Quantcast

need help with setting LDAP search domains

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

need help with setting LDAP search domains

pandorasbox55
Hi -

I have set up LDAP search queries for delivering mail. The queries appear to be working correctly however, when checking the LDAP logs I am seeing queries for any domain that mail is sent. (In the logs, it also appears that the queries are being re-run, after the completion of a successful query, with different portions of the original email address as search data.)

From what I have read, setting the domain in the LDAP table should be what I need but I can't seem to get it to work. I have tested adding the parameter with one domain, I would like to add more than one, but I am still seeing searches being run for non-defined domains.
Any ideas?

Here's a sample of one of my LDAP alias tables:

server_host = [server:port]
version = 3
timeout = 5
search_base = [ldapsearchbase]
domain = my.domain.com
query_filter =(&(|(mail=%s)(mailAlternateAddress=%s)(mailEquivalentAddress=%s))(!(mailuserstatus=disabled)))
result_attribute = mailRoutingAddress
size_limit = 1
expansion_limit = 1

tia,
=lc
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: need help with setting LDAP search domains

Viktor Dukhovni

> On Mar 30, 2017, at 8:36 PM, pandorasbox55 <[hidden email]> wrote:
>
> From what I have read, setting the /domain/ in the LDAP table should be what
> I need

That's correct.  With "domain" set, only lookup keys of the form "[hidden email]"
where "example.com" is listed in the "domain" list will be looked up.  All other
lookup keys will bypass LDAP and return no result.

> but I can't seem to get it to work.

And yet that's how it works, so perhaps you're not interpreting your
observations correctly.  Also with multiple tables defined, some of
the tables may be missing the "domain" constraint, and these will
generate the unwanted queries.

> Here's a sample of one of my LDAP alias tables:
>
> server_host = [server:port]
> version = 3
> timeout = 5
> search_base = [ldapsearchbase]
> domain = my.domain.com

This is correct and sufficient.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: need help with setting LDAP search domains

pandorasbox55


Thanks. I got this working. 
=lc


From: [hidden email] <[hidden email]> on behalf of Viktor Dukhovni <[hidden email]>
Sent: Thursday, March 30, 2017 9:26 PM
To: Postfix
Subject: Re: need help with setting LDAP search domains
 

> On Mar 30, 2017, at 8:36 PM, pandorasbox55 <[hidden email]> wrote:
>
> From what I have read, setting the /domain/ in the LDAP table should be what
> I need

That's correct.  With "domain" set, only lookup keys of the form "[hidden email]"
where "example.com" is listed in the "domain" list will be looked up.  All other
lookup keys will bypass LDAP and return no result.

> but I can't seem to get it to work.

And yet that's how it works, so perhaps you're not interpreting your
observations correctly.  Also with multiple tables defined, some of
the tables may be missing the "domain" constraint, and these will
generate the unwanted queries.

> Here's a sample of one of my LDAP alias tables:
>
> server_host = [server:port]
> version = 3
> timeout = 5
> search_base = [ldapsearchbase]
> domain = my.domain.com

This is correct and sufficient.

--
        Viktor.

Loading...