Re: Postfix and LDAP lookups

From: <lst_hoe02_at_nospam>
Date: Tue Apr 10 2012 - 12:14:04 GMT
To: postfix-users@postfix.org

Zitat von Igmar Palsenberg <postfix@palsenberg.com>:

> Hi,
>
> I'm attempting to migrate from sendmail to Postfix + LDAP, so bare
> with me, I'm an sendmail user :)
>
> I've migrated the live user database into LDAP, and added my own
> e-mail addresses to my LDAP entry :
>
> dn: uid=igmar,ou=employee,dc=jdi,dc=nl
> objectClass: account
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> objectClass: ldapPublicKey
> objectClass: mailRecipient
> cn: Igmar Palsenberg
> gecos: Igmar Palsenberg
> gidNumber: 0
> homeDirectory: /home/igmar
> loginShell: /bin/bash
> mail: i.palsenberg@jdi.nl
> mail: igmar@jdi.nl
> sshPublicKey: ssh-rsa
> AAAAB3NzaC1yc2EAAAABIwAAAQEAstIe6PPMV4JfBg0W7RJy3eEkJQ5x
> wkvXctJrnS2K1GL8lnuq0OogFDzoKBI7Rw5NUYKI2p6MKm3Z8q2b+1PLx5K10W00qLr/XiIWqZGPt
> 1lw9QPo1ePM3AjmKIjzoITm2rVXCvmXg5FPWzMVL8XJHdtq3PSlhjDzvhOYeJPkU6jUal8jmU7Ger
> mquS5ZZR0EUyZQZye1N7bkKErt5lKw8fPljsBFRNMZZgulcoW8WxdDXHMymZIhpfbAia3eY5qT2mY
> GCTrYlTXgdVTj9Nn4UAoe+Kyi7i99v21oPkQFpKMSXaNzsVl6Qra3QnwqkZDHEiL3PvSyQ+JCHEzE
> FGQF2Q== igmar@igmar-palsenbergs-macbook-pro.local
> uid: igmar
> uidNumber: 500
>
> The binding user can access most objects, except the shadow entries.
> Those shouldn't be needed this mapping.
>
> postmap seems to be OK with this :
>
> [root@mail1 postfix]# postmap -q igmar@jdi.nl
> ldap:/etc/postfix/ldap-virtual.cf
> igmar
>
> The user is also known to NSS :
>
> [root@mail1 postfix]# id igmar
> uid=500(igmar) gid=0(root)
> groups=930(ecartis),5025(employee),5119(hostadm),0(root)
>
> so far so good. Postfix however, doesn't seem to like this setup :
> It keeps bouncing them with a relaying denied. It doesn't seem to
> agree that this user is local, and the machine that I'm testing from
> isn't in the mynetworks part of the postfix config.
>
> tcpdumping on port 389 confirm my suspecion : It doesn't even
> attempt to lookup the user. The things that I do see, seems to be
> originating from the NSS system.
> I'm a bit lost now here. My main.cf :
>
> [root@mail1 postfix]# cat main.cf | grep -v '^#' | grep -v '^[[:space:]]*$'
> soft_bounce = no
> queue_directory = /var/spool/postfix
> command_directory = /usr/sbin
> daemon_directory = /usr/libexec/postfix
> data_directory = /var/lib/postfix
> mail_owner = postfix
> mydomain = jdi.nl
> myorigin = $mydomain
> inet_interfaces = all
> inet_protocols = all
> mydestination = $myhostname, localhost
> unknown_local_recipient_reject_code = 550
> mynetworks_style = host
> in_flow_delay = 1s
> alias_maps = ldap:/etc/postfix/ldap-aliases.cf
> virtual_alias_maps = ldap:/etc/postfix/ldap-virtual.cf
> virtual_alias_domains = $virtual_alias_maps

Looks like you are using virtual alias domains
(http://www.postfix.org/ADDRESS_CLASS_README.html). You should check
if the intended domain (jdi.nl) is found with querying
virtual_alias_domains with something "like postmap -q jdi.nl
ldap:/etc/postfix/ldap-virtual.cf".

Regards

Andreas

This message: [ Message body ]
Next message: jonas: "Filter incoming mail by sender -> forward, otherwise autoreply"
Previous message: Igmar Palsenberg: "Re: Postfix and LDAP lookups"
In reply to: Igmar Palsenberg: "Postfix and LDAP lookups"
Next in thread: Wietse Venema: "Re: Postfix and LDAP lookups"
Reply: Wietse Venema: "Re: Postfix and LDAP lookups"
Reply: Igmar Palsenberg: "Re: Postfix and LDAP lookups"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]