RE: FW: Postfix delivery to openldap users
Postmap -q name alone ldap:/etc/postfix/ldap.cf Is not giving any output. It returns silently. Regards Priscilla -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Brian Evans - Postfix List Sent: Wednesday, March 28, 2012 6:24 PM To: postfix-users@postfix.org Subject: Re: FW: Postfix delivery to openldap users On 3/28/2012 5:19 AM, Priscilla V wrote: We have configured to consider ldap users also in /etc/nsswitch.conf. I'm not an LDAP expert, but it seems as if you are looking up a full email address. Please be aware that alias_maps lookups only send the bare user name. Queries targeting j...@example.com will fail. : files ldap nisplus shadow: files ldap nisplus group : files ldap nisplus So virtual aliases need not be configured. Alias_maps alone is sufficient. Here is the configuration of ldap.cf server_host = hostname server_port = 389 search_base = base dn scope = sub bind = yes bind_dn = user dn bind_pw = pass version = 3 start_tls = no query_filter = (mail=%s) result_attribute = uid [snip] If all the above are OK for your case, what does postmap -q ldapuseralias ldap:/etc/postfix/ldap.cf output (where ldapuseralias is one of your ldap users)? This is good advice for testing and you should follow it. Just be sure to test the bare user name, like joe from my previous example. Brian
RE: FW: Postfix delivery to openldap users
Even after changing it to %u the postmap command is not returning any value. Regards Priscilla -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Nikolaos Milas Sent: Thursday, March 29, 2012 1:47 PM To: 'Postfix users' Subject: Re: FW: Postfix delivery to openldap users On 29/3/2012 9:03 πμ, Priscilla V wrote: Postmap -qname alone ldap:/etc/postfix/ldap.cf Is not giving any output. It returns silently. Have you changed: query_filter = (mail=%s) to: query_filter = (mail=%u) as was suggested (if you are still using alias_maps)? Ref: http://www.postfix.org/ldap_table.5.html Alternatively, use virtual_alias_maps ***even if you don't have virtual domains*** (as was also suggested). Nick
RE: FW: Postfix delivery to openldap users
It searches for mail=prisci...@domain.com and mail=Priscilla. With the present ldap.cf it returns the username only for mail=prisci...@domain.com and does not return anything for mail=Priscilla. This is the reason for the error User unknown in local recipient table. The following is the ldap log written while send email. LDAP log Mar 30 09:53:21 intml slapd[3104]: conn=1060 fd=15 ACCEPT from IP=127.0.0.1:5779 9 (IP=0.0.0.0:389) Mar 30 09:53:21 intml slapd[3104]: conn=1060 op=0 BIND dn=cn=Manager,o=domain.com method=128 Mar 30 09:53:21 intml slapd[3104]: conn=1060 op=0 BIND dn=cn=Manager,o=domain.com mech=SIMPLE ssf=0 Mar 30 09:53:21 intml slapd[3104]: conn=1060 op=0 RESULT tag=97 err=0 text= Mar 30 09:53:21 intml slapd[3104]: conn=1060 op=1 SRCH base=o=domain.com sc ope=2 deref=0 filter=(mail=prisci...@domain.com) Mar 30 09:53:21 intml slapd[3104]: conn=1060 op=1 SRCH attr=uid Mar 30 09:53:21 intml slapd[3104]: conn=1060 op=1 SEARCH RESULT tag=101 err=0 ne ntries=1 text= Mar 30 09:53:21 intml slapd[3104]: conn=1061 fd=16 ACCEPT from IP=127.0.0.1:5780 0 (IP=0.0.0.0:389) Mar 30 09:53:21 intml slapd[3104]: conn=1061 op=0 BIND dn=cn=Manager,o=domain.com method=128 Mar 30 09:53:21 intml slapd[3104]: conn=1061 op=0 BIND dn=cn=Manager,o=domain.com mech=SIMPLE ssf=0 Mar 30 09:53:21 intml slapd[3104]: conn=1061 op=0 RESULT tag=97 err=0 text= Mar 30 09:53:21 intml slapd[3104]: conn=1061 op=1 SRCH base=o=domain.com sc ope=2 deref=0 filter=(mail=priscilla) Mar 30 09:53:21 intml slapd[3104]: conn=1061 op=1 SRCH attr=uid Mar 30 09:53:21 intml slapd[3104]: conn=1061 op=1 SEARCH RESULT tag=101 err=0 ne ntries=0 text= END of LDAP log Kindly suggest some change. Regards Priscilla -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Nikolaos Milas Sent: Thursday, March 29, 2012 5:15 PM To: 'Postfix users' Subject: Re: FW: Postfix delivery to openldap users On 29/3/2012 2:13 μμ, Priscilla V wrote: Even after changing it to %u the postmap command is not returning any value. You could run: postmap -vvv -q ldapuser ldap:/etc/postfix/ldap.cf and try to see where is the problem. Also, try to run a simple ldapsearch on the same machine with the same parameters (search key, server, credentials, binddn, return attributes etc.) and see if it works. Nick
Postfix delivery to openldap users
Hi all, I am trying to deliver emails to openldap users through postfix. Here is the configuration included to lookup openldap users in main.cf. alias_maps = hash:/etc/postfix/aliases, ldap:/etc/postfix/ldap.cf Here is the configuration of ldap.cf server_host = hostname server_port = 389 search_base = base dn scope = sub bind = yes bind_dn = user dn bind_pw = pass version = 3 start_tls = no query_filter = (mail=%s) result_attribute = uid I get an unknown user error message whenever I send an email to an openldap user. I am using postfix-2.8.9 and openldap 2.4.23. Kindly help to resolve this issue. Regards Priscilla
RE: Postfix delivery to openldap users
We have not configured any virtual domains. Output of postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/postfix/aliases, ldap:/etc/postfix/ldap.cf command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = domain name myhostname = host name mynetworks = 127.0.0.0/8, LAN network myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop unknown_local_recipient_reject_code = 550 Regards Priscilla -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Nikolaos Milas Sent: Wednesday, March 28, 2012 1:25 PM To: postfix-users@postfix.org Subject: Re: Postfix delivery to openldap users On 28/3/2012 10:44 πμ, Priscilla V wrote: Here is the configuration included to lookup openldap users in main.cf. alias_maps = hash:/etc/postfix/aliases, ldap:/etc/postfix/ldap.cf Place your lookup tables in the following settings: virtual_alias_maps (for aliases) and virtual_mailbox_maps (for users). Make sure you have configured correctly: virtual_mailbox_domains and virtual_mailbox_base Post the output of postconf -n Read: http://www.postfix.org/VIRTUAL_README.html Nick
FW: Postfix delivery to openldap users
-Original Message- From: Priscilla V [mailto:prisci...@bheltry.co.in] Sent: Wednesday, March 28, 2012 2:40 PM To: 'Nikolaos Milas'; 'postfix-users@postfix.org' Subject: RE: Postfix delivery to openldap users We have configured to consider ldap users also in /etc/nsswitch.conf. : files ldap nisplus shadow: files ldap nisplus group : files ldap nisplus So virtual aliases need not be configured. Alias_maps alone is sufficient. Here is the configuration of ldap.cf server_host = hostname server_port = 389 search_base = base dn scope = sub bind = yes bind_dn = user dn bind_pw = pass version = 3 start_tls = no query_filter = (mail=%s) result_attribute = uid Regards Priscilla -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Nikolaos Milas Sent: Wednesday, March 28, 2012 2:05 PM To: postfix-users@postfix.org Subject: Re: Postfix delivery to openldap users On 28/3/2012 11:07 πμ, Priscilla V wrote: We have not configured any virtual domains. If you only use alias_maps, then you simply define a mapping between (virtual) ldap users and *local* users; alias_maps defines the alias databases that are used for *local* delivery. Your local users must already exist. In essence, your ldap users are simply aliases. If all the above are OK for your case, what does postmap -q ldapuseralias ldap:/etc/postfix/ldap.cf output (where ldapuseralias is one of your ldap users)? Also, you may want to post the content of ldap:/etc/postfix/ldap.cf. Have you read: http://www.postfix.org/VIRTUAL_README.html ? Nick
RE: Postfix delivery to openldap users
The issue is not yet solved. Regards Priscilla -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Nikolaos Milas Sent: Wednesday, March 28, 2012 2:56 PM To: postfix-users@postfix.org Subject: Re: Postfix delivery to openldap users On 28/3/2012 12:10 μμ, Priscilla V wrote: We have configured to consider ldap users also in /etc/nsswitch.conf. ... So virtual aliases need not be configured. Alias_maps alone is sufficient. Hmm, I am not sure if adding ldap local authentication at the OS level, automatically makes ldap accounts local in terms of accessibility by the *local* postfix agent... Someone more knowledgeable on this should advise you. I have setup my domain(s) in Postfix as virtual rather than as local. Good luck! Nick
