LDAP integration with multiple domains

[cryptz]

Hello,

I have seen mention of this but i have not been able to find a solid guide. I have 2 email domains and 2 seperate ad forests. Is it possible to poll 2 different ldap servers in order to automatically create the user and valid recipient lists? it seems the configuration for postfix and mailscanner is different and ultimately i am not sure if i could add it one place only. Also is it possible to configure redundant ldap server settings for each domain?

[shawniverson]

EFA doesn't really support multiple forests out of the box, although I'm it could be something that could be added. Do you want to make a feature request?

Another option is just to spin up two EFAs, one for each domain.

[cryptz]

I may be able to piece something together. I have mailwatch letting me authenticate via 2 ldap servers (if the login to the first one fails i just have it try the second). probably not the cleanest way but for right now with my testing its fine.

Postfix still rejects my emails because it says the user doesnt exist. I checked the postfix config and it seems relay recipients checking is disabled by default (according to the postfix help file). If i add someone manually to the mailwatch gui emails to that user are accepted.

i created a ldap reference in the postfix config and if i do a postmap -q with that user the result comes back ok yet emails still fail. I am wondering exactly what does adding a user to the gui touch from a valid recipient perspective. i am trying to avoid querying ldap and building a text file. i would rather query for each request the first time and then have postfix cache that result.

i dont think multiple efa's will work for my situation. Basically i have 2 companies sharing 1 public ip. i have port 25 comming into a barracuda and it redirects to each mailserver based on the domain. I am trying to accomplish the same thing with efa without adding a couple more hops.

[shawniverson]

The postfix and mailwatch layers are separate, so adding a user to the GUI does not populate the postfix list.

Check out the end of this post (may be on a second page)

/viewtopic.php?f=14&t=433

It is an older post, I'm going to pull out the parts and add to the new how-to shortly.

[cryptz]

I may be incorrectly associating the GUI with mailwatch, adding a user to the main gui (which i associate with mailwatch since mailwatch ldap config allows access to the webgui) does seem to populate something with valid recipients. I added one user to the main gui and i can get emails through efa for that user without any issue, all other users to the domain are rejected. I am assuming the creation of that user in the system is populating postfix in someway. Can you please confirm where that is. According to the initial postfix config file relay recipient filtering is off by default and indeed that section is commented out, so it seems like something else may be checked to gauge if a recipient is valid or not. I am assuming the users are indeed relay recipients, but i may be wrong.

From a feature standpoint, long term I think a ldap configuration per domain in the GUI would be ideal so that each domain can have its own authentication.