On Mon, May 4, 2009 at 2:09 AM, Victor Duchovni <victor.ducho...@morganstanley.com> wrote: > On Sat, May 02, 2009 at 08:02:43PM -0300, Reinaldo de Carvalho wrote: > >> A company have a active directory with sub-domains and when postfix >> query the main ldap server, if user don't present on this server, its >> receive referrals for sub-domains ldap servers. When turn on >> chase_referrals, postfix try connect to sub-domain ldap servers, but >> don't do bind operation, and can't query the servers. > > Yes, Postfix has no crystal ball to predict what DN/password to use with a > random referral server, so binding to referral servers is not supported. > > If you use referrals, don't require binds. If you require binds, don't > use referrals, and tell Postfix about which queries to send to which > server(s). > > -- > Viktor. >
Hi Viktor, It would be interesting to have an option (in the libldap) to enable bind with same DN / password for referrals, or something like array with hostname/user/password (like a table lookup). Meanwhile is possible enable anonymous bind in target of referrals: http://www.novell.com/coolsolutions/appnote/15120.html []s -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net
