Postfix And Ldap

In this article I describe how to use LDAP to authenticate Cyrus IMAP users, but I cover Postfix only so far as pointing Postfix mail delivery at Cyrus. In fact, Postfix also has LDAP functionality: it can use LDAP to resolve e-mail aliases to mailbox names.

That is, you can configure Postfix to check both its local /etc/postfix/aliases database for e-mail-alias-to-mailbox-name mappings and also to query the local LDAP service or a remote one. This can save considerable administration time; rather than maintaining separate alias and user databases, you can do it all in LDAP

However, Postfix on Red Hat 7.3 (and possibly on later versions) doesn't have LDAP support compiled in. To determine whether your version of your distribution of choice has LDAP support compiled in its Postfix package, use the command postconf -m. If LDAP isn't listed among the supported Postfix modules, you need to uninstall your Postfix package and build it yourself from source.

See for more information and for Postfix source code. Be sure to read the instructions in ./READMES/LDAP_README in the Postfix source code, which explains how to compile in Postfix's LDAP functionality—the default Postfix Makefile does not do so automatically. Be sure also to read the file /etc/postfix/samples/, which contains the parameters you need to add and configure in /etc/postfix/ to get LDAP alias lookups working. The latter step is extremely important, and it may take some tinkering to get it working properly.

If you forego all this and choose instead to maintain Postfix's aliases file separately (the old-fashioned way), then don't worry; using or not using LDAP with Postfix has no ramifications whatsoever on Postfix's ability to interact with your LDAP-authenticated Cyrus IMAP software.

aliases to those mailboxes you need. For our example user Bubba, /etc/aliases needs the line:

bubba: bubba

Simple enough, right? We omit the user. prefix; Cyrus mailboxes are referred to by user name. If your Cyrus (LDAP) user names correspond to local system user names, you don't need aliases entries for those users. But part of Cyrus' attraction lies in its not requiring users to have shell accounts.

If Bubba is our organization's marketing analyst, we also can add the line:

marketing_weasel: bubba

After you edit your aliases file, don't forget to use the postalias command to generate a new alias database:

bash-$> postalias hash:/etc/aliases


This is not all you need to know in order to be a Cyrus IMAP administrator, but hopefully it's enough to get started in building an LDAP-enabled Cyrus IMAP server. With the topics we've covered or touched on in these two articles, you now can go on to advanced topics, including how to let users change their LDAP passwords; how to let users use the LDAP server as an address book; how to set up shared IMAP folders securely; and how to set up a secure Web mail interface, such as SquirrelMail for Cyrus IMAP.0

Mick Bauer, CISSPP is Linux Journals security editor and an IS security consultant in Minneapolis, Minnesota. He's the author of Building Secure Servers With Linux (O'Reilly & Associates, 2002).

Cyrus IMAP Home Page (source, documentation and so on):

Mullet, Dianna, and Kevin Mullet. Managing IMAP. Sebastopol, California: O'Reilly & Associates, 2000.

"Secure Mail with LDAP and IMAP Part I"

To remove spurious Control-M characters, or carriage returns, from MS-DOS format text files, do this:

If you're writing a game in Perl and you want the random numbers to be really random, seed the pseudo-random number generator from the kernel's real random number generator, like this:

my $random;

open (RANDOM, "/dev/random") or die "Cant open " .

"/dev/random: $! "; read (random, $random, 4); close RANDOM;



Today's database demands are often too complex for traditional database servers. The functionality and precise level of control you need is simply not available. Perhaps you need alternate sort criteria for your data or a special twist in the threading or communication logic.

FairCom's c-tree® Server SDK allows you to create a customized, industrial-strength server designed for your particular needs. Use FairCom's kernel, with over 20 years of proven stability, or override functionality within specific subsystems to implement your own subtleties. Move your application's data I/O functions to the server-side to decrease network traffic and increase performance!

Enhance our server with your own custom server-side functionality

Modify or replace entire server subsystems

Enhance our server with your own custom server-side functionality

Move functionality from the client-side to the server-side to reduce network traffic and increase performance

Modify or replace entire server subsystems

Complete source for the server mainline, key server subsystems, and client-side

Flexible OEM licensing

Visit today to take control of your server!








DBMS Since 1979 • 800.S34.8180 • [email protected]

Other company and product names are registered trademarks or trademarks of their respective owners.

© 2002 FairCom Corporation

Personal Video Recorder Basics

Connect your satellite dish to a PC-based recorder that will time-shift your favorite shows, make archive copies and, with plugins, more.


All our favorite TV shows are recorded digitally and edited digitally. But, we receive them using some analog technology, such as cable, plain air or satellite. Now, that's just wrong. Luckily, an alternative is available that offers better picture quality, Dolby Digital sound and EPG, the electronic program guide. Ladies and gentlemen, please welcome DVB, digital video broadcasting.

DVB works with an MPEG-2 compressed stream and has a theoretical maximum bit rate of 15Mbit/s. Because DVB never is used for video alone, extra audio tracks and other information are added to create a richer user experience. All of this data is stored in small packages. Of course, if some packets don't arrive or are corrupted, they leave artifacts in the picture and possibly in the sound stream. The program, on the other hand, continues as if nothing has happened once correct packages arrive again, so there is no need to worry about bad sync. The signal also is forgiving, because the antennas usually are dimensioned with enough reserve to cope with rain, snow or small animals.

Three different models of DVB are available, DVB-S for satellite, DVB-C for cable and DVB-T for terrestrial reception. All three basically are the same; the differences lie in the tuners. DVB-T is rather new and not yet used widely; the other two, especially the satellite variant, are quite common and popular all over the world.

Building the VDR

Modern set-top boxes available from major manufacturers have some nice features, such as hard disk recording and MP3 playback. Nevertheless, they lack more advanced options, including archival of recordings to SVCD or some MPEG-4 sibling. With the advent of affordable DVD burners and media, backing up your favorite TV shows to DVD is well within reach. In Europe, digital personal video recorders (PVRs) carry a hefty price tag of around 500 EUR, and most come without a hard disk. A full-featured DVB-S card, on the other hand, can be found at on-line retailers for as low as 165 EUR.

But, what good is cheap hardware without good software? The program VDR, video disc recorder, enables you to build a powerful set-top box on your own using your favorite flavor of Linux and a DVB card. The machine I built incorporates basic features, such as watching TV, recording and time-shifting, plus advanced features, including MP3/Ogg playback, playback of all video formats supported by MPlayer and backup of the recorded material to MPEG-4, video CD or DVD. A commercial set-top box hardly stands a chance against this feature list.

Selecting Hardware

To build our box, we need some hardware. Bear in mind that the recordings need a lot of space. A 120GB hard drive typically holds some 60 hours of video, which should be plenty of space. You can get away with less if you back up your movies more often to get them off the drive, but I recommend at least a 20GB drive, which holds about three or four movies.

We also need a processor. If you want to encode the videos, you need a faster one; if not, an old 200MHz machine should do. I wasn't able to find anything slower than a Celeron 1,700MHz, which is more than enough power, even for the encoding process. Playback using MPlayer also requires a fast processor and at least 1GHz, though it's rumored to work with less. I've tested MPlayer on a slower machine, and the image quality does suffer quite a bit. The reason for this is the way MPlayer uses the MPEG-2 decoder on the DVB board. Non-MPEG-1/2 material is converted to MPEG on the fly, which eats up quite a few processor cycles.

This leads us to the most important piece of hardware; the DVB card. You need a full-featured card with a hardware MPEG decoder. These are more expensive, but they have several connections for sound and TV. Cards like the WinTV Nova work best as secondary cards to record several programs at once. If you can, go for the satellite option. It is by far the most flexible solution because you are not dependent on some cable provider. Apart from that you can link up several satellite dishes to watch even more channels. I also discuss the DVB-S variant in this article, but deploying a different solution is not really a different process. I opted for a Hauppauge Nexus-s. It's probably the most expensive card, but it doesn't suffer from the overheating problems older models experienced, plus it has a good tuner and comes with an infrared remote and receiver.

For the base software load, I used Red Hat Linux 9, but any distribution should do. A small installation with GCC and development packages for libjpeg should be enough. X isn't needed because the full-featured DVB cards have video-out capabilities. Don't forget to install all the kernel development packages; we need those to compile the DVB driver.

Installing Drivers

Once the base distribution is up and running, we need a driver for the card. You can get the CVS version at download/vdr/Developer. At the time of this writing, linux-dvb.2003-09-05.tar.bz2 is the latest version. The current drivers sometimes hang when disconnecting the satellite cable or the reception drops to zero. You then have to remove and re-insert the drivers, which does not always work, leaving you with the need to reboot to get it up and running again. These hangs can be especially pesky if you're simply recording something or are in the middle of a movie, but they usually don't happen.

Now go to /usr/src, unpack the driver snapshot and mv it to DVB. Renaming the directory is important because certain patches and plugins rely on directory names. Go to the DVB directory and type make to compile the driver and some useful applications that help you scan the satellites to retrieve a list of channels. make install is not needed because the runvdr script we use later takes care of the module loading. It's important to run the makedev.napi script after compiling the drivers, as this script creates the needed entries in /dev.

Scanning for Channels

If you live outside of Europe or don't use the Astra satellites, you have to use a different channel list. Scanning for channels is an automated process. A tool called scan comes with the DVB driver, and you can find it in the /apps/scan directory. Invoke it with the -o vdr option so the output file is in VDR's channel format. To capture the newly created channel file, you need to redirect the programs standard output with this command:

Installing VDR

Fetch vdr-1.2.5.tar.bz2, unpack it in /usr/src and change to that directory. Installing VDR can be a bit tricky. Because you can use some patches to spice up the features, you quickly can end up in patch hell if you're not careful. The best idea, if you want to use multiple patches, is to get your hands on an all-in-one patch. I used nothing but the Elchi patch, which gives the rather dull default VDR interface a nice face-lift. If you have the right patch for your VDR version, you shouldn't encounter any problems.

The range of additional functions added by plugins goes from simple games to e-mail alerts to full-featured DVD playback. Here, install only two, the remote plugin and the MP3/MPlayer playback plugin. The remote plugin is necessary only when using the original remote from Hauppauge. The MP3/MPlayer plugin, on the other hand, is a must-have.

libsndfile, libmad and libid3tag. Since Red Hat ships without MP3 support, you have to install them manually. Fetch them from, and don't forget to install the development packages. When everything is set, type make REMOTE=plugin NEWSTRUCT=1 all plugins. The REMOTE=plugin parameter adds another input method using the remote plugin. You can use Lirc to select whatever remote you happen to find; VCR ones do rather well. Simply add REMOTE=lirc in that case. Keyboard support is enabled by default and shouldn't be disabled, as it can be very helpful for debugging. The NEWSTRUCT=1 is needed to tell the plugins to search for the new drivers in /usr/src/DVB.

Having compiled everything, we now need to edit the startup script a bit. As a basis, use the one supplied with the remote plugin. You can find it in the misc directory, named runvdr.remote. This script loads a keymap so the signals from the remote are decoded. This is used only with Hauppauge's IR receiver. If you don't have one, use the runvdr script in VDR's root as a starting point. Move the runvdr.remote script to VDR's root and fire up your favorite editor. On line 24 you should find the parameters by which vdr is started. Mine looks like this:

-P\"mplayer -M /video/plugins/\" \

-P\"remote -i /dev/input/event1\" $*"

Figure 1. VDR Main Menu with the Elchi Patch Applied

Change to /usr/src/vdr-1.2.5/PLUGINS/ src and unpack the two packages. VDR's Makefile won't build the plugins until you strip the version information from the directory names, so rename them to remote and MP3. The MP3 plugin has some additional requirements, namely

Wireless ■ CeNular Modem

Connectivity a 802.1 1 b WlFl

TS-5600 586 Single Board Computer

» PC compatible: BIOS, DOS, RTC, I/O & memory map

■ User programmable PLD for digital I/O a Low power +5v @ 900mA » 4.3" x 5.6"

a TS-Linux 3.0 is open source GNU/Linux - Glibc 2.2.5




133 MHz x86 PCMCIA slot 10/100 Ethernet PC/104 Bus h Compact Flash n 32-64 MB SDRAM

6 ch 12-bit A/D 2 ch 12-bit DAC 23 Digital I/O 2 Serial Ports





Was this article helpful?

0 0

Post a comment