On Fri, Jul 22, 2011 at 03:35:41PM -0400, Zhou, Yan wrote:
> I am seeing my Postfix 2.3.3 having following error.
This is 5+ years out of date.
> It may appears to
> be problem connecting to LDAP (which uses TLS extension),
LDAP over TLS is best attempted with a modern software stack.
> but I tried
> running postmap and the output shows that it is successfully lookup
> domain from LDAP. There are other Postfix servers successfully
> connecting to LDAP using TLS extension, too.
Your trivial-rewrite service may set for chroot in master.cf. This
likely impedes LDAP functionality.
> Jul 22 19:25:21 sdirpop001 postfix/trivial-rewrite[19891]: error:
> dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Perhaps the LDAP library can't resolve the server hostname from
the chroot jail.
> acceptdomains_server_host = ldap://<hostname>:389
The <hostname> may not resolve from the chroot jail. Look
at master.cf. The default master.cf file in the Postfix
source distribution has chroot disabled. Vendors who
repackage Postfix and turn chroot on, need to provide
users with appropriate support and documentation.
--
Viktor.
