A FreeIPA plugin for mimicking PostfixAdmin functionality

This is not a ready product, and some functionality is missing. Even when that functionality is added, not sure if everything one would expect from this plugin is implemented. This was written with small deployments in mind.

This plugin attemps to create an interface that mimics Postfix Admin. I want to migrate my mailbox configuration from MySQL to FreeIPA, and thus being able to get better synchronization of mailbox configuration (currently I am using MySQL replication).

Yes. FreeIPA-mailserver is an excellent plugin, and it is production ready, in my opinion. The reason why I decided to write my own is that I want to have more separation between FreeIPA users and groups from Postfix virtual mailboxes, aliases and virtual domains.

I am writing this plugin to replicate as much as possible my current experience with Postfix Admin.

The main idea is that users can have a mailbox, but mailboxes can be created for non-users. Domains, virtual domains and aliases are not part of groups, hosts or other native FreeIPA objects.

This plugin creates a few objectClasses so that few attributes present on FreeIPA are reused, so that other plugins might not use the same components here. A notable exception is the attributeType status, which is used to enable/disable items such as domains, mailboxes and aliases.

• domains are containers under cn=postfix,cn=mailserver,cn=etc. They contain mailboxes, aliases and domain aliases.
• mailboxes can be attributted to normal ipa users or to records created under domains. So a postfix query needs to check for the objectclass postfixMailBox under a domain container and to normal ipa users records under cn=users....
• aliases are records with a postfixMailDestination address, which is supposed to be a mailbox.
• virtual domains are domains that points to another domain.

There is also a configuration for the default domain for new mailboxes - similarly to the Ipa Server configuration for default e-mail domains.

Ipa users can have only one mailbox (postfixMailAddress) attribute. When adding a new user, the admin will be able to create this mailbox, which will always be uid@defaultDomain.

• Finishing the UI for adding a mailbox to new and existing users
• Adding validations everywhere (for example, so that a new user mailbox won't be a duplicate of an existing non-user mailbox). Validations are also needed regarding e-mail addresses.
• Streamlined installation and installation instructions;
• Documentation on how to configure Postfix and Dovecot to query the right objects.
• Permission configurations. As of now there is no permission configuration for the mailboxes, domains, etc. Only admins can edit Postfix configurations.

• Color tagging different status, such as aliases to e-mails that are not known to the server;
• Sending test and welcome e-mails;
• Changing passwords of mailboxes - This will be developed at some point, but my main goal is to use Keycloak to provide a user interface for this.

Here are some screenshots for how it looks so far:

Thanks to the authors of the FreeIPA-mailserver and IPA-dhcp plugin authors, who gave me lots of inspiration on how to get started with this plugin.