On Fri, Mar 14, 2014 at 08:33:27AM -0400, Roman Gelfand wrote: > Below, is my postfix alias configuration. > > virtual_alias_maps = ldap:/etc/postfix/ldap-groups.cf > ldap:/etc/postfix/ldap-aliases.cf > ldap:/etc/postfix/ldap-mail.cf > ldap:/etc/postfix/ldap-nonmail.cf > ldap:/etc/postfix/ldap-nonmail2.cf > hash:/etc/postfix/catchall
Often, it is possible to employ a single LDAP query for both groups and users. Virtual expansion is recursive. Therefore, you need identity mappings in LDAP for objects that are not aliases to avoid having these recurse into the catchall. > Here is the contents of /etc/postfix/ldap-nonmail.cf > > server_host = ldap://192.168.0.22 > search_base = OU=My Users,DC=mydomain,DC=local > version = 3 > query_filter = (&(objectclass=person)(proxyAddresses=%s)) That should generally be "proxyAddresses = smtp:%s". The syntax of this attribute in Active Directory is a "address-type:address-value". (Though perhaps you've populated it with "unconventional" data). > leaf_result_attribute = mail > result_attribute = mail When you specify leaf_result_attribute, don't specify the same attribute again in result_attribute. -- Viktor.
