
LDAP notes

User creation

Create the user using ldapuseradd ldapadduser <username> <groupname>

export ICONVCHAR=utf8
ldapadduser web1_alarm web1

The command hangs after adding the user -> stop using CTRL-C

ldapsetpasswd web1_alarm

Wenn das ein Mail-User ist: -> Objectclass TTDMinAccount zuordnen und das Attribut Email hinzufügen
homeDirectory auf /var/www/<web>/user/<username> setzen.

Per ssh mit dem user anmelden (dabei werden vom pam module unter Verwendung von skel=/var/www/web1/user/skel/ als Vorlage ein home-directory in homeDirectory angelegt)
Procmail-files für ttdmin vorbereiten:

/root/bin/ -u=<user> -h=<home_directory> -e=<email-address>
/root/bin/ -u=web1_alarm -h=/var/www/web1/user/web1_alarm

Falls sich der user nicht per ssh anmelden können soll -> in loginShell auf /bin/false setzen.

Autoresponder, LDAP, postfix, gnarwl

Use information stored in LDAP for autoresponder messages.

This is using a specific LDAP schema ttdmin.schema (see attachements).


The user has to belong to to ObjectClass TTDMinAccount.

The following attributes are relevant for the vation autoresponder:

accountActive (flag if the account is active - has to be true)
delete (flag for deletion - has to be FALSE
mailAutoreply (the mail address that is used to answer incomming mail - has to be set)
vacationActive (flag if the autoresponder is active - has to be TRUE if vacation should be activated)
vacationInfo (text in utf-8 encoding that is used to respond)


installed from the clone of gnawrl at

Config at /etc/gnarwl.cfg

map_sender $sender
map_receiver $recepient
map_subject $subject
map_field $begin vacationStart
map_field $end vacationEnd
map_field $fullname cn
map_field $deputy vacationForward
map_field $reply mail
server localhost
port 389
scope sub
login cn=Manager,dc=thinkthinkdo,dc=com
password totally_secret
protocol 0
base ou=People,dc=thinkthinkdo,dc=com
queryfilter (&(mailAutoreply=$recepient)(vacationActive=TRUE))
result vacationInfo
blockfiles /var/lib/gnarwl/block/
umask 0644
blockexpire 48
mta /usr/sbin/sendmail -F $recepient -t $sender
maxreceivers 64
maxheader 512
charset utf-8
badheaders /var/lib/gnarwl/badheaders.db
blacklist /var/lib/gnarwl/blacklist.db
forceheader /var/lib/gnarwl/header.txt
forcefooter /var/lib/gnarwl/footer.txt
recvheader To Cc
loglevel 3

/etc/gnarwl.cfg should only be readable by the user that runs gnarwl (see /etc/postfix/ below)

chown gnarwl:gnarwl /etc/gnarwl.cfg
chmod 600 /etc/gnarwl.cfg


The principle here is: All messages are BCCed to a gnarwl transport based on an LDAP query if vacation is active. This is done by adding this to /etc/postfix/

recipient_bcc_maps =

in /etc/postfix/

server_host = ldap://localhost
search_base = ou=People,dc=thinkthinkdo,dc=com
version = 3
bind = yes
start_tls = no
bind_dn = cn=Manager,dc=thinkthinkdo,dc=com
bind_pw = totally_secret
search_base = ou=People,dc=thinkthinkdo,dc=com
scope = sub
query_filter = (&(&(objectClass=TTDMinAccount)(mail=%s))(vacationActive=TRUE)(accountActive=TRUE)(delete=FALSE))
result_attribute = mailAutoreply
result_format = %s,
expansion_limit = 1

This basically adds the to the mail-addressed that is defined to be used for autoresponding and later used in transport.

This transport is defined in /etc/postfix/transport - add:      gnarwl:

after adding this use postmap /etc/postfix/transport to convert this to the db format.

In /etc/postfix/ this transport is added by adding the line:

transport_maps = hash:/etc/postfix/transport

gnawrl itself is added to /etc/postfix/ by adding this:

gnarwl    unix  -       n       n       -	-	pipe
         flags=F  user=gnarwl argv=/usr/bin/gnarwl -a ${user} -s ${sender}

if gnarwl should parse the message header for the sender then use this in /etc/postfix/

gnarwl    unix  -       n       n       -	-	pipe
         flags=F  user=gnarwl argv=/usr/bin/gnarwl -a ${user}

afterwards restart postfix.

Last modified 16 months ago Last modified on 02/03/23 07:58:36

Attachments (1)

Download all attachments as: .zip