On Wed, Jun 10, 2009 at 10:10:17AM +1200, Kevin Sartorelli wrote:
> I have Postfix 2.5.6 on a server and having a problem with using an
> LDAP lookup as a transport map. In my main.cf file I have:
"postconf -n" output generally preferred on this list.
> transport_maps = ldap:/etc/postfix/ldap-groupwise1.conf
While my avoid transport(5) lookups over LDAP, so far so good, "proxy:"
is not helpful in the context of transport(5) lookups.
> version = 3
> domain = irdtest.govt.nz
This limits the lookup keys to just u...@domain forms in the specified
domain, are you sure that's what you want???
> query_filter = (mail=%s)
> scope = sub
> timeout = 5
> search_base = o=IRDtest
> server_host = 10.40.40.60
> server_port = 389
> result_attribute = mail
Why would a user's email address ("mail" result attribute) be a useful
transport(5) table result?
> size_limit = 1
> result_format = relay:10.40.40.61
You are missing "[", "]" around the literal IP address.
The result format is independent of the lookup key, what is the point
of this?
> This works great if an email address exists for only one user in the
> LDAP directory:
>
> $ postmap -q kevin.sartore...@ird.govt.nz \
> ldap:/etc/postfix/ldap-groupwise1.conf
> relay:10.40.40.61
Yes, but it should be:
relay:[10.40.40.61]
and really should come from the directory. Why not route the whole domain
this really via a simple indexed file transport table?
ird.govt.nz relay:[10.40.40.61]
LDAP does not add any value here, unless users not in the directory have
a different route...
> However, when there is more than one account with the same email address
> I get:
Why on earth are there multiple accounts with the same primary mail address?
Or is the "mail" attribute of the user in question multi-valued? (Also
not a good idea).
> $ postmap -q kevin.sartore...@ird.govt.nz \
> ldap:/etc/postfix/ldap-groupwise1.conf
> postmap: warning: dict_ldap_lookup: Search error 4: Size limit exceeded
>
> Leaving out the 'size_limit' parameter from the file gives me:
>
> $ postmap -q kevin.sartore...@ird.govt.nz \
> ldap:/etc/postfix/ldap-groupwise1.conf
> relay:10.40.40.61,relay:10.40.40.61
>
> Which doesn't work too well ;-(
Naturally.
> My reading of the ldap_table man page indicates that this will happen
> for the 'expansion_limit' parameter, but not the 'size_limit' parameter.
A limit is a limit.
> Anyone have an idea how I can get my LDAP lookup to return only one
> record regardless of the number of accounts with the same email address?
If you want a single result, use a query that always returns exactly
one value, meaning, exactly one matching "entry" with a *single-valued*
result attribute.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
