1

Topic: What's new in iRedMail: per-user Shadow Address in LDAP solution

Hi, all.

As you may know, we added a new feature in LDAP solution: per-user Shadow Address.

Shadow address, hmm, a little confused. In Google App, it is called Nickname.

What does it used for?

User can have as many mail addresses as he want. He can use POP3/IMAP/SMTP services with either mail address with same password, and all mails sent to these addresses will be delivered to the same mailbox.

Let me explain the LDIF structure first:

For user www@example.com:

dn: mail=www@example.com,ou=Users,domainName=example.com,XXX
mail: www@example.com
shadowAddress: user01@example.com
shadowAddress: user02@example.com
shadowAddress: user03@example.com
userPassword: {SSHA}xxxxxxxx
storageBaseDirectory: /var/vmail/vmail01
mailMessageStore: example.com/w/ww/www/www-2009.08.26.11.16.25/

2

Re: What's new in iRedMail: per-user Shadow Address in LDAP solution

Hi,

Could it be that if someone has multiple domains belonging to a mail account from there it can be dealt with?

For user www@example.com and his email address:

www@example.com
www@mail.example.com
www@example2.com
www@example3.com

Sorry for poor English.

3

Re: What's new in iRedMail: per-user Shadow Address in LDAP solution

Of course yes, but small modifications (/etc/postfix/ldap_virtual_mailbox_maps.cf, ldap_sender_login_maps.cf, /etc/dovecot-ldap.conf) are required.

And, you SHOULD host the domains you listed in shadowAddress.

4

Re: What's new in iRedMail: per-user Shadow Address in LDAP solution

Are there plans to include this in iRedAdmin(-Pro?)

This would be a very useful feature...

5

Re: What's new in iRedMail: per-user Shadow Address in LDAP solution

Caliban wrote:

Are there plans to include this in iRedAdmin(-Pro?)

Of course yes. smile
But not in next release (v1.2.0), hope we can implement it in v1.3.0 or 1.4.0.

6

Re: What's new in iRedMail: per-user Shadow Address in LDAP solution

I'm a little confused is this the same as a catch all for a domain?

7

Re: What's new in iRedMail: per-user Shadow Address in LDAP solution

web2works wrote:

I'm a little confused is this the same as a catch all for a domain?

No.

8

Re: What's new in iRedMail: per-user Shadow Address in LDAP solution

ZhangHuangbin wrote:

Of course yes, but small modifications (/etc/postfix/ldap_virtual_mailbox_maps.cf, ldap_sender_login_maps.cf, /etc/dovecot-ldap.conf) are required.

And, you SHOULD host the domains you listed in shadowAddress.

Hi Zhang,

we are currently setting up iRedmail and we need to setup domainalias + shadowAddress outside of the user's original domain
user1@uk.ourdomain.com needs to also receive user1@uk2.ourdomain.com and are having trouble

apart from domainalias creation & shadowaddress setup is there anything else we need to enable?

9

Re: What's new in iRedMail: per-user Shadow Address in LDAP solution

If you're using iRedMail-0.6.0, please modify dovecot-ldap.conf first to make Domain Alias and shadow address first:

user_filter     = (&(objectClass=mailUser)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u)))(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc))
pass_filter     = (&(objectClass=mailUser)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u)))(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc))

This is my mistake in iRedMail-0.6.0. Sorry.

10

Re: What's new in iRedMail: per-user Shadow Address in LDAP solution

Already post hotfix for 0.6.0 in forum:
http://www.iredmail.org/forum/topic1023 … -ldap.html

11

Re: What's new in iRedMail: per-user Shadow Address in LDAP solution

Hi Zhang,
I add new domain alias. And add new shadow address with domain alias added.

I can login to webmail with both address. But when I login with shadow address, I can't see global LDAP addresses.


I'm on Ubuntu 12.04 (IredMail 0.8.0 LDAP backend)

12

Re: What's new in iRedMail: per-user Shadow Address in LDAP solution

slimwoogi wrote:

I can login to webmail with both address. But when I login with shadow address, I can't see global LDAP addresses.

This is restricted in Roundcube global address book setting. For example, in /usr/share/apache2/roundcubemail/config/main.inc.php:

// Global LDAP address book.                                                       
\$rcmail_config['ldap_public']["ldap_global"] = array(
    ...
    // Search accounts in the same domain.
    ...
    'base_dn'       => 'domainName=%d,o=domains,dc=xxx',                

    ...

As you can see in base_dn setting, it will search dn of your domain. If you login with shadow address, '%d' in base_dn setting (domainName=%d) will be replaced by the domain part of your email address, but it won't return any result because this base dn doesn't exist at all.

If you want to let users query the whole LDAP directory, try to remove 'domainName=%d' in base_dn and restart Apache web server.