Hi Francis
I integrated freeipa with postfix/dovecot, and many other anti-spam /
address validation capabilities. I can tell you -- it's quite a bumpy
ride. A 'good plan' has more to do with your model of how 'real people'
would expect to map onto domains, accounts and the like. To do it
properly, there has to be pretty tight integration into DNS, with a fair
few administrative accounts and related records and a whole bunch of
support packages. It's possible to do well, but it's a way bigger
project than the relationship between freeipa and postfix.
For example, many business users have a concept of 'their primary email
address' with secondary addresses that might 'float' among staffers
(techsupport@ productspecialistfoo@ info@). You might require those
to be separate users with separate email boxes, or 'groups' and then
have to deal with passwords, etc. Also secondary addresses that appear
later that allow for name changes ( jsmith@domain also gets email for
jjones@domain). Another issue is whether to allow 'one email bucket' to
get email from 'secondary domains entirely' and not just different
accounts within the domain, for example [email protected]
[email protected] are aliases for [email protected]
It goes on, but big picture, the tradeoff is admin setup-time vs
admin-management time vs user-account setup time. I find users, with
their many various devices and so on, generally want 'one account with
one password' they can set up for all their devices, then have 'the
system' route 'whatever from whereever' to that. Generally, not always
of course.
Good luck!
On 4/19/22 06:34, Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
Hi,
I was wondering, it would be very cool if FreeIPA could include the
storage of virtual accounts and domains so that it could easily
integrate with Postfix. I am willing to start to develop such
integration, but wanted first to ask here if there's a smarter way to
do so, or if this could be useful for others.
My idea would involve:
- creating an nsContainer named "virtualaccounts";
- creating an objectClass of type "virtualaccount" for virtual domains
and virtual accounts, pointing to a real mailbox (which would always
be a user)
- extending the UI to get the mailQuota field to users (adding
mailRecipient objectClass to the default list as well)
- extending the UI to add a new menu, probably under "Identities", for
adding/editing/deleting virtual domains and aliases.
Does this seem a good way to go, or this could be accomplished in a
simpler way?
Best,
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
