On Wed, May 06, 2009 at 11:54:42AM +0200, postfix wrote:
> Hi,
>
> I am using Postfix 2.5.5.
>
> I would like to test recipients against a ldap query.
> I have 2 mailAlternateAddress attributes for the ldap entry wich mail
> attribute is post...@spam3.gm.transpac.fr:
> # postmap -q post...@spam3.gm.transpac.fr
> ldap:/etc/postfix/ldapUserAccessTest.cf
> OK,OK
When LDAP is used as an access(5) table, use a single-valued result
attribute and a query that always matches at most one LDAP entry.
> #cat ldapUserAccessTest.cf
> server_host = 10.1.1.64
> server_port = 389
> search_base = o=spam3.gm.transpac.fr, o=antipam, o=cd3
> bind_dn = cn=root DN
> bind_pw = xxxxxxx
> version = 3
> query_filter =
> (&(|(mail=%s)(mailAlternateAddress=%s))(mailUserStatus=active))
> result_attribute = mailAlternateAddress
> bind = yes
> result_filter = OK
> expansion_limit = 0
Don't set the limit to 0, that means "unlimited". Do use a single-valued
result attribute. Undoubtedly there is at least one single-valued
attribute in the LDAP schema of the class in question.
> Any idea knowing that the condition is to keep "result_attribute =
> mailAlternateAddress" (so not use any other result attribut as for
> example "result_attribute = mail" - which I know works) ?
Why impose non-sensical restrictions? If the attribute value is not
actually used (replaced with the fixed string "OK"), what would motivate
you to ask for a particularly non-useful attribute?
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
