On Wed, Jan 30, 2013 at 1:29 PM, Viktor Dukhovni <postfix-us...@dukhovni.org
> wrote:
> On Wed, Jan 30, 2013 at 11:34:13AM -0300, Peter von Nostrand wrote:
>
> > query_filter = (&(objectclass=Person)(|(mail=%s)(proxyAddresses=%s)))
>
> This query is perhaps wrong, the "proxyAddresses" field in AD usually
> contains address forms with <protocol>: prefixes, thus for SMTP addresses
> the content is usually "smtp:localpart@domain" not "localpart@domain".
>
>
I don't have AD integrated with an Exchange so there is a field for
proxyaddress without the use of the prefixes SMTP and smtp.
> You should also set the "domain = " attribute in the map definition so
> that lookups are always for full addresses and don't waste cycles with
> addresses in domains that never have entries in AD.
>
>
> > result_attribute = sAMAccountName
> > result_format = %u/Maildir/
>
> The sAMAccountName attribut is username not email address valued, so
> there is no need to use %u here, use "%s".
>
> > scope= sub
> > bind = yes
> > bind_dn = intranet\ldap
> > bind_pw = somepassword
> >
> > And the result:
> >
> > #postmap -q diego@real.domain ldap:/etc/postfix/ldap-users.cf
> > diego.maradona/Maildir/
> >
> > But when I try to deliver a mail to diego@real.domain, Dovecot tries to
> > deliver it to the mail address and not the username. Returning with a
> "user
> > unknown" message. It works OK if I edit a file with virtual aliases,
> > mapping addresses to usernames, but I need to have all integrated on the
> AD.
>
> Since you're using Dovecot, the virtual_mailbox_maps table is only
> used for recipient validation, not for delivery, since that's done
> by Dovecot. Since you want to rewrite the envelope (Dovecot user
> address), you should use virtual_alias_maps instead, just change the
> result to:
>
> result_attribute = sAMAccountName
> result_format = %s@dovecot.invalid
>
> with this the virtual_mailbox_domain is now a virtual_alias_domain,
> since all valid addresses are rewritten to
> <samaccountname>@dovecot.invalid.
> Use the resulting table in virtual_alias_maps, leaving virtual_mailbox_maps
> empty, since you're not using virtual(8) to do the deliveries and no longer
> using virtual_mailbox_domains.
>
> Then map the "dovecot.invalid" domain to the dovecot transport in
> transport_maps.
>
> transport:
> dovecot.invalid dovecot
>
> > master relevant line:
> >
> > dovecot unix - n n - - pipe
> > flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f
> > ${sender} -d ${recipient}
>
> This will pass the user's rewritten email address to dovecot with
> an @dovecot.invalid suffix. See pipe(8) for instructions on passing
> just the localpart.
>
> --
> Viktor.
>
OK, it worked. Changed {recipient} for {user}. And thx Wietse for his
sarcasm.
I've tried that change before but using virtual_mailbox_maps instead of
virtual_alias_maps.
Thank you very much, Viktor.
--
Peter
