Currently, you either need to use a general LDAP browser, like gq [See Section 6.1], or the command-line LDAP tools to administer tasks like adding, modifying, or deleting users and aliases. Using gq to manipulate the data in LDAP is actually quite functional and what we use most of the time. In a few situations, such as adding the first user in a new domain, you'll have to go back to the command line tools and LDIF files.
While both of those tool sets get the job done, they aren't always easy to use and it makes it more difficult to hand off mail domain administration to a less skilled person. The other problem is that both of these tools are only available on Unix.
What would be better in the long run is an interface similar to QmailAdmin[20]. QmailAdmin depends on vpopmail[21] which says it will work with LDAP. However, the schema that vpopmail requires wasn't robust enough for us, especially once Courier-IMAP is in the picture.
To fill the gap in administration tools for this particular setup, we've started JAMM. JAMM will be a web-based administration tool that comes with schemas that are more suited to the tasks we'd like to accomplish with mail. It will be written in JAVA/JSP and only manipulate data in LDAP. JAMM is hosted on SourceForge and more information can be found at the JAMM web page[4].
When you create an account or an alias inside the LDAP database it will instantly become active as far as the mail system is concerned. For virtual accounts, it should be noted that the Unix directory in ~vmail is not created at this time. However, we can work around this because Postfix's virtual delivery agent will create the necessary directories the first time it has to deliver mail. Due to this fact, we recommend sending a welcome e-mail as soon as you create the account.
When you delete an account or an alias in the LDAP database, it will instantly become inactive. For virtual accounts, it should be noted that the Unix file system isn't cleaned up, i.e. the data remains on disk until a sysadmin can remove it. This will allow you to keep the data from dead accounts around for a grace period in case the account was deleted in error. However, if another account is created with the same name with the same mail path, the data will be available to the new user. This could be considered a privacy violation for the previous user.