Freeipa group expansion for postfix

26 January,2022

In order to acheive this i created a group and added an mailGroup(objectClass) and its MUST mail(attribute)

ipa group-add support ipa group-mod support --addattr="objectclass=mailGroup" --addattr="mail=support@example.com"

This will create a group with mail “support@example.com”

Now add members either using CLI or WebUI

ipa group-add-member support

This will be the newly created group with its member

#support, groups, accounts, amogha.labnetwork.in

dn: cn=support,cn=groups,cn=accounts,dc=example,dc=com cn: support objectClass: top objectClass: groupofnames objectClass: nestedgroup objectClass: ipausergroup objectClass: ipaobject objectClass: mailGroup ipaUniqueID: 58c0bc3a-7e97-11ec-ab9c-96f26bde8936 member: uid=test,cn=users,cn=accounts,dc=example,dc=com member: uid=test2,cn=users,cn=accounts,dc=example,dc=com

In postfix, create a ldap lookup table. I usually create all these ldap files in /etc/postfix/ldap

#virtual_groups.cf

bind = yes bind_dn = uid=user,cn=users,cn=accounts,dc=example,dc=com bind_pw = secret server_host = ipa.example.com search_base = cn=accounts,dc=example,dc=com query_filter = (&(objectClass=groupofnames)(cn=%u)) result_attribute = mail special_result_attribute = member

Use postmap command to create a local db

postmap /path/to/virtual_groups.cf

Now check if this produces the desired output. The desired output would be the email addresses of all the members.

postmap -q support@example.com ldap:/path/to/virtual_recipients.cf

The output being

test@exmaple.com,test2@exmample.com