Ok I removed that * now from the request an used "mail" as result_attribute. This works now for the local domain but not for the others. I added all the non-local domains to the parameter virtual_alias_domains and set virtual_alias_maps to ldap:/etc/postfix/virtual.cf I tested it with postmap -q nad it worked. But if I send a message to that domain I get the message back: User unknown in virtual alias table
As you wished... Postconf -n: alias_maps = hash:/etc/aliases biff = no canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix content_filter = daemon_directory = /usr/lib/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debug_peer_list = 192.168.8.111 defer_transports = delay_warning_time = 1h disable_dns_lookups = no disable_mime_output_conversion = no header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/packages/postfix-doc/html inet_protocols = all local_recipient_maps = ldap:/etc/postfix/local_recipient_maps.cf unix:passwd.byname mail_owner = postfix mail_spool_directory = /var/mail mailbox_command = mailbox_size_limit = 0 mailbox_transport = cyrus mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root message_size_limit = 0 message_strip_characters = \0 mydestination = $myhostname, localhost, $mydomain myhostname = mx-rel.unimatrix0.ch mynetworks = 192.168.8.0/24, 127.0.0.0/8 newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES relay_domains = $mydestination, hash:/etc/postfix/relay relayhost = smtp.hispeed.ch relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix-doc/samples sender_canonical_maps = hash:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_enforce_tls = no smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache smtp_tls_session_cache_timeout = 3600s smtp_use_tls = yes smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination smtpd_sasl_auth_enable = no smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_use_tls = no strict_8bitmime = no strict_rfc821_envelopes = no transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_domains = sinus-elektro.ch spinsch.ch virtual_alias_maps = ldap:/etc/postfix/virtual.cf And the content of virtual.cf bind_dn = j...@hive.loc bind_pw = ***** server_host = 192.168.8.254 #Global Catalog port server_port = 3268 search_base = DC=hive, DC=loc query_filter = proxyAddresses=smtp:%s result_attribute = mail -----Ursprüngliche Nachricht----- Von: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] Im Auftrag von Victor Duchovni Gesendet: Montag, 30. August 2010 21:54 An: postfix-users@postfix.org Betreff: Re: local_recipient_maps with LDAP On Mon, Aug 30, 2010 at 09:46:26PM +0200, Marco Rebsamen wrote: > > > search_base = DC=hive, DC=loc > > > query_filter = proxyAddresses=smtp:*...@unimatrix0.ch > > > result_attribute = proxyAddresses > > > > What is that pesky "*" doing in your query filter!!! > > It's a damn wildcard! I thought I would need it because when I tried > to find the right parameters for this LDAP request I could not find find > anything until I used this star! Get rid of it. With the "smtp:" prefix properly set to match the actual data in Microsoft's AD, you no longer need the "*" and using it lowers performance and creates backscatter when you accept invalid names that are prefixes of valid names. > > Why is "proxyAddresses" the right result attribute. I would use "mail". > > I don't know ?! Is it not ?! from where should I know that ?! By understanding what you are doing... :-( > Why do I need an email address as return anyway ?! You need some non-empty attribute as a result, ideally a single-valued one that keeps the result-set small. Using "mail" makes sense. -- Viktor.