Open LDAP 2.4 - Adding mailing lists for Postfix MTA

When managing mailing list in Postfix with LDAP, it is required to have new alias objects created in the LDAP tree. You may need to enable attributes such as rfc822MailMember mailRoutingAddress attributes defined under nisMailAlias and inetLocalMailRecipient Object classes. These object classes are not enabled by default. You need to enable them by adding the misc.ldif

ldapadd -Q -Y EXTERNAL -H ldapi:/// -f misc.ldif 

After adding the schema, you are allowed to create mailaliases in LDAP with above mentioned attributes. These attributes are used by Postfix to identify the mail recipients for a given mail address.

Below given example includes the ldif file to add  staff@mycompany.com to the LDAP attribute

dn: cn=staff,ou=mailAliases,dc=mycompany,dc=com
objectClass: nisMailAlias
objectClass: inetLocalMailRecipient
objectClass: top
mailRoutingAddress: staff@mycompany.com
rfc822MailMember: chamara@mycompany.com
rfc822MailMember:ceo@mycompany.com
rfc822MailMember: ruwan@mycompany.com

After adding the staff mail aliases, postfix should configured to read the mail aliases from LDAP at main.cf

virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf

Contents in the ldap-aliases.cf

server_host = [serverIP]
server_port = <port normally 389>
version = 3
search_base = dc=mycompany,dc=com
bind = yes
bind_dn = cn=ldapadmin,dc=mycompany,dc=com
bind_pw = <password>
scope = sub
query_filter = (mailRoutingAddress=%s)
result_attribute = rfc822MailMember
result_format = %u@%d
lookup_wildcards = no

Open LDAP 2.4 - Adding new schema and enabling existing schema

By default OpenLDAP having the core schema only. When adding entities to the LDAP database following structural schemas are very important and required. These schemas and related ldif files are already available at /etc/openldap/schema folder but may not be enabled. Following commands can be used to enable required schemas

ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cosine.ldif 
ldapadd -Q -Y EXTERNAL -H ldapi:/// -f nis.ldif

When LDAP is used as the authentication method of postfix or Dovecot, postfix schema is required (http://www.postfix.org/LDAP_README.html) but that is not shipped with OpenLDAP by default. You may need to download the schema from following URI (https://github.com/credativ/postfix-ldap-schema)

In any case if the URL is not available, I have given the data in the postfix schema

attributetype (

1.3.6.1.4.1.4203.666.1.200

NAME 'mailacceptinggeneralid'

DESC 'Postfix mail local address alias attribute'

EQUALITY caseIgnoreMatch

SUBSTR caseIgnoreSubstringsMatch

SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}

)

attributetype (

1.3.6.1.4.1.4203.666.1.201

NAME 'maildrop'

DESC 'Postfix mail final destination attribute'

EQUALITY caseIgnoreMatch

SUBSTR caseIgnoreSubstringsMatch

SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}

)

objectclass (

1.3.6.1.4.1.4203.666.1.100

NAME 'postfixUser'

DESC 'Postfix mail user class'

SUP top

AUXILIARY

MAY (

mailacceptinggeneralid $ maildrop

)

)

# Schema as required by Postfix: http://www.postfix.org/LDAP_README.html

You need to download this schema and place it in /tmp folder as you need to create the ldif file to integrate to the LDAP server. Good tutorial is available at https://www.youtube.com/watch?v=qAedVMMunk8 which describes how to enable a new schema for LDAP 2.4

References:
https://www.youtube.com/watch?v=qAedVMMunk8 - tutorial video
https://github.com/credativ/postfix-ldap-schema - Github postfix schema