On Thu, May 07, 2009 at 05:30:37PM +0200, postfix wrote:
> Hi Victor,
>
> ok, I know my question is a bit confusing. That's because I tried to
> "simplify" the case I face with a generic example. It seems
> simplification leads to more confusion ... sorry !
> Here below the real case:
>
> in main.cf:
> check_recipient_access
> ldap:/etc/postfix/ldapUserAccess_mgrprfc822mailmember.cf
>
> $cat ldapUserAccess_mgrprfc822mailmember.cf
> server_host = ldap://fe-ldap1-data:389
> search_base = ou=fe1,o=fe
> bind_dn = cn=root DN
> bind_pw = xxxxxx
> version = 3
> query_filter =
> (&(mgrprfc822mailmember=%s)(|(objectclass=mailrecipient)(objectclass=inetlocalmailrecipient)(objectclass=mailgroup)(objectclass=inetmailgroup)))
> domain = hash:/etc/postfix/relay_domains
> result_attribute = mail
> bind = yes
> result_filter = OK
> expansion_limit = 1
This is an access(5) table, not a rewriting table. Why are you writing
a query that matches multiple "entries" for a subset of valid lookup
keys. DON'T DO THAT.
The query filter looks rather bogus, it insists on finding the address
as a member of a group, rather than as the address of a group or the
address of a user.
> That's my problem.
> Is it possible to only have one OK as a result ?
Yes, by writing a sensible query and choosing a sensible result attribute.
Forget LDAP for a moment, describe the intended semantics of this table,
in high-level terms:
- Return OK when an input address X has useful property Y
What is "useful property Y"? I am skeptical that "mgrprfc822mailmember=%s"
is a useful property of an *input* address.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[email protected]?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
