User's e-mail address an accessible variable?

31 posts / 0 new
Last post
#1 Thu, 08/30/2007 - 20:33
TonyShadwick

User's e-mail address an accessible variable?

I know this sounds odd. Under LDAP Users and Groups, I have attributes that all new users receive:

sn: ${REAL} authAuthority: ;basic;

I would like to put their e-mail address into ldap as well so that dbmail will recognize it. Can I do something like:

mail: ${EMAILADDRESS}

?

Sun, 06/07/2009 - 07:15
Joe
Joe's picture

I think right now you'd need to build it--I'm not seeing any variables for the email address. But you could probably do:

${USER}@${DOM}

Or some variant thereof.

--

Check out the forum guidelines!

Sun, 06/07/2009 - 07:15
TonyShadwick

I thought I'd replied to this earlier...

is it not ${MAILBOX}@${DOM}

?

Sun, 06/07/2009 - 07:15
TonyShadwick

I thought I'd replied to this earlier...

is it not ${MAILBOX}@${DOM}

?

Thu, 08/30/2007 - 11:22
Joe
Joe's picture

Yes. MAILBOX is better. USER could very well be entirely wrong. ;-)

--

Check out the forum guidelines!

Sun, 06/07/2009 - 07:15
TonyShadwick

Since you're replying, and might actually see this...I think I done tripped a bug. :)

Okay, I have a virtual server made, I go to create a mail and ftp user. Enter the e-mail address, and doing ${MAILBOX}@${DOM} works great. Now thinking I'd be cute, I decided to test what happened if I expanded the e-mail options and filled in "additional" e-mail addresses.

For grins, I created user sumdumuser@oss-solutions.com

Under additional addresses I put:

sumdumuser1@oss-solutions.com
sumdumuser2@oss-solutions.com

When I submit the form, I get an amusing, albeit entirely wrong error:

"Failed to save mailbox : The additional email domain 'oss-solutions.com' is not managed by Virtualmin"

I beg to differ... :D

This isn't a showstopper, obviously, but I was basically wagering whether or not Jamie accounted for a situation with multiple e-mail aliases, and whether or not it would indeed create multiple mail: ${MAILBOX}@${DOM} entries. Not only does it not, it trips a bug. ;)

Sun, 06/07/2009 - 07:15
TonyShadwick

Since you're replying, and might actually see this...I think I done tripped a bug. :)

Okay, I have a virtual server made, I go to create a mail and ftp user. Enter the e-mail address, and doing ${MAILBOX}@${DOM} works great. Now thinking I'd be cute, I decided to test what happened if I expanded the e-mail options and filled in "additional" e-mail addresses.

For grins, I created user sumdumuser@oss-solutions.com

Under additional addresses I put:

sumdumuser1@oss-solutions.com
sumdumuser2@oss-solutions.com

When I submit the form, I get an amusing, albeit entirely wrong error:

"Failed to save mailbox : The additional email domain 'oss-solutions.com' is not managed by Virtualmin"

I beg to differ... :D

This isn't a showstopper, obviously, but I was basically wagering whether or not Jamie accounted for a situation with multiple e-mail aliases, and whether or not it would indeed create multiple mail: ${MAILBOX}@${DOM} entries. Not only does it not, it trips a bug. ;)

Thu, 08/30/2007 - 12:00
TonyShadwick

Wow these posts are showing up COMPLETELY out of order...

Thu, 08/30/2007 - 17:15 (Reply to #8)
Joe
Joe's picture

<div class='quote'>Wow these posts are showing up COMPLETELY out of order...</div>

Yes, sorry. I bumped the timezone in the forums (since it so cleverly has its own time zone, at odds with the rest of Joomla and the server itself...real smart) to correct it...so our posts are going to be a wee bit messy for another few hours.

--

Check out the forum guidelines!

Sun, 06/07/2009 - 07:15
TonyShadwick

Since you're replying, and might actually see this...I think I done tripped a bug. :)

Okay, I have a virtual server made, I go to create a mail and ftp user. Enter the e-mail address, and doing ${MAILBOX}@${DOM} works great. Now thinking I'd be cute, I decided to test what happened if I expanded the e-mail options and filled in &quot;additional&quot; e-mail addresses.

For grins, I created user sumdumuser@oss-solutions.com

Under additional addresses I put:

sumdumuser1@oss-solutions.com
sumdumuser2@oss-solutions.com

When I submit the form, I get an amusing, albeit entirely wrong error:

&quot;Failed to save mailbox : The additional email domain 'oss-solutions.com' is not managed by Virtualmin&quot;

I beg to differ... :D

This isn't a showstopper, obviously, but I was basically wagering whether or not Jamie accounted for a situation with multiple e-mail aliases, and whether or not it would indeed create multiple mail: ${MAILBOX}@${DOM} entries. Not only does it not, it trips a bug. ;)

Thu, 08/30/2007 - 17:18
Joe
Joe's picture

<div class='quote'>When I submit the form, I get an amusing, albeit entirely wrong error:

&quot;Failed to save mailbox : The additional email domain 'oss-solutions.com' is not managed by Virtualmin&quot;

I beg to differ... :D</div>

Good job, Tony, you broke the Internet.

I'll ask Jamie to chime in (if he can make heads or tails of the order of messages since the TZ change). As you know, we think LDAP is nifty and all, and as long as it's not too hard and we don't have to think much, we'll do what we can do support it. ;-)

--

Check out the forum guidelines!

Fri, 08/31/2007 - 06:28
Joe
Joe's picture

Hi Tony,

Regarding the additional email addresses problem, I wasn't able to re-produce this myself. However, the only cases where that message could appears is if the domain name wasn't entered correctly, or if the oss-solutions.com domain doesn't have email enabled.

Are either of those the case?

--

Check out the forum guidelines!

Fri, 08/31/2007 - 07:11
TonyShadwick

d'oh! :)

Sun, 06/07/2009 - 07:15
TonyShadwick

Okay, now that I'm over my stupidity....

Yeah, that did it. Since I'm using Sendmail here, it added oss-solutions.com to the local-host-names file. When I did my example above, it created virtusertable entries pointed to that user.

What I need to decide internally is whether or not I want to handle it that way or not. Sendmail does in fact just plug into dbmail (as does qmail or whatever MTA you choose), but it uses the mail: attribute to deliver to the correct mailbox.

When I look at LDAP attributes, it only has one address listed for sumdumuser. When I look at my own account (which is created and managed from OpenDirectory and click on &quot;LDAP Attributes&quot;, it returns:

mail: tshadwick@oss-solutions.com, numbski@hksilver.net

My understanding is that despite not having a virtusertable entry that says

numbski@hksilver.net tshadwick

if hksilver.net is in local-host-names, it will still go to tshadwick's inbox. From a directory management standpoint, I would think it would be preferable to have all e-mail addresses for a user listed in LDAP. The reality of the matter is that from a behavioral standpoint, the outcome is the same whether the virtusertable entry is there, or not (I think...???), so leaving Sendmail's behavior untouched is fine, but I need to find a way to fully populate the mail: attributes with the potential multiple addresses. Right now, as mentioned above, I have

mail: ${MAILBOX}@${DOM}

being created for all users. Is there a way without modifying Virtualmin's code to get all of them, or am I going to have to write a script for now that checks for whether or not a user account has multiple addresses pointed to it in virtusertable and then verify that the mail entry is there in LDAP?

Could this be a feature request for future versions if it can't be done now? :)

Fri, 08/31/2007 - 07:45
TonyShadwick

Here's the pertinent parts of my personal entry from LDAP in ldif format:

version: 1
dn: uid=tshadwick,cn=users,dc=oss-solutions,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: apple-user
objectClass: extensibleObject
objectClass: organizationalPerson
objectClass: top
objectClass: person
apple-generateduid: 40EE732D-7C95-4AE2-BB26-31D3F6D8A35A
apple-imhandle: AIM:tonyshadwick
apple-imhandle: JABBER:tshadwick@oss-solutions.com
apple-mcxflags:: *SNIP*
apple-mcxsettings:: *SNIP
apple-mcxsettings:: *SNIP*
apple-user-picture: /private/Network/Servers/nas1.oss-solutions.com/mnt/home/tshadwick/Library/Images/iChat Recent Pictures/Recent 1.jp2
apple-webloguri: http://www.numbski.com
authAuthority: ;ApplePasswordServer;0x45fb046a76d88e290000000500000005,1024 35 151065087552365604662078053629772612290451253897449139807761324872121578236120047288155653152944089278080889602367588271055754278910497130577738270309682434205013777183280878944259422232257321274949926628553133410079079204895203526240725395504763554014428908067293849022106544972630274236718090726484292219531 *SNIP*
authAuthority: ;Kerberosv5;0x45fb046a76d88e290000000500000005;tshadwick@OSS-SOLUTIONS.COM;OSS-SOLUTIONS.COM;1024 35 151065087552365604662078053629772612290451253897449139807761324872121578236120047288155653152944089278080889602367588271055754278910497130577738270309682434205013777183280878944259422232257321274949926628553133410079079204895203526240725395504763554014428908067293849022106544972630274236718090726484292219531 *SNIP*
c: United States
cn: Tony Shadwick
facsimileTelephoneNumber: *SNIP*
gidNumber: 20
givenName: Tony
homeDirectory: /Network/Servers/nas1.oss-solutions.com/mnt/home/tshadwick
l: Ballwin
labeledURI: http://www.oss-solutions.com
loginShell: /bin/bash
mail: tshadwick@oss-solutions.com
mail: tony@hksilver.net
mobile: *SNIP*
postalCode: *SNIP*
sn: Shadwick
st: Missouri
street: 555 SomeStreet
telephoneNumber: *SNIP*
uid: tshadwick
uidNumber: 1025
userPassword:: None of your bizness, buster. :D

Fri, 08/31/2007 - 07:59
Joe
Joe's picture

Virtualmin actually has two ways it can talk to LDAP - one is for regular Unix users in an LDAP DB, and the other is designed more for a Qmail+LDAP (or Postfix or Sendmail) environment. In the latter case, it will actually set all those mail-related attributes like mail: for you automaticallly..

--

Check out the forum guidelines!

Fri, 08/31/2007 - 08:04
TonyShadwick

So....what, in Virtualmin's module config, should I fill in the fields as those I were using Qmail+LDAP?

Sun, 06/07/2009 - 07:15
TonyShadwick

Ugh...&quot;hacking attempt&quot;...

Anyhoo, here are the conditions under which this will work:

1. Sendmail enabled (done).
2. Domain gets written to /etc/mail/local-host-names (done).
3. all e-mail addresses get written to separate mail attributes for user (not done).

Right now virtusertable would take care of it, but after looking at the Virtualmin module config, I could tell it I'm using Qmail, but I suspect local-host-names would no longer get updated under that scenario. I also looked under LDAP Users and Groups' module config, and it has some info on cyrus, and also &quot;LDAP properties for new IMAP users&quot;, but I suspect, again, that this will have unwanted side effects. :\ I see &quot;Attribute for mail aliases&quot;, I can try filling that in with &quot;mail&quot;, but I don't know that it will actually *do* what I'm wanting it to do since I'm not actually running Cyrus or creating a separate account. dbmail presumes, unless I tell it otherwise, than anyone with a valid LDAP account and a mail attribute has an inbox on the system, and if not, creates one after the first time they log into dbmail (which auths against ldap) via either IMAP or POP3.

Literally, no changes need to be made other than what I've listed above. So far as I can tell anyway. I need to see what needs to happen for old user e-mail to be purged upon account deletion so that I make sure that happens properly too, but that should be simple to add to the account deletion script compared to making sure all of the conditions are met upon account creation. :)

Sun, 06/07/2009 - 07:15
TonyShadwick

I'm going braindead over here. :P

dbmail-users -e ${MAILBOX}

That will empty all mail for that user. Of course I can't find where to properly trigger it. :)

Presumably when the user is prompted whether or not you want to delete the users' file/e-mail, if yes, then run the above. I'm just spacing where I'm supposed to enter that.

Sun, 06/07/2009 - 07:15
Joe
Joe's picture

I think right now you'd need to build it--I'm not seeing any variables for the email address. But you could probably do:

${USER}@${DOM}

Or some variant thereof.

--

Check out the forum guidelines!

Fri, 08/31/2007 - 08:33
Joe
Joe's picture

Yeah, if you are using Sendmail then the Qmail+LDAP mode isn't going to help, as it won't update the various Sendmail config files like local-domain-names.

You may instead want to look into Virtualmin/Webmin's post-user-creation script functionality, and have that call the LDAP commands you need to add the attributes.

--

Check out the forum guidelines!

Fri, 08/31/2007 - 08:36
TonyShadwick

Would love to. That's what I'm trying to find. :) Where can I find it?

Sun, 06/07/2009 - 07:15 (Reply to #22)
TonyShadwick

Oh, and the post-user creation won't do me a bit of good without the addresses that need to get pushed. Is there an array or something that contains ${MAILBOX-ALIASES} or something?

Post user deletion is simple, dbmail-users -e ${MAILBOX}, as I don't have to worry about the aliases upon deletion. WHen they're gone from LDAP, they're gone.

Sun, 06/07/2009 - 07:15
Joe
Joe's picture

I think right now you'd need to build it--I'm not seeing any variables for the email address. But you could probably do:

${USER}@${DOM}

Or some variant thereof.

--

Check out the forum guidelines!

Fri, 08/31/2007 - 08:56
Joe
Joe's picture

Actually, I just realized that attributes like the email addresses are not available to post-user creation scripts .. so that won't help you.

Did you have any luck with setting custom LDAP attributes for new users in the LDAP Users and Groups module? These can be set on the Module Config page, in the 'LDAP properties for all new users' field..

Actually, scratch that - I just realized that this approach isn't going to work either, as even though there is a user attribute $EXTRAEMAIL that contains all the addresses, it is a perl hash and so isn't suitable for substituting into that field..

So right now, I can't think of any solution that can be done in the current Virtualmin release.

That said, I could add an option to the set the 'mail' LDAP attribute with all email addresses in the next release. Would that solve the problem for you?

--

Check out the forum guidelines!

Sun, 06/07/2009 - 07:15
TonyShadwick

Perfectly. Now if you could kindly point me to the right place to put my dbmail-users -e ${MAILBOX} command I would much appreciate it and I'll get out of your hair for the day. :D

Sun, 06/07/2009 - 07:15
Joe
Joe's picture

I think right now you'd need to build it--I'm not seeing any variables for the email address. But you could probably do:

${USER}@${DOM}

Or some variant thereof.

--

Check out the forum guidelines!

Sat, 09/01/2007 - 09:34
Joe
Joe's picture

If you want to have a command run after a user is deleted, you can do the following :

1) Click on Webmin -&gt; System -&gt; Users and Groups.
2) Click on the Module Config link in the top left and select the 'Before and after commands' section.
3) In the 'Command to run after making changes' field, enter :
test &quot;$USERADMIN_ACTION&quot; = &quot;DELETE_USER&quot; &amp;&amp; dbmail-users -e $USERADMIN_USER

--

Check out the forum guidelines!

Sat, 09/01/2007 - 12:18 (Reply to #28)
TonyShadwick

Per your instructions, I've entered that, but there was a command there already to rebuild the passwd db for FreeBSD, so here's what I have there now:

test &quot;$USERADMIN_ACTION&quot; = &quot;DELETE_USER&quot; &amp;&amp; dbmail-users -e $USERADMIN_USER &amp;&amp; /usr/sbin/pwd_mkdb -p /etc/master.passwd

Does that look right to you, or should I have it go afterwards (or does it really matter?)

Sat, 09/01/2007 - 12:22 (Reply to #29)
Joe
Joe's picture

I would suggest something more like :

(test &quot;$USERADMIN_ACTION&quot; = &quot;DELETE_USER&quot; &amp;&amp; dbmail-users -e $USERADMIN_USER) ; /usr/sbin/pwd_mkdb -p /etc/master.passwd

So that pwd_mkdb is always run.

--

Check out the forum guidelines!

Sat, 09/01/2007 - 12:25 (Reply to #30)
TonyShadwick

Done. Thanks for the pointer. I almost assuredly would have done that wrong otherwise. :)

Thanks again. I look forward to the LDAP population support!

Topic locked