1

Topic: shadowAddress for group?

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.4
- Linux/BSD distribution name and version: Debian Linux 8.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): OpenLDAP (integrated)
- Web server (Apache or Nginx): NGINX
- Manage mail accounts with iRedAdmin-Pro? NO
- Related log if you're reporting an issue: "User unknown in virtual mailbox table."
====

I see that every group object in LDAP (objectClass=mailList) has an attribute shadowAddress, just like normal users (objectClass=mailUser). For a normal user I can use this attribute to define mail aliases for the user, so one account can use several mail addresses, it works fine. But when I try to do the same thing for a group - it does not work, I get an error "User unknown in virtual mailbox table." Is is 'by design' or I hit a bug? Is it possible to define mail aliases for mailList object?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: shadowAddress for group?

Besides adding "shadowAddress=xxx" to mailList object, you MUST add "memberOfGroup=xxx" to each group members.

iRedAdmin-Pro handles the membership.

3 (edited by Peter2121 2016-12-06 18:25:26)

Re: shadowAddress for group?

Ah, yes, I see.
Thanks, ZhangHuangbin.

We are using slightly modified system for mailList, with memberUid attribute for group members. So, I modified virtual_list_maps.cf to replace (mail=%s) with (|(mail=%s)(shadowAddress=%s)) and it works correctly now.

For info (if someone needs the same config), my virtual_list_maps.cf :

...
scope = sub
query_filter = (&(objectClass=mailList)(enabledService=mail)(enabledService=deliver)(|(mail=%s)(shadowAddress=%s)))
result_attribute = mail
special_result_attribute = memberUid
leaf_result_attribute = mail
...

4

Re: shadowAddress for group?

Curious, why use "memberUid" instead? What's the benefit? And what's the plan to upgrade iRedMail since you use custom LDAP schema or structure/attributes?

5

Re: shadowAddress for group?

ZhangHuangbin wrote:

Curious, why use "memberUid" instead?

We are managing iRedMail users/groups from another application. In reality, we just change config LDAP of iRedMail.
When you have a group of 50+ users - it's more simple to change ONE record (of the group) than 50+ records of users. More, (as we're using the same groups in our application) - it's difficult to search for group members if we manage group membership at the level of user's records.

ZhangHuangbin wrote:

And what's the plan to upgrade iRedMail since you use custom LDAP schema or structure/attributes?

We did not change schema, just postfix config. It's not too difficult to patch one cf file after upgrade.

6

Re: shadowAddress for group?

Thanks for sharing. smile