> On Nov 14, 2023, at 19:09, Viktor Dukhovni via Postfix-users
> <postfix-users@postfix.org> wrote:
>
> On Tue, Nov 14, 2023 at 06:32:55PM +0100, Francis Augusto Medeiros-Logeay via
> Postfix-users wrote:
>
>> I figured out all the queries I need, except one. You see, right now,
>> I use Postfixadmin and my query for virtual_mailbox_domains is like
>> this:
>>
>> query = SELECT goto
>> FROM alias, alias_domain
>> WHERE alias_domain.alias_domain = '%d'
>> AND alias.address = CONCAT('%u', '@', alias_domain.target_domain)
>> AND alias.active = 1
>> AND alias_domain.active=‘1’
>
> Your relational data model is normalised to store each user alias just
> once, under the primary domain of each alternate domain. You get to
> attach secondary domains to a primary domain without losing recipient
> validation by doing wildcard rewrites.
>
> You reduced the amount of data to manage, at the cost of being unable to
> assign valid addresses on a per-user basis, with some users having a
> different subset of associated secondary domains than others.
>
> This type of normalisation is idiomatic for SQL, but is not idiomatic
> (or necessarily possible) with LDAP.
>
Thank you for the thorough explanation, Viktor.
> LDAP schemas are not normalised, they are "star-like". Typical LDAP
> objects Objects have multi-valued attributes representing 1-to-many
> relationships, such as the set of all the valid addresses of a user
> object.
>
>
> virtual.cf:
> query = mailacceptinggeneralid=%s
> result_attribute = maildrop
>
> canonical.cf:
> query = mailacceptinggeneralid=%s
> result_attribute = mail
>
> Mail can be sent to the user under each of the *explicitly* listed
> addresses, but is typically canonicalised to "mail" in outbound email
> (all headers and envelope sender). Inbound mail is rewritten to
> "maildrop" (just the envelope recipient) for storage.
>
> Other designs are possible, see LDAP_README for variations.
>
> But you're unlikely to find (or ultimately want) data model parity.
> LDAP directories just aren't SQL databases. If you want to assign
> every user in some collection the same set of domains, that would
> be done as of provisioning and maintaining the user "entries",
> rather than computed via relational query logic.
>
My case is that I wanted to mimic Postfixadmin in FreeIPA. I even created a
plugin for it, and the data model works nice, for the most part, except for the
virtual domains part. My design is simplified since I only use virtual
mailboxes.
But I hear what you are saying, it does seem to be complicate to accomplish the
same with LDAP when it comes to that on-the-fly checking if b@domainb exists
when b should receive a mail from domainc. I might drop this feature.
Best,
Francis
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
