The documentation on that link says dc=cgprouter is virtual, which means it literally wont exist in ldap (wont be found), maybe its an error in the way the mapping is configured, it only rewrites children of that virtual domain to the matching ldap.. so maybe you need to ask the developers of the ldap mapping product ?
have you tried try omitting the base and simply searching base "" on the virtual ldap ? or adding a mapping option that allows a search at that virtual base to apparently succeed, so it does not throw a not found on that base when there is nothing matched ? > On 4 Apr 2017, at 8:35 pm, Paolo Barbato <paolo.barb...@igi.cnr.it> wrote: > > I use CommuniGate as mailer and they allow a “virtual" ldap tree (very useful > in my specific situation) that use dc=cgprouter as base search. > > http://www.communigate.com/CommuniGatePro/LDAP.html#RouterDN > > Trouble arise since ldap search returns "No object found” error that broke > postfix when the user doesn/t exist. > > If I search on another provisioned ldap search base (that unfortunately > doesn’t include all objects I’m looking for) no problem arise. > > [root@mail2 openldap]# ldapsearch -v -LLL -hmail1.igi.cnr.it > -b"cn=igi.cnr.it,o=Consorzio RFX" -x uid=barbat > ldap_initialize( ldap://mail1.igi.cnr.it ) > filter: uid=barbat > requesting: All userApplication attributes > > [root@mail2 openldap]# ldapsearch -v -LLL -hmail1.igi.cnr.it -b"dc=cgprouter" > -x uid=barbat > ldap_initialize( ldap://mail1.igi.cnr.it ) > filter: uid=barbat > requesting: All userApplication attributes > No such object (32) > Additional information: unknown user account > > > The latter broke postfix . > > I’ve notified them about this, but I guess if can workaround it in postfix…. > it seems not. > > Regards, > Paolo. > >>> On 4 Apr 2017, at 12:22, Michael Ströder <mich...@stroeder.com> wrote: >>> >>> Paolo Barbato wrote: >>> postmap: warning: dict_ldap_lookup: >>> /opt/trend/imss/OpenLDAP/etc/openldap/myBad.cf: >>> Search base 'dc=cgprouter' not found: 32: No such object >> >> As Brett already said: Most likely this configuration line is wrong: >> >> ldaprfx_search_base = dc=cgprouter >> >> Make sure to put the right search base served by your LDAP server there >> (full DN of >> database root entry). >> >> Ciao, Michael. >> > > ------------------------------------------------------------------------------------------------ > Paolo Barbato > > Consorzio RFX > corso Stati Uniti,4 > 35127 Padova - Italy > Network Administrator > phone: +39 049 8295097 fax: +39 049 8700718 > ------------------------------------------------------------------------------------------------ >
