fix(open-xchange): Add support for ldap based transport maps and virtual alias maps

2025-12-07 16:01:37 +01:00 · 2025-11-06 09:41:09 +01:00
parent 9e0b51465d
commit 2bf2e7272a
4 changed files with 42 additions and 2 deletions
--- a/helmfile/apps/open-xchange/values-postfix.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-postfix.yaml.gotmpl
@@ -78,6 +78,45 @@ postfix:
  staticAuthDB:
    enabled: false

+  ldapTransportMaps:
+    - host: "ums-ldap-server"
+      scheme: "ldap"
+      port: 389
+      baseDn: "{{ .Values.ldap.baseDn }}"
+      bindDn: "uid=ldapsearch_postfix,cn=users,{{ .Values.ldap.baseDn }}"
+      password:
+        value: {{ .Values.secrets.nubus.ldapSearch.postfix | quote }}
+      queryFilter: "(&(objectClass=person)(isOxUser=Not)(mailPrimaryAddress=%s))"
+      resultAttribute: "mailPrimaryAddress"
+      resultFormat: "smtp:legacySmtpServer1:25"
+    - host: "ums-ldap-server"
+      scheme: "ldap"
+      port: 389
+      baseDn: "{{ .Values.ldap.baseDn }}"
+      bindDn: "uid=ldapsearch_postfix,cn=users,{{ .Values.ldap.baseDn }}"
+      password:
+        value: {{ .Values.secrets.nubus.ldapSearch.postfix | quote }}
+      queryFilter: "(&(objectClass=person)(isOxUser=Not)(mailAlternativeAddress=%s))"
+      resultAttribute: "mailAlternativeAddress"
+      resultFormat: "smtp:legacySmtpServer2:25"
+
+  ldapVirtualAliasMaps:
+    - host: "ums-ldap-server"
+      scheme: "ldap"
+      port: 389
+      baseDn: "{{ .Values.ldap.baseDn }}"
+      bindDn: "uid=ldapsearch_postfix,cn=users,{{ .Values.ldap.baseDn }}"
+      password:
+        value: {{ .Values.secrets.nubus.ldapSearch.postfix | quote }}
+      # ldap filter to find groups with mail address
+      queryFilter: "(&(|(objectClass=univentionMailList)(objectClass=posixGroup))(|(mailPrimaryAddress=%s)(mailAlternativeAddress=%s)))"
+      # -- use this attribute if the query already returns email addresses of members and no recursive lookup needs to be done
+      resultAttribute: ""
+      # -- do a recursive search on the specified attribute if found, should be a DN
+      specialResultAttribute: "uniqueMember"
+      # -- return the following attribute from all found leaves when a recursive search is done
+      leafResultAttribute: "mailPrimaryAddress"
+
  {{- if .Values.antivirus.milter.host }}
  smtpdMilters: "inet:{{ .Values.antivirus.milter.host }}:{{ .Values.antivirus.milter.port }}"
  {{- else }}