From: Viktor Dukhovni <postfix-us...@dukhovni.org> To: Postfix users <postfix-users@postfix.org> Date: 04/01/2016 07:44 PM Subject: Re: Postfix forwarder/relay server with LDAP Sent by: owner-postfix-us...@postfix.org
> On Apr 1, 2016, at 10:06 AM, tbucha...@vinu.edu wrote: > > My successful ldapsearch command is this: ldapsearch -x -H > ldap://ldapserver.example.com:389/ -b > "ou=People,o=oldserver.example.com,o=example.com" -D "uid=admin, > ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" -w "bindpw" > "(pdsLoginId=user)" mailForwardingAddress Postfix rewriting for virtual users maps input email addresses to forwarding email addresses, not user accounts to forwarding addresses. > I have these lines in my main.cf: > alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-virtual-aliases.cf > virtual_alias_maps = ldap:/etc/postfix/ldap-virtual-aliases.cf The same table is unlikely to be useful as both an aliases(5) table and a virtual(5) alias table. If at all possible there needs to be a field in the LDAP schema that contains the full user@domain addresses that you want to forward, and NOT the just the localpart of the address. > The content of /etc/postfix/ldap-virtual-aliases.cf is: > server_host = ldapserver.example.com:389 > search_base = ou=People,o=oldserver.example.com,o=example.com > bind = yes > bind_dn = uid=admin, ou=Administrators, ou=Management, o=VendorRoot > bind_pw = bindpw > query_filter = pdsLoginId=%u > result_attribute = mailForwardingAddress This map definition is rather bad, because it would rewrite addresses in remote domains. At the very least you'd have to set the "domain" property to constrain the domains for which you're ignoring the domain part and querying by user address. > I am using the query filter with the %u to only use the user part of the > original email address. I would like to forward/relay the mail to the > mailForwardingAddress attribute from the LDAP info. You're not thinking through all the consequences. Just ignoring the domain part is not correct. -- Viktor. Hi Viktor, thank you for taking time to consider my situation and make recommendations. I neglected to reveal the vitals of the server. I am running CentOS 6.7 and postfix-2.6.6-6.el6_7.1.x86_64. Mail for this server has already passed through an incoming filter so the only domain is the (sanitized) "example.com" so I was assuming I could get by only looking at the user. I tried searching against the full email address but on both an ldapsearch and the postfix ldap look-up, it hangs for 20-30 seconds or more and then fails. My current set up does work for many addresses but when there is user, user1, user2, etc (name "user" with a number appended to provide a unique account), it only returns user and the mailForwardingAddress. I thought perhaps there was a way to force it to look at the full user name including the appended number as the ldapsearch does successfully. I will remove the duplicate alias-map and see if there is any change. I will also set the domain property to "example.com" and try again.
