On 2016.11.28 06.53, mailing lists wrote: > Hello all, > > I am configurating envelope sender address authorization using ldap > tables with Active Directory which has two possible attributes to > authenticate users, the legacy and short name "samaccountname" and > the long name "userprincipalname", so that I am trying is permit > authenticate with both identities and authorize as sender address > the long name. > > The ldap tables work as expected by separate, they resolve the > envelope address to the sasl identity, but making them work > simultaneously is failing because the result from the first table > seems an absolute answer and postfix ignores the second one. > > Does anyone know if there is any way to make the second check if the > first check fails to find anything?
the first check didn't fail to find anything. see below. > # grep smtpd_sender_login_maps main.cf smtpd_sender_login_maps = > ldap:/etc/postfix/check_login_sender_mail.cf, > ldap:/etc/postfix/check_login_sender_sam.cf do this instead: postconf smtpd_sender_login_maps [intentions may sometimes differ from reality ;) ] from the postfix docs: "Tables will be searched in the specified order until a match is found". in this case, a match is found [(mail=%s)], so searching stops, and the configured attribute is returned. from ldap_table(5): "result_attribute (default: maildrop). The attribute(s) Postfix will read from any directory entries. returned by the lookup[...] instead, combine the two maps: result_attribute = samaccountname, userprincipalname
