Hi,
I'm attempting to migrate from sendmail to Postfix + LDAP, so bare with me, I'm
an sendmail user :)
I've migrated the live user database into LDAP, and added my own e-mail
addresses to my LDAP entry :
dn: uid=igmar,ou=employee,dc=jdi,dc=nl
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: ldapPublicKey
objectClass: mailRecipient
cn: Igmar Palsenberg
gecos: Igmar Palsenberg
gidNumber: 0
homeDirectory: /home/igmar
loginShell: /bin/bash
mail: i.palsenb...@jdi.nl
mail: ig...@jdi.nl
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAstIe6PPMV4JfBg0W7RJy3eEkJQ5x
wkvXctJrnS2K1GL8lnuq0OogFDzoKBI7Rw5NUYKI2p6MKm3Z8q2b+1PLx5K10W00qLr/XiIWqZGPt
1lw9QPo1ePM3AjmKIjzoITm2rVXCvmXg5FPWzMVL8XJHdtq3PSlhjDzvhOYeJPkU6jUal8jmU7Ger
mquS5ZZR0EUyZQZye1N7bkKErt5lKw8fPljsBFRNMZZgulcoW8WxdDXHMymZIhpfbAia3eY5qT2mY
GCTrYlTXgdVTj9Nn4UAoe+Kyi7i99v21oPkQFpKMSXaNzsVl6Qra3QnwqkZDHEiL3PvSyQ+JCHEzE
FGQF2Q== igmar@igmar-palsenbergs-macbook-pro.local
uid: igmar
uidNumber: 500
The binding user can access most objects, except the shadow entries. Those
shouldn't be needed this mapping.
postmap seems to be OK with this :
[root@mail1 postfix]# postmap -q ig...@jdi.nl ldap:/etc/postfix/ldap-virtual.cf
igmar
The user is also known to NSS :
[root@mail1 postfix]# id igmar
uid=500(igmar) gid=0(root)
groups=930(ecartis),5025(employee),5119(hostadm),0(root)
so far so good. Postfix however, doesn't seem to like this setup : It keeps
bouncing them with a relaying denied. It doesn't seem to agree that this user
is local, and the machine that I'm testing from
isn't in the mynetworks part of the postfix config.
tcpdumping on port 389 confirm my suspecion : It doesn't even attempt to lookup
the user. The things that I do see, seems to be originating from the NSS system.
I'm a bit lost now here. My main.cf :
[root@mail1 postfix]# cat main.cf | grep -v '^#' | grep -v '^[[:space:]]*$'
soft_bounce = no
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
mydomain = jdi.nl
myorigin = $mydomain
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost
unknown_local_recipient_reject_code = 550
mynetworks_style = host
in_flow_delay = 1s
alias_maps = ldap:/etc/postfix/ldap-aliases.cf
virtual_alias_maps = ldap:/etc/postfix/ldap-virtual.cf
virtual_alias_domains = $virtual_alias_maps
local_recipient_maps = $alias_maps, ldap:/etc/postfix/ldap-virtual.cf
alias_database = hash:/etc/aliases
recipient_delimiter = +
home_mailbox = Maildir/
smtpd_banner = $myhostname ESMTP $mail_name
debug_peer_level = 10
debug_peer_list = 94.124.141.5
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.6.6/samples
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
/etc/postfix/ldap-virtual.cf
server_host = <snip>
search_base = dc=jdi,dc=nl
bind = yes
bind_dn = <snip>
bind_pw = <snip>
version = 3
query_filter = (mail=%s)
result_attribute = uid
loglevel = 1000
/etc/postfix/ldap-aliases.cf
server_host = <snip>
search_base = dc=jdi,dc=nl
bind = yes
bind_dn = <snip>
bind_pw = <snip>
version = 3
scope = sub
query_filter = (mailRoutingAddress=%s)
result_attribute = memberUid
loglevel = 1000
Anyone with a suggestion on how to start debugging this ?
Regards,
Igmar
