Re: Postfix and LDAP lookups

[lst_hoe02]

Zitat von Igmar Palsenberg <post...@palsenberg.com>:

Hi,





dn: uid=igmar,ou=employee,dc=jdi,dc=nl
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: ldapPublicKey
objectClass: mailRecipient
cn: Igmar Palsenberg
gecos: Igmar Palsenberg
gidNumber: 0
homeDirectory: /home/igmar
loginShell: /bin/bash
mail: i.palsenb...@jdi.nl
mail: ig...@jdi.nl

wkvXctJrnS2K1GL8lnuq0OogFDzoKBI7Rw5NUYKI2p6MKm3Z8q2b+1PLx5K10W00qLr/XiIWqZGPt
1lw9QPo1ePM3AjmKIjzoITm2rVXCvmXg5FPWzMVL8XJHdtq3PSlhjDzvhOYeJPkU6jUal8jmU7Ger
mquS5ZZR0EUyZQZye1N7bkKErt5lKw8fPljsBFRNMZZgulcoW8WxdDXHMymZIhpfbAia3eY5qT2mY
GCTrYlTXgdVTj9Nn4UAoe+Kyi7i99v21oPkQFpKMSXaNzsVl6Qra3QnwqkZDHEiL3PvSyQ+JCHEzE
FGQF2Q== igmar@igmar-palsenbergs-macbook-pro.local
uid: igmar
uidNumber: 500



postmap seems to be OK with this :


igmar

The user is also known to NSS :

[root@mail1 postfix]# id igmar



isn't in the mynetworks part of the postfix config.


I'm a bit lost now here. My main.cf :

[root@mail1 postfix]# cat main.cf | grep -v '^#' | grep -v '^[[:space:]]*$'
soft_bounce = no
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
mydomain = jdi.nl
myorigin = $mydomain
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost
unknown_local_recipient_reject_code = 550
mynetworks_style = host
in_flow_delay = 1s
alias_maps = ldap:/etc/postfix/ldap-aliases.cf
virtual_alias_maps = ldap:/etc/postfix/ldap-virtual.cf
virtual_alias_domains = $virtual_alias_maps

I'm attempting to migrate from sendmail to Postfix + LDAP, so bare with me, I'm an sendmail user :) I've migrated the live user database into LDAP, and added my own e-mail addresses to my LDAP entry : sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAstIe6PPMV4JfBg0W7RJy3eEkJQ5x The binding user can access most objects, except the shadow entries. Those shouldn't be needed this mapping. [root@mail1 postfix]# postmap -q ig...@jdi.nl ldap:/etc/postfix/ldap-virtual.cf uid=500(igmar) gid=0(root) groups=930(ecartis),5025(employee),5119(hostadm),0(root) so far so good. Postfix however, doesn't seem to like this setup : It keeps bouncing them with a relaying denied. It doesn't seem to agree that this user is local, and the machine that I'm testing from tcpdumping on port 389 confirm my suspecion : It doesn't even attempt to lookup the user. The things that I do see, seems to be originating from the NSS system.

Looks like you are using virtual alias domains (http://www.postfix.org/ADDRESS_CLASS_README.html). You should check if the intended domain (jdi.nl) is found with querying virtual_alias_domains with something "like postmap -q jdi.nl ldap:/etc/postfix/ldap-virtual.cf".

Regards

Andreas

smime.p7s
Description: S/MIME Cryptographic Signature