diff options
Diffstat (limited to 'doc/ex-meta1.texi')
-rw-r--r-- | doc/ex-meta1.texi | 145 |
1 files changed, 51 insertions, 94 deletions
diff --git a/doc/ex-meta1.texi b/doc/ex-meta1.texi index e558008..d74b49c 100644 --- a/doc/ex-meta1.texi +++ b/doc/ex-meta1.texi @@ -3,13 +3,36 @@ @c See file smap.texi for copying conditions. @c ******************************************************************* @cindex MeTA1 - In this appendix we will show how to use the @samp{mailutils} -module (@pxref{mailutils,mailutils module}) to configure local user + In this appendix we will show how to use the @samp{mysql} +module (@pxref{mysql,mysql module}) to configure local user and alias maps for @acronym{MeTA1}. For this purpose, we will assume that the actual data is stored in two tables in a @acronym{MySQL} database. The two maps will be served by two separate databases, each of which uses a separate configuration file. + To reduce the number of connections to the @acronym{MySQL} server, +the @acronym{MySQL} database will be opened at the module level and +shared between the two smap databases. Thus, the module +initialization in @file{smapd.conf} looks like: + +@example +module mysql mysql open config-group=smap +@end example + +The @samp{open} parameter instructs the module to open the requested +databases. The @samp{config-group} parameter refers to a group +name in the default @file{/etc/my.cnf} file that contains information +about the @acronym{MySQL} database and credentials for accessing it. +The following is a sample snippet from @file{/etc/my.cnf}: + +@example +[smap] +database = Mail +user = smap +password = guessme +socket = /tmp/mysql.sock +@end example + @menu * userdb-meta1:: Configure local_user_map. * aliases-meta1:: Configure aliases. @@ -33,43 +56,25 @@ CREATE TABLE userdb ( @end group @end example -Module configuration file @file{/etc/mailutils.d/meta1-userdb} -begins with the following stanza: +The smap database is defined as follows: @example @group -auth @{ - authentication clear; - authentication sql; - authorization clear; - authorization sql; -@} +database userdb mysql \ + defaultdb + query="SELECT user FROM userdb WHERE user='$key'" + positive-reply=OK @end group @end example -This clears any previous settings that the authorization engine might -have read from the main configuration file, and requests that only -@samp{sql} method be used for both authentication and authorization. - -Now, we need to supply a @samp{sql} statement. Mailutils requires -that the @code{getpwnam} query return at least six fields, whereas the -@samp{userdb} table contains only two columns. So we will need to supply -defaults for the remaining four: - -@example -sql @{ - interface mysql; - host sql.host.name - user smap; - passwd guessme; - db mail; - getpwnam "SELECT user as name, 'x' as passwd,10000 as uid, 10000 as gid, " - "'/nonexistent' as dir, '/sbin/nologin' as shell " - "FROM userdb WHERE user='$@{user@}'"; -@}; -@end example - - That's all we need to have in @file{/etc/mailutils.d/meta1-userdb}. +The @samp{defaultdb} parameter tells it to use the default SQL +database opened in the module initialization instruction. The +@samp{query} parameter supplies the SQL query to run (the +@samp{$@{key@}} variable will be expanded to the value of the actual +lookup key, prior to executing the query). Finally, +@samp{positive-reply} defines the reply to give if the query returns +some tuples. The database only verifies whether the user is present +or not, so no additional result is supplied in the reply. @node aliases-meta1 @appendixsec Configure aliases @@ -87,74 +92,26 @@ CREATE TABLE userdb ( @end group @end example -It will be served by @samp{alias} database, which will read -the configuration for Mailutils from the file -@file{/etc/mailutils.d/meta1-alias}. This file is similar to -@file{meta1-userdb}, but uses a different query in its @samp{sql} -section: +It will be served by @samp{alias} database, defined as follows: @example -auth @{ - authentication clear; - authentication sql; - authorization clear; - authorization sql; -@} - -sql @{ - interface mysql; - host sql.host.name - user smap; - passwd guessme; - db mail; - getpwnam "SELECT alias as name, 'x' as passwd,1 as uid, 1 as gid, " - "'/nonexistent' as dir, '/sbin/nologin' as shell " - "FROM aliases WHERE name='$@{user@}'"; -@} -@end example - -@node smapd-meta1 -@appendixsec Smapd configuration - - Let's now configure @file{smapd.conf}. Suppose it will run a single -server, which we will call @samp{local}. The server will listen on a -UNIX socket @file{/var/spool/meta1/smap/userdb}. It is important that -@samp{meta1} be able to read from and write to that socket, so we will make -it owned by user @samp{meta1m}: - -@example -server local unix:///var/spool/meta1/smap/userdb begin - user meta1m -end -@end example - - Next task is to configure the databases. The @samp{userdb} database is -pretty simple: - -@example -database userdb mailutils mode=auth \ - config-file=/etc/mailutils.d/meta1-userdb +@group +database alias mysql \ + defaultdb \ + query="SELECT alias FROM aliases WHERE user='$key'" \ + positive-reply="OK $alias" +@end group @end example - It will return @samp{OK} if the user is found in the database and -@samp{NOTFOUND} otherwise, which is exactly what the @acronym{MTA} needs. +It differs from the @samp{userdb} database only in that it returns +a @dfn{result section} with its positive reply. - The @samp{aliasdb} database is a bit different. In case of a -positive reply, it must return the expanded alias value, so we need to -supply a new @samp{positive-reply} template: -@example -database aliasdb mailutils mode=auth \ - config-file=/usr/local/etc/mailutils.d/meta1-alias \ - positive-reply="OK $@{name@}" -@end example - - The @samp{$@{name@}} will be replaced with the value of the first -column in the tuple returned by the @acronym{SQL} database -(@pxref{aliases-meta1, getpwnam}). +@node smapd-meta1 +@appendixsec Dispatch Rules - To dispatch queries to these databases, the following rules will -suffice: + The following rules dispatch queries based on their map names to +the two databases: @example dispatch map alias database aliasdb |