On Tue, Jan 20, 2009 at 02:43:03PM +0100, Emmanuel Lesouef wrote: > > > The problem is that when postfix receives/sends an email, it does a > > > lookup in our LDAP proxy to get postfix's group and uid. This > > > definitely ends up with a "0 entries found" which is not a problem > > > because /etc/nsswitch.conf contains the following : > > > > > > passwd: compat ldap > > > group: compat ldap > > > shadow: compat ldap > > > > > > Is there a way to tell postfix (and other services, as well) not to > > > try ldap ? > > > > Postfix does not look in /etc/nsswitch.conf. That is the job of > > the getpwnam SYSTEM LIBRARY ROUTINE. > > > > Wietse > > Ok. So I suppose I'll have to find what pam related issue this is > related to.
PAM has nothing to do with this, your nsswitch.conf specifies use of LDAP for getpwnam(3) and getgrnam(3). > In my opinion, none of the system services should bind to ldap. Don't put LDAP in nsswitch.conf if you don't want to use it, but then of course your LDAP-listed users will have trouble logging in. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the "Reply-To" header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users> If my response solves your problem, the best way to thank me is to not send an "it worked, thanks" follow-up. If you must respond, please put "It worked, thanks" in the "Subject" so I can delete these quickly.