Postfix always tries to connect to ldap on localhost

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

Postfix always tries to connect to ldap on localhost

Jakob Lenfers-8
Hi guys,

I've installed a test mail server to try to connect postfix/cyrus to
ldap. The openldap server runs on another host and is already populated
for a PDC and other services. Cyrus is running and authenticating (with
SASL/PAM) against the LDAP all right. But now I'm trying to get the
addresses recognized. I tried all kinds of configurations and postfix
still wants only to connect to localhast. I tried hostname, ip address
with ldap://, without...

root@paka2:~# cat /etc/postfix/virtual.ldap
server_host = ldap://134.102.131.4
search_base = dc=taupo, dc=gsss, dc=uni-bremen, dc=de
port = 389
bind = no
version = 3
debuglevel = 10
query_filter = (|(mail=%s)(gosaMailAlternateAddress=%s))
result_attribute = uid, gosaMailForwardingAddress
special_result_attribute = member

root@paka2:/etc/postfix# postmap -q [hidden email]
ldap:virtual.ldap
postmap: warning: dict_ldap_connect: Unable to bind to server
ldap://localhost:389 as : -1 (Can't contact LDAP server)

I'm using Ubuntu 8.04, current postfix(-ldap) 2.5.1-2. And I really
don't know what to try anymore...

[Xposted yesterday to ubuntuforums.org]

TIA!
Reply | Threaded
Open this post in threaded view
|

Re: Postfix always tries to connect to ldap on localhost

Patrick Ben Koetter
* Jakob Lenfers <[hidden email]>:

> Hi guys,
>
> I've installed a test mail server to try to connect postfix/cyrus to
> ldap. The openldap server runs on another host and is already populated
> for a PDC and other services. Cyrus is running and authenticating (with
> SASL/PAM) against the LDAP all right. But now I'm trying to get the
> addresses recognized. I tried all kinds of configurations and postfix
> still wants only to connect to localhast. I tried hostname, ip address
> with ldap://, without...
>
> root@paka2:~# cat /etc/postfix/virtual.ldap
> server_host = ldap://134.102.131.4


server_host = 134.102.131.4



> search_base = dc=taupo, dc=gsss, dc=uni-bremen, dc=de
> port = 389

There's no parameter "port". Leave it away if you use the default anyway.

> bind = no
> version = 3
> debuglevel = 10
> query_filter = (|(mail=%s)(gosaMailAlternateAddress=%s))
> result_attribute = uid, gosaMailForwardingAddress
> special_result_attribute = member
>
> root@paka2:/etc/postfix# postmap -q [hidden email]
> ldap:virtual.ldap
> postmap: warning: dict_ldap_connect: Unable to bind to server
> ldap://localhost:389 as : -1 (Can't contact LDAP server)
>
> I'm using Ubuntu 8.04, current postfix(-ldap) 2.5.1-2. And I really
> don't know what to try anymore...
>
> [Xposted yesterday to ubuntuforums.org]
>
> TIA!

--
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.

saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Reply | Threaded
Open this post in threaded view
|

Re: Postfix always tries to connect to ldap on localhost

Jakob Lenfers-8
Patrick Ben Koetter schrieb:
> * Jakob Lenfers <[hidden email]>:

>> server_host = ldap://134.102.131.4
> server_host = 134.102.131.4

Tried it, didn't work. And man ldap_table mentions both syntax forms.

>> search_base = dc=taupo, dc=gsss, dc=uni-bremen, dc=de
>> port = 389
> There's no parameter "port". Leave it away if you use the default anyway.

Oh, yeah, it would be server_port. But here as well: Tried without the
setting without any success. :(

Thanks for your answer,
Jakob
Reply | Threaded
Open this post in threaded view
|

Postfix always tries to connect to ldap on localhost

Stan Hoeppner
Jakob Lenfers put forth on 9/30/2009 3:19 AM:
> Patrick Ben Koetter schrieb:
>> * Jakob Lenfers <[hidden email]>:
>
>>> server_host = ldap://134.102.131.4
>> server_host = 134.102.131.4

I'm no expert on Postfix LDAP, but I found this interesting, and
possibly related to your issue, specifically in the last sentence of the
paragraph below.

"ldapsource_server_host"

http://www.postfix.org/ldap_table.5.html

BACKWARDS COMPATIBILITY
       For  backwards  compatibility with Postfix version 2.0 and
       earlier, LDAP parameters can also be defined  in  main.cf.
       Specify  as  LDAP  source a name that doesn't begin with a
       slash or a dot.  The LDAP parameters will then be accessi-
       ble as the name you've given the source in its definition,
       an underscore, and the name of the parameter.   For  exam-
       ple,  if  the  map  is specified as "ldap:ldapsource", the
       "server_host" parameter below would be defined in  main.cf
       as "ldapsource_server_host".


--
Stan
Reply | Threaded
Open this post in threaded view
|

Re: Postfix always tries to connect to ldap on localhost

Jakob Lenfers-8
Stan Hoeppner schrieb:

> I'm no expert on Postfix LDAP, but I found this interesting, and
> possibly related to your issue, specifically in the last sentence of the
> paragraph below.
>
> "ldapsource_server_host"
>
> http://www.postfix.org/ldap_table.5.html

That helped in some way, thanks... I put the statements into the main.cf
as described, but now I'm still curious what I did wrong...

| virtual.ldap_server_host = 134.102.131.4
| virtual.ldap_search_base = ou=Users, dc=taupo, dc=gsss, dc=uni-bremen,
dc=de
| virtual.ldap_bind = no
| virtual.ldap_version = 3
| #virtual.ldap_debuglevel = 10
| virtual.ldap_query_filter = (|(mail=%s)(gosaMailAlternateAddress=%s))
| virtual.ldap_result_attribute = uid, gosaMailForwardingAddress
| virtual.ldap_special_result_attribute = member

And I don't get, why postconf -n doesn't show my virtual.ldap-entries...

| root@paka2:/etc/postfix# postconf -n
| alias_database = hash:/etc/aliases
| alias_maps = hash:/etc/aliases
| append_dot_mydomain = no
| biff = no
| config_directory = /etc/postfix
| inet_interfaces = all
| mailbox_size_limit = 0
| mydestination = paka2.bigsss-bremen.de, paka2, localhost.localdomain,
localhost
| myhostname = paka2
| mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
| myorigin = /etc/mailname
| readme_directory = no
| recipient_delimiter = +
| relayhost =
| smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
| smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
| smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
| smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
| smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
| smtpd_use_tls = yes
| virtual_alias_maps = ldap:/etc/postfix/virtual.ldap

Jakob
Reply | Threaded
Open this post in threaded view
|

Postfix always tries to connect to ldap on localhost

Stan Hoeppner
Jakob Lenfers put forth on 9/30/2009 5:43 AM:

> Stan Hoeppner schrieb:
>
>> I'm no expert on Postfix LDAP, but I found this interesting, and
>> possibly related to your issue, specifically in the last sentence of the
>> paragraph below.
>>
>> "ldapsource_server_host"
>>
>> http://www.postfix.org/ldap_table.5.html
>
> That helped in some way, thanks... I put the statements into the main.cf
> as described, but now I'm still curious what I did wrong...

So, is it querying the remote LDAP server correctly now?  If so, you're
welcome, and I'm glad it's working for you.

--
Stan



> | virtual.ldap_server_host = 134.102.131.4
> | virtual.ldap_search_base = ou=Users, dc=taupo, dc=gsss, dc=uni-bremen,
> dc=de
> | virtual.ldap_bind = no
> | virtual.ldap_version = 3
> | #virtual.ldap_debuglevel = 10
> | virtual.ldap_query_filter = (|(mail=%s)(gosaMailAlternateAddress=%s))
> | virtual.ldap_result_attribute = uid, gosaMailForwardingAddress
> | virtual.ldap_special_result_attribute = member
>
> And I don't get, why postconf -n doesn't show my virtual.ldap-entries...
>
> | root@paka2:/etc/postfix# postconf -n
> | alias_database = hash:/etc/aliases
> | alias_maps = hash:/etc/aliases
> | append_dot_mydomain = no
> | biff = no
> | config_directory = /etc/postfix
> | inet_interfaces = all
> | mailbox_size_limit = 0
> | mydestination = paka2.bigsss-bremen.de, paka2, localhost.localdomain,
> localhost
> | myhostname = paka2
> | mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
> | myorigin = /etc/mailname
> | readme_directory = no
> | recipient_delimiter = +
> | relayhost =
> | smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> | smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
> | smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
> | smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
> | smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> | smtpd_use_tls = yes
> | virtual_alias_maps = ldap:/etc/postfix/virtual.ldap
>
> Jakob

Reply | Threaded
Open this post in threaded view
|

Re: Postfix always tries to connect to ldap on localhost

Jakob Lenfers-8
Stan Hoeppner schrieb:
> Jakob Lenfers put forth on 9/30/2009 5:43 AM:
>> Stan Hoeppner schrieb:

>>> "ldapsource_server_host"
>>>
>>> http://www.postfix.org/ldap_table.5.html
>> That helped in some way, thanks... I put the statements into the main.cf
>> as described, but now I'm still curious what I did wrong...
> So, is it querying the remote LDAP server correctly now?  If so, you're
> welcome, and I'm glad it's working for you.


It did (Thanks, really :)), but I'm quite puzzled why I cannot define it
in an external file. This method is only there for compatibility, so it
will vanish someday...

Jakob
Reply | Threaded
Open this post in threaded view
|

Re: Postfix always tries to connect to ldap on localhost

Victor Duchovni
On Wed, Sep 30, 2009 at 05:00:46PM +0200, Jakob Lenfers wrote:

> Stan Hoeppner schrieb:
> > Jakob Lenfers put forth on 9/30/2009 5:43 AM:
> >> Stan Hoeppner schrieb:
>
> >>> "ldapsource_server_host"
> >>>
> >>> http://www.postfix.org/ldap_table.5.html
> >> That helped in some way, thanks... I put the statements into the main.cf
> >> as described, but now I'm still curious what I did wrong...
> > So, is it querying the remote LDAP server correctly now?  If so, you're
> > welcome, and I'm glad it's working for you.
>
>
> It did (Thanks, really :)), but I'm quite puzzled why I cannot define it
> in an external file. This method is only there for compatibility, so it
> will vanish someday...

The file name has to start with a "/":

        ldap:/some/file.cf

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: Postfix always tries to connect to ldap on localhost

Patrick Ben Koetter
* Victor Duchovni <[hidden email]>:

> On Wed, Sep 30, 2009 at 05:00:46PM +0200, Jakob Lenfers wrote:
>
> > Stan Hoeppner schrieb:
> > > Jakob Lenfers put forth on 9/30/2009 5:43 AM:
> > >> Stan Hoeppner schrieb:
> >
> > >>> "ldapsource_server_host"
> > >>>
> > >>> http://www.postfix.org/ldap_table.5.html
> > >> That helped in some way, thanks... I put the statements into the main.cf
> > >> as described, but now I'm still curious what I did wrong...
> > > So, is it querying the remote LDAP server correctly now?  If so, you're
> > > welcome, and I'm glad it's working for you.
> >
> >
> > It did (Thanks, really :)), but I'm quite puzzled why I cannot define it
> > in an external file. This method is only there for compatibility, so it
> > will vanish someday...
>
> The file name has to start with a "/":
>
> ldap:/some/file.cf

What happens if you don't use it properly? Why does it fall back to using
localhost then?

It can't find the file and falls back to defaults which is localhost for
$server_host, right?

Shouldn't it complain it can't find the specified file?

p@rick


--
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.

saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Reply | Threaded
Open this post in threaded view
|

Re: Postfix always tries to connect to ldap on localhost

Victor Duchovni
On Wed, Sep 30, 2009 at 11:26:30PM +0200, Patrick Ben Koetter wrote:

> > The file name has to start with a "/":
> >
> > ldap:/some/file.cf
>
> What happens if you don't use it properly? Why does it fall back to using
> localhost then?

The table name is assumed to refer to a parameter prefix, rather than a
file-name, and in the absense of explicit settings for said parameters,
they all take the documented default values.

> It can't find the file and falls back to defaults which is localhost for
> $server_host, right?

It can't file the "prefix_..." variables, and assigns default values.

> Shouldn't it complain it can't find the specified file?

There is no specified file. To specify a file, start with a "/", and
then if the file is not found, an error is raised.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Postfix always tries to connect to ldap on localhost

Stan Hoeppner
In reply to this post by Jakob Lenfers-8
Jakob Lenfers put forth on 9/30/2009 10:00 AM:

> Stan Hoeppner schrieb:
>> Jakob Lenfers put forth on 9/30/2009 5:43 AM:
>>> Stan Hoeppner schrieb:
>
>>>> "ldapsource_server_host"
>>>>
>>>> http://www.postfix.org/ldap_table.5.html
>>> That helped in some way, thanks... I put the statements into the main.cf
>>> as described, but now I'm still curious what I did wrong...
>> So, is it querying the remote LDAP server correctly now?  If so, you're
>> welcome, and I'm glad it's working for you.
>
>
> It did (Thanks, really :)), but I'm quite puzzled why I cannot define it
> in an external file. This method is only there for compatibility, so it
> will vanish someday...

I don't think this will vanish any time soon.  All you've done is move
your config declarations from an external file into main.cf.  Postfix
parses all the config files at startup and reads all the configuration
data into its working set.  In many(most?) cases, it doesn't matter
where (within which file) you define something as long as the definition
is valid for your version of postfix.  Defining in main.cf can sometimes
shed light on things, as it did in this case, which is kinda why I
recommended those instructions. ;)

This isn't true for _all_ parameters, but for many you can put them
right into main.cf and it'll work fine.  Wietse and Victor can explain
this far better than me.  It's not the preferred method, as it clutters
main.cf.  The more cluttered your main.cf is, the more difficult it can
be to troubleshoot some things.  As I understand it, this is the main
reason/goal behind separating various things out into multiple config
files--it keeps things more organized and easier to troubleshoot.  I.e.
it's more organizational than functional in nature.

So, now, after implementing Victor's advice about the filename leading
"/", comment out the lines in main.cf, and copy them back into your
external config file and see if it works.

--
Stan
Reply | Threaded
Open this post in threaded view
|

Re: Postfix always tries to connect to ldap on localhost

Jakob Lenfers-8
In reply to this post by Victor Duchovni
Victor Duchovni schrieb:
> On Wed, Sep 30, 2009 at 11:26:30PM +0200, Patrick Ben Koetter wrote:

>>> ldap:/some/file.cf

Thanks, that solved it. *shame*

>> What happens if you don't use it properly? Why does it fall back to using
>> localhost then?
> The table name is assumed to refer to a parameter prefix, rather than a
> file-name, and in the absense of explicit settings for said parameters,
> they all take the documented default values.

I find the manpage not clear on that issue, perhaps it could be said
more explicitly here...
|        file_name
|               The name of the lookup table source file when rebuilding
a database.

Jakob
Reply | Threaded
Open this post in threaded view
|

Re: Postfix always tries to connect to ldap on localhost

Victor Duchovni
On Thu, Oct 01, 2009 at 09:35:02AM +0200, Jakob Lenfers wrote:

> I find the manpage not clear on that issue, perhaps it could be said
> more explicitly here...
> |        file_name
> |               The name of the lookup table source file when rebuilding
> a database.

    http://www.postfix.org/ldap_table.5.html

    BACKWARDS COMPATIBILITY
       For  backwards  compatibility with Postfix version 2.0 and
       earlier, LDAP parameters can also be defined  in  main.cf.
       Specify  as  LDAP  source a name that doesn't begin with a
       slash or a dot.  The LDAP parameters will then be accessi-
       ble as the name you've given the source in its definition,
       an underscore, and the name of the parameter.   For  exam-
       ple,  if  the  map  is specified as "ldap:ldapsource", the
       "server_host" parameter below would be defined in  main.cf
       as "ldapsource_server_host".

I see no mention of "file_name" in ldap_table(5).

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.