Issues with the depreciated config aside I figured out what the issue was. Burried deep inside the ldap_table(5) man page was my answer: for whatever reason postfix defaults to LDAPv2 instead of LDAPv3. The configuration examples with the newer versions of OpenLDAP try to gently discourage use of LDAPv2, IE the bind was not succeeding. I did some quick debugging with slapd to verify and added version=3 to my main.cf config bits and it worked like a charm.
Thanks for the help though. -Daniel On Mon, Aug 24, 2009 at 10:00:49AM -0400, Brian Evans - Postfix List wrote: > Daniel Corbe wrote: > > Hi, > > > > I'm seeing the following errors in my syslog being generated by > > trivial-rewrite after a MAIL FROM: command hits my MTA. I've been trying > > to enable LDAP lookups for my mail system without much success. The error > > messages aren't very helpful (even with verbose logging turned on for the > > trivial-rewrite process). > > > > I've run my query filter through ldapsearch and it returns data. Further, > > I'm currently binding my rootdn so there should be no access restrictions > > on the LDAP side. I'm not sure where to go from here. > > > > Error: > > > > Aug 23 15:48:41 apollo postfix/trivial-rewrite[35555]: fatal: > > ldap:acceptdomains(0,lock|fold_fix): table lookup problem > > > > Relevant LDAP bits from main.cf: > > > > mydestination = $myhostname, localhost.$mydomain, localhost.localdomain, > > ldap:acceptdomains > > acceptdomains_server_host = localhost > > acceptdomains_server_port = 389 > > acceptdomains_bind = yes > > acceptdomains_bind_dn = cn=Manager,dc=corbe,dc=net > > acceptdomains_bind_pw = xx55ZZ > > acceptdomains_search_base = dc=corbe,dc=net > > acceptdomains_query_filter = (associatedDomain=*) > > acceptdomains_result_attribute = associatedDomain > > > You are using the depreciated form of an LDAP lookup. (Pre Postfix-2.1) > > I would first suggest moving the lookup to it's own file. > Then, "postmap -q" works properly to search and may give a different error. > > Please see the following for more info. > http://www.postfix.org/LDAP_README.html > http://www.postfix.org/ldap_table.5.html >
