On Tue, Apr 04, 2017 at 04:02:34PM +0000, Viktor Dukhovni wrote:
> > Here what ldapsearch returns:
> >
> > ldapsearch -v -LLL -hxxxx -b"dc=cgprouter" -x -s one 'mail=notexist@xx'
> > ldap_initialize( ldap://xxx)
> > filter: mail=notexist@xxx
> > requesting: All userApplication attributes
> > No such object (32)
>
> The "No such object" error is undesirable, instead, this should
> quietly return no result.
>
> Postfix ignores "no such object" only when the search base is
> constructed dynamically via "%[sud]" expansions.
>
> What do the DNs of valid users look like? There's a slim chance
> that you can interpolate part of the recipient address into the
> search base, and thereby avoid the error.
Turns out you're in luck:
https://www.communigate.com/communigatepro/LDAP.html#RouterDN
It seems you can use 'record retrieval':
search_base = mail=%s,dc=cgprouter
scope = base
query_filter = mail=%s
result_attribute = mail
Earlier comments still apply. It is not clear why you'd want to
delegate access decisions from Postfix to a Communigate system,
but if that's what you want, so be it...
--
Viktor.
