Confident because I was part of their setup. ; )
* Use queries that are implemented efficiently on the AD side.
Done
* Use LDAP servers that are not already struggling with processing
other queries.
This is a load balanced pool of (hardware load balanced, not round
robin DNS)
* As appropriate specify the "domain" attribute in the LDAP table
definitions to avoid looking for data for domains that you don't
use in LDAP.
Done
* Post your Postfix LDAP table definition (sans passwords).
# Directory settings
domain = first.com, second.com, third.com, fourth.com, fifth.com, sixth.com
server_host = pool.internal.domain.com
search_base = dc=internal, dc=domain, dc=com
version = 3
# User Binding
bind = yes
bind_dn = CN=serviceaccount,OU=northamerica,DC=internal,DC=domain,DC=com
bind_pw = randompassword
# Filter
query_filter = (&(objectclass=person)(proxyAddresses=smtp:%s))
leaf_result_attribute = proxyAddresses
Thanks for the assistance
Rich
-----Original Message-----
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org]
On Behalf Of Viktor Dukhovni
Sent: Friday, February 10, 2017 12:49 PM
To: postfix-users@postfix.org
Subject: Re: dict_ldap_lookup questions
On Fri, Feb 10, 2017 at 05:37:36PM +0000, Gomes, Rich wrote:
> It's going against MS AD, I am sure indexing is configured correctly there.
That rather depends on what query you're sending, and how AD is configured.
Your confidence does not inspire confidence. :-(
> What can I do on my postfix server to alleviate this issue?
* Use queries that are implemented efficiently on the AD side.
* Use LDAP servers that are not already struggling with processing
other queries.
* As appropriate specify the "domain" attribute in the LDAP table
definitions to avoid looking for data for domains that you don't
use in LDAP.
* Post your Postfix LDAP table definition (sans passwords).
--
Viktor.
