log'] = false; $rcmail_config['password_ldap_host'] = '127.0.0.1'; $rcmail_config['password_ldap_port'] = '3890'; |